Versions of Squid 3.4.x prior to 3.4.8 are potentially affected by by the following vulnerabilities :
An off-by-one overflow flaw exists within the SNMP processing component. By using a specially crafted UDP SNMP request, a remote attacker could exploit this to cause a denial of service or possibly execute arbitrary code. (CVE-2014-6270)
There exists an array indexing flaw in the node pinger that is triggered when parsing ICMP and ICMPv6 replies, which may allow a remote attacker to crash the pinger or obtain sensitive information. (CVE-2014-7141)
The node pinger has a flaw in function ‘Icmp4::Recv’ in file ‘icmp/Icmp4.cc’ that is triggered when parsing ICMP or ICMPv6 responses. A remote attacker could exploit this to crash the pinger or obtain sensitive information. (CVE-2014-7142)
Binary data 8634.prm
Vendor | Product | Version | CPE |
---|---|---|---|
squid-cache | squid | cpe:/a:squid-cache:squid |