Lucene search
Tenable9774.PRMHistoryNov 11, 2016 - 12:00 a.m.
Squid 3.5.x < 3.5.15 Multiple Vulnerabilities
2016-11-1100:00:00
Tenable
www.tenable.com
8
Versions of Squid 3.5.x prior to 3.5.15 are affected by multiple vulnerabilities :
- A flaw is triggered when performing improper bounds checks on specially crafted HTTP responses. This may allow a remote attacker to cause a denial of service.
- A flaw is triggered as bounds are not properly checked when processing HTTP responses. This may allow a remote attacker to cause a denial of service for all clients accessing the service.
- An overflow condition exists in the βIcmp6::Recv()β function in βicmp/Icmp6.ccβ of the pinger binary. The issue is triggered as user-supplied input is not properly validated when handling specially crafted ICMPv6 packets. This may allow a remote attacker to cause a buffer overflow, crashing the pinger process or potentially leaking data into log files.
Binary data 9774.prm| Vendor | Product | Version | CPE |
|---|---|---|---|
| squid-cache | squid | cpe:/a:squid-cache:squid |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2569
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2570
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3947
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3948
www.squid-cache.org/Advisories/SQUID-2016_4.txt
www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14016.patch