7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
squid is vulnerable to denial of service (DoS). The vulnerability exists through an incorrect pointer handling issue in HTTP processing and certificate download.
CPE | Name | Operator | Version |
---|---|---|---|
squid | eq | 3.5.20__12.el7_6.1 | |
squid:3.4 | eq | 3.5.23-r0 | |
squid | eq | 3.5.20__12.el7_6.1 | |
squid:3.4 | eq | 3.5.23-r0 |
www.squid-cache.org/Advisories/SQUID-2018_2.txt
www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_2.patch
www.squid-cache.org/Versions/v4/changesets/SQUID-2018_2.patch
access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.8_release_notes/index
access.redhat.com/errata/RHSA-2020:1068
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1680022
bugzilla.redhat.com/show_bug.cgi?id=1717430
github.com/squid-cache/squid/pull/129/files
lists.debian.org/debian-lts-announce/2018/02/msg00001.html
lists.debian.org/debian-lts-announce/2018/02/msg00002.html
usn.ubuntu.com/3557-1/
usn.ubuntu.com/4059-2/
www.debian.org/security/2018/dsa-4122
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P