The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.
References
Link | Resource |
---|---|
http://seclists.org/oss-sec/2014/q3/613 | Third Party Advisory |
https://bugzilla.novell.com/show_bug.cgi?id=891268 | Issue Tracking Third Party Advisory VDB Entry |
http://www.squid-cache.org/Advisories/SQUID-2014_4.txt | Vendor Advisory |
http://ubuntu.com/usn/usn-2422-1 | Vendor Advisory |
http://seclists.org/oss-sec/2014/q3/626 | Third Party Advisory |
http://seclists.org/oss-sec/2014/q3/539 | Third Party Advisory |
http://secunia.com/advisories/60242 | Permissions Required Third Party Advisory |
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html | Third Party Advisory |
http://www.securityfocus.com/bid/70022 | |
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html | |
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Information
Published : 2014-11-26 07:59
Updated : 2016-11-28 11:12
NVD link : CVE-2014-7142
Mitre link : CVE-2014-7142
JSON object : View
CWE
CWE-20
Improper Input Validation
Products Affected
squid-cache
- squid
canonical
- ubuntu_linux
oracle
- solaris