CVE-2014-0128Improper Input Validation in Squid

CWE-20Improper Input Validation8 documents7 sources
Severity
5.0MEDIUMNVD
EPSS
55.0%
top 1.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
OpensuseSquid-cache Squid
Timeline
PublishedApr 14
Latest updateMay 14

Description

Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDsquid-cache/squid86 versions+85

🔴Vulnerability Details

3
GHSA
GHSA-m2w9-x6qf-9vf9: Squid 32022-05-14
OSV
CVE-2014-0128: Squid 32014-04-14
CVEList
CVE-2014-0128: Squid 32014-04-14

📋Vendor Advisories

2
Red Hat
squid: denial of service when using SSL-Bump2014-03-09
Debian
CVE-2014-0128: squid - Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows r...2014

💬Community

2
Bugzilla
CVE-2014-0128 squid: denial of service when using SSL-Bump2014-03-11
Bugzilla
CVE-2014-0128 squid: denial of service when using SSL-Bump [fedora-all]2014-03-11
CVE-2014-0128 — Improper Input Validation in Squid | cvebase