CVE-2014-7142
published 2014-11-26CVE-2014-7142: The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2)…
PriorityP337medium6.4CVSS 2.0
AVNACLAuNCPINAP
EPSS
24.93%
97.6th percentile
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.
Affected
88 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | squid | < squid 4.1-1 (bookworm) | squid 4.1-1 (bookworm) |
| oracle | solaris | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Target the Squid 'pinger' subprocess specifically — the vulnerability exists only in the pinger program (not the main squid process), triggered by crafted ICMP or ICMPv6 packets with malformed packet size fields. ↗
- →The root cause is an integer underflow when computing the size of the ICMP reply data (preply.psize), leading to an attempt to copy a very large amount of data and crashing the pinger process. Detection should focus on anomalously sized ICMP reply packets sent to a Squid host. ↗
- →CVE-2014-7142 only affects ICMP (v4) handling in the pinger; ICMPv6 had a similar but separately patched check. Monitor for unexpected crashes of the pinger subprocess on Squid 3.x < 3.4.8 hosts. ↗
- →The fix was introduced in upstream Squid revision 13583 (Launchpad bazaar). Verify patched deployments by confirming Squid version >= 3.4.8 or the presence of this commit. ↗
- →The pinger binary is setuid root; a successful exploit of the integer underflow may also leak sensitive heap data into Squid log files, so review Squid logs for unexpected binary/heap content following ICMP traffic anomalies. ↗
- ·The vulnerable 'pinger' binary is NOT built or shipped in Red Hat Enterprise Linux 5, 6, or 7 packages, nor in Fedora squid packages — these platforms are not affected even though the vulnerable source code is present. ↗
- ·The vulnerability only affects Squid 3.x; Squid 2.x is not affected by CVE-2014-7142 (though it has a related ICMPv4 array overread issue tracked separately). ↗
- ·A crash caused by this CVE only affects the external pinger subprocess, not the main Squid process, limiting the direct availability impact to the pinger component. ↗
CVSS provenance
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:P
osv6.4MEDIUM
vendor_debian6.4MEDIUM
vendor_redhat6.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Squid vulnerabilities
vendor_ubuntu·2014-11-25
CVE-2014-7141 Squid vulnerabilities
Title: Squid vulnerabilities
Summary: Squid could be made to crash if it received specially crafted network
traffic.
Sebastian Krahmer discovered that the Squid pinger incorrectly handled
certain malformed ICMP packets. A remote attacker could possibly use this
issue to cause Squid to crash, resulting in a denial of service.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
squid: pinger incorrect input validation flaw in handling of ICMP replies (SQUID-2014:4)
vendor_redhat·2014-09-16·CVSS 6.4
CVE-2014-7142 [MEDIUM] CWE-129 squid: pinger incorrect input validation flaw in handling of ICMP replies (SQUID-2014:4)
squid: pinger incorrect input validation flaw in handling of ICMP replies (SQUID-2014:4)
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.
Statement: This issue did not affect the versions of squid as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they do not provide the vulnerable program "pinger".
Package: squid (Red Hat Enterprise Linux 4) - Not affected
Package: squid (Red Hat Enterprise Linux 5) - Not affected
Package: squid (Red Hat Enterprise Linux 6) - Not affected
Package: squid (Red Hat Enterprise Linux 7) - Not affected
Debian
CVE-2014-7142: squid - The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive...
vendor_debian·2014·CVSS 6.4
CVE-2014-7142 [MEDIUM] CVE-2014-7142: squid - The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive...
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.
Scope: local
bookworm: resolved (fixed in 4.1-1)
bullseye: resolved (fixed in 4.1-1)
forky: resolved (fixed in 4.1-1)
sid: resolved (fixed in 4.1-1)
trixie: resolved (fixed in 4.1-1)
GHSA
GHSA-rrff-4cvp-7q5p: The pinger in Squid 3
ghsa_unreviewed·2022-05-17
CVE-2014-7142 [MEDIUM] CWE-20 GHSA-rrff-4cvp-7q5p: The pinger in Squid 3
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.
OSV
CVE-2014-7142: The pinger in Squid 3
osv·2014-11-26·CVSS 6.4
CVE-2014-7142 [MEDIUM] CVE-2014-7142: The pinger in Squid 3
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-3947 squid: buffer overrun in Squid proxy pinger
bugzilla·2016-04-04·CVSS 6.4
CVE-2016-3947 [MEDIUM] CVE-2016-3947 squid: buffer overrun in Squid proxy pinger
CVE-2016-3947 squid: buffer overrun in Squid proxy pinger
A buffer overrun (on write(2)) has been found in Squid proxy 'pinger'
process that allows an attacker to craft ICMPv6 messages that will
either crash the child process (if the OS protects against over-write)
or alter heap contents allowing the attacker to bypass CVE-2014-7142
protection and leak arbitrary heap data into the Squid log files. The
pinger is setuid root (though it does drop those privileges prior to
this attack being possible).
Upstream fix:
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14015.patch
External references:
http://www.squid-cache.org/Advisories/SQUID-2016_3.txt
References:
http://seclists.org/oss-sec/2016/q2/2
Discussion:
Created squid tracking bugs for this issue:
Affects: fedora
Bugzilla
CVE-2014-7142 squid: pinger incorrect input validation flaw in handling of ICMP replies (SQUID-2014:4)
bugzilla·2014-10-02·CVSS 6.4
CVE-2014-7142 [MEDIUM] CVE-2014-7142 squid: pinger incorrect input validation flaw in handling of ICMP replies (SQUID-2014:4)
CVE-2014-7142 squid: pinger incorrect input validation flaw in handling of ICMP replies (SQUID-2014:4)
Another flaw was reported in the Squid pinger program due to incorrect input validation. This could be used to cause a Denial of Service or information leak when the pinger program processes ICMP or ICMPv6 packets.
While this problem exists in the source code of squid packages as shipped with Red Hat Enterprise Linux 6 and 7, as well as current Fedora releases, the program itself is not built.
Statement:
This issue did not affect the versions of squid as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they do not provide the vulnerable program "pinger".
External References:
http://www.squid-cache.org/Advisories/SQUID-2014_4.txt
Discussion:
Upstream commit:
http://bazaar.la
Bugzilla
CVE-2014-7141 squid: pinger OOB array index flaw in handling of ICMP replies (SQUID-2014:4)
bugzilla·2014-09-09·CVSS 6.4
CVE-2014-7141 [MEDIUM] CVE-2014-7141 squid: pinger OOB array index flaw in handling of ICMP replies (SQUID-2014:4)
CVE-2014-7141 squid: pinger OOB array index flaw in handling of ICMP replies (SQUID-2014:4)
It was discovered [1] that pinger code that checks for nodes being alive doesn't
properly validate ICMP and ICMPv6 replies, in particular icmp6 types which are used to index into a string array. This could cause crashes when the index is OOB.
CVE reuqested at [1] too, and a patch is available at [2].
It looks like you can only DoS the pinger sub-system, not the whole squid though.
[1]: http://seclists.org/oss-sec/2014/q3/539
[2]: https://bugzilla.novell.com/show_bug.cgi?id=891268
Discussion:
Created squid tracking bugs for this issue:
Affects: fedora-all [bug 1139721]
---
This issue affects handling of ICMPv6 replies. The code uses an ICMP type value from the received packet, ands the value
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.htmlhttp://seclists.org/oss-sec/2014/q3/539http://seclists.org/oss-sec/2014/q3/613http://seclists.org/oss-sec/2014/q3/626http://secunia.com/advisories/60242http://ubuntu.com/usn/usn-2422-1http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlhttp://www.securityfocus.com/bid/70022http://www.squid-cache.org/Advisories/SQUID-2014_4.txthttps://bugzilla.novell.com/show_bug.cgi?id=891268http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.htmlhttp://seclists.org/oss-sec/2014/q3/539http://seclists.org/oss-sec/2014/q3/613http://seclists.org/oss-sec/2014/q3/626http://secunia.com/advisories/60242http://ubuntu.com/usn/usn-2422-1http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlhttp://www.securityfocus.com/bid/70022http://www.squid-cache.org/Advisories/SQUID-2014_4.txthttps://bugzilla.novell.com/show_bug.cgi?id=891268
2014-11-26
Published