CVE-2014-7142 — Improper Input Validation in Squid

CWE-20 — Improper Input Validation CWE-129 — Improper Validation of Array Index9 documents8 sources

Severity

6.4MEDIUMNVD

EPSS

64.2%

top 1.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Squid Canonical Ubuntu Linux Oracle Solaris +1 more

Timeline

PublishedNov 26

Latest updateMay 17

Description

The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.

CVSS vector

AV:N/AC:L/C:P/I:N/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages3 packages

▶Debiansquid/squid< 4.1-1+3

▶NVDsquid-cache/squid80 versions+79

▶NVDoracle/solaris11.2

Also affects: Ubuntu Linux 14.04, 14.10

🔴Vulnerability Details

GHSA

GHSA-rrff-4cvp-7q5p: The pinger in Squid 3↗2022-05-17

▶

OSV

CVE-2014-7142: The pinger in Squid 3↗2014-11-26

▶

CVEList

CVE-2014-7142: The pinger in Squid 3↗2014-11-26

▶

📋Vendor Advisories

Ubuntu

Squid vulnerabilities↗2014-11-25

▶

Red Hat

squid: pinger incorrect input validation flaw in handling of ICMP replies (SQUID-2014:4)↗2014-09-16

▶

Debian

CVE-2014-7142: squid - The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive...↗2014

▶

💬Community

Bugzilla

CVE-2016-3947 squid: buffer overrun in Squid proxy pinger↗2016-04-04

▶

Bugzilla

CVE-2014-7142 squid: pinger incorrect input validation flaw in handling of ICMP replies (SQUID-2014:4)↗2014-10-02

▶