CVE-2020-8449 — Resource Exposure in Squid

CWE-668 — Resource Exposure CWE-20 — Improper Input Validation10 documents8 sources

Severity

7.5HIGHNVD

EPSS

4.0%

top 11.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Squid Squid-cache Squid Canonical Ubuntu Linux +3 more

Timeline

PublishedFeb 4

Latest updateMay 24

Description

An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDsquid-cache/squid< 4.10

▶Debiansquid/squid< 4.10-1+3

▶NVDopensuse/leap15.1

Also affects: Debian Linux 10.0, 9.0, Fedora 30, 31, Ubuntu Linux 16.04, 18.04, 19.10

Patches

Patch: www.squid-cache.org ↗Patch: www.squid-cache.org ↗Patch: www.squid-cache.org ↗

🔴Vulnerability Details

GHSA

GHSA-rmc2-g977-jr5r: An issue was discovered in Squid before 4↗2022-05-24

▶

OSV

squid, squid3 vulnerabilities↗2020-02-20

▶

OSV

CVE-2020-8449: An issue was discovered in Squid before 4↗2020-02-04

▶

CVEList

CVE-2020-8449: An issue was discovered in Squid before 4↗2020-02-04

▶

📋Vendor Advisories

Ubuntu

Squid vulnerabilities↗2020-02-20

▶

Red Hat

squid: Improper input validation issues in HTTP Request processing↗2020-02-03

▶

Debian

CVE-2020-8449: squid - An issue was discovered in Squid before 4.10. Due to incorrect input validation,...↗2020

▶

💬Community

Bugzilla

CVE-2020-8449 squid: Improper input validation issues in HTTP Request processing [fedora-all]↗2020-02-05

▶

Bugzilla

CVE-2020-8449 squid: Improper input validation issues in HTTP Request processing↗2020-02-05

▶