CVE-2020-8517Improper Input Validation in Squid

CWE-20Improper Input ValidationCWE-787Out-of-bounds WriteCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents8 sources
Severity
7.5HIGHNVD
EPSS
0.8%
top 25.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
SquidSquid-cache SquidCanonical Ubuntu Linux+1 more
Timeline
PublishedFeb 4
Latest updateMay 24

Description

An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating and a denial of service for all clients using the proxy.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDsquid-cache/squid< 4.10
Debiansquid/squid< 4.10-1+3
NVDopensuse/leap15.1

Also affects: Ubuntu Linux 16.04, 18.04, 19.10

Patches

Patch: www.squid-cache.orgPatch: www.squid-cache.org

🔴Vulnerability Details

3
GHSA
GHSA-8hwj-cjrf-5wh2: An issue was discovered in Squid before 42022-05-24
CVEList
CVE-2020-8517: An issue was discovered in Squid before 42020-02-04
OSV
CVE-2020-8517: An issue was discovered in Squid before 42020-02-04

📋Vendor Advisories

3
Ubuntu
Squid vulnerabilities2020-02-20
Red Hat
squid: Buffer Overflow in ext_lm_group_acl helper2020-02-02
Debian
CVE-2020-8517: squid - An issue was discovered in Squid before 4.10. Due to incorrect input validation,...2020

💬Community

2
Bugzilla
CVE-2020-8517 squid: Buffer Overflow in ext_lm_group_acl helper [fedora-all]2020-02-05
Bugzilla
CVE-2020-8517 squid: Buffer Overflow in ext_lm_group_acl helper2020-02-05
CVE-2020-8517 — Improper Input Validation in Squid | cvebase