CVE-2014-7141

Severity

64%

Complexity

99%

Confidentiality

81%

The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet.

The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet.

CVSS 2.0 Base Score 6.4. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:P).

Overview

Type

squid-cache

First reported 10 years ago

2014-11-26 15:59:00

Last updated 8 years ago

2016-11-28 19:12:00

Affected Software

squid-cache.org Squid 3.1.1

3.1.1

squid-cache.org Squid 3.1.2

3.1.2

squid-cache.org Squid 3.1.3

3.1.3

squid-cache.org Squid 3.1.4

3.1.4

squid-cache.org Squid 3.1.5

3.1.5

squid-cache.org Squid 3.1.5.1

3.1.5.1

squid-cache.org Squid 3.1.6

3.1.6

squid-cache.org Squid 3.1.7

3.1.7

squid-cache.org Squid 3.1.8

3.1.8

squid-cache.org Squid 3.1.9

3.1.9

squid-cache.org Squid 3.1.10

3.1.10

squid-cache.org Squid 3.1.11

3.1.11

squid-cache.org Squid 3.1.12

3.1.12

squid-cache.org Squid 3.1.13

3.1.13

squid-cache.org Squid 3.1.14

3.1.14

squid-cache.org Squid 3.1.15

3.1.15

squid-cache Squid 3.1.16

3.1.16

squid-cache Squid 3.1.21

3.1.21

squid-cache Squid 3.1.22

3.1.22

squid-cache.org Squid 3.2.0.1

3.2.0.1

squid-cache.org Squid 3.2.0.2

3.2.0.2

squid-cache.org Squid 3.2.0.3

3.2.0.3

squid-cache.org Squid 3.2.0.4

3.2.0.4

squid-cache.org Squid 3.2.0.5

3.2.0.5

squid-cache.org Squid 3.2.0.6

3.2.0.6

squid-cache.org Squid 3.2.0.7

3.2.0.7

squid-cache.org Squid 3.2.0.8

3.2.0.8

squid-cache.org Squid 3.2.0.9

3.2.0.9

squid-cache.org Squid 3.2.0.10

3.2.0.10

squid-cache.org Squid 3.2.0.11

3.2.0.11

squid-cache.org Squid 3.2.0.12

3.2.0.12

squid-cache.org Squid 3.2.0.13

3.2.0.13

squid-cache.org Squid 3.2.0.14

3.2.0.14

squid-cache.org Squid 3.2.0.15

3.2.0.15

squid-cache.org Squid 3.2.0.16

3.2.0.16

squid-cache.org Squid 3.2.0.17

3.2.0.17

squid-cache.org Squid 3.2.0.18

3.2.0.18

squid-cache.org Squid 3.2.0.19

3.2.0.19

squid-cache.org Squid 3.2.1

3.2.1

squid-cache.org Squid 3.2.2

3.2.2

squid-cache.org Squid 3.2.3

3.2.3

squid-cache.org Squid 3.2.4

3.2.4

squid-cache.org Squid 3.2.5

3.2.5

squid-cache.org Squid 3.2.6

3.2.6

squid-cache.org Squid 3.2.7

3.2.7

squid-cache.org Squid 3.2.8

3.2.8

squid-cache.org Squid 3.2.9

3.2.9

squid-cache.org Squid 3.2.10

3.2.10

squid-cache.org Squid 3.2.11

3.2.11

squid-cache.org Squid 3.2.12

3.2.12

squid-cache.org Squid 3.3.0

3.3.0

squid-cache.org Squid 3.3.0.2

3.3.0.2

squid-cache.org Squid 3.3.0.3

3.3.0.3

squid-cache.org Squid 3.3.1

3.3.1

squid-cache.org Squid 3.3.2

3.3.2

squid-cache.org Squid 3.3.3

3.3.3

squid-cache.org Squid 3.3.4

3.3.4

squid-cache.org Squid 3.3.5

3.3.5

squid-cache.org Squid 3.3.6

3.3.6

squid-cache.org Squid 3.3.7

3.3.7

squid-cache.org Squid 3.3.8

3.3.8

squid-cache.org Squid 3.3.9

3.3.9

squid-cache.org Squid 3.3.10

3.3.10

squid-cache.org Squid 3.3.11

3.3.11

squid-cache.org Squid 3.3.12

3.3.12

squid-cache.org Squid 3.4.0.1

3.4.0.1

squid-cache.org Squid 3.4.0.2

3.4.0.2

squid-cache.org Squid 3.4.0.3

3.4.0.3

squid-cache.org Squid 3.4.1

3.4.1

squid-cache.org Squid 3.4.2

3.4.2

squid-cache.org Squid 3.4.3

3.4.3

squid-cache.org Squid 3.4.4

3.4.4

squid-cache Squid 3.4.5

3.4.5

squid-cache Squid 3.4.6

3.4.6

squid-cache Squid 3.4.7

3.4.7

References

SUSE-SU-2016:1996

SUSE-SU-2016:2089

[oss-security] 20140909 CVE-Request: squid pinger remote DoS

[oss-security] 20140916 Re: CVE-Request: squid pinger remote DoS

[oss-security] 20140922 Re: CVE-Request: squid pinger remote DoS

60242

USN-2422-1

Patch, Vendor Advisory

69688

http://www.squid-cache.org/Advisories/SQUID-2014_4.txt

Vendor Advisory

https://bugzilla.novell.com/show_bug.cgi?id=891268

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.