Published: 26/11/2014 Updated: 28/11/2016

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

VMScore: 570

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

The pinger in Squid 3.x prior to 3.4.8 allows remote malicious users to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet.

Vulnerable Product	Search on Vulmon	Subscribe to Product
squid-cache squid 3.4.1
squid-cache squid 3.4.0.3
squid-cache squid 3.1.14
squid-cache squid 3.1.15
squid-cache squid 3.1.21
squid-cache squid 3.1.22
squid-cache squid 3.1.8
squid-cache squid 3.1.9
squid-cache squid 3.2.0.1
squid-cache squid 3.2.0.16
squid-cache squid 3.2.0.17
squid-cache squid 3.2.0.6
squid-cache squid 3.2.0.7
squid-cache squid 3.2.3
squid-cache squid 3.2.4
squid-cache squid 3.3.0.1
squid-cache squid 3.3.0.2
squid-cache squid 3.3.3
squid-cache squid 3.3.4
squid-cache squid 3.4.7
squid-cache squid 3.4.6
squid-cache squid 3.4.0.2
squid-cache squid 3.4.0.1
squid-cache squid 3.1.1
squid-cache squid 3.1.16
squid-cache squid 3.1.17
squid-cache squid 3.1.3
squid-cache squid 3.1.4
squid-cache squid 3.2.0.10
squid-cache squid 3.2.0.11
squid-cache squid 3.2.0.18
squid-cache squid 3.2.0.19
squid-cache squid 3.2.0.8
squid-cache squid 3.2.0.9
squid-cache squid 3.2.5
squid-cache squid 3.2.6
squid-cache squid 3.3.0.3
squid-cache squid 3.3.1
squid-cache squid 3.3.5
squid-cache squid 3.3.6
squid-cache squid 3.4.5
squid-cache squid 3.4.4
squid-cache squid 3.1.10
squid-cache squid 3.1.11
squid-cache squid 3.1.18
squid-cache squid 3.1.19
squid-cache squid 3.1.5
squid-cache squid 3.1.5.1
squid-cache squid 3.2.0.12
squid-cache squid 3.2.0.13
squid-cache squid 3.2.0.2
squid-cache squid 3.2.0.3
squid-cache squid 3.2.1
squid-cache squid 3.2.10
squid-cache squid 3.2.7
squid-cache squid 3.2.8
squid-cache squid 3.3.10
squid-cache squid 3.3.11
squid-cache squid 3.3.7
squid-cache squid 3.3.8
squid-cache squid 3.3.9
squid-cache squid 3.4.3
squid-cache squid 3.4.2
squid-cache squid 3.1.12
squid-cache squid 3.1.13
squid-cache squid 3.1.2
squid-cache squid 3.1.20
squid-cache squid 3.1.6
squid-cache squid 3.1.7
squid-cache squid 3.2.0.14
squid-cache squid 3.2.0.15
squid-cache squid 3.2.0.4
squid-cache squid 3.2.0.5
squid-cache squid 3.2.11
squid-cache squid 3.2.12
squid-cache squid 3.2.2
squid-cache squid 3.2.9
squid-cache squid 3.3.0
squid-cache squid 3.3.12
squid-cache squid 3.3.2

Squid could be made to crash if it received specially crafted network traffic ...

Debian Bug report logs - #741312 squid3: CVE-2014-0128: Denial of Service in SSL-Bump Package: src:squid3; Maintainer for src:squid3 is Luigi Gangitano <luigi@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 11 Mar 2014 05:27:02 UTC Severity: normal Tags: fixed-upstream, security, upstrea ...

Debian Bug report logs - #760999 squid3: pinger remote DoS (CVE-2014-7141 CVE-214-7142) Package: src:squid3; Maintainer for src:squid3 is Luigi Gangitano <luigi@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 9 Sep 2014 18:57:07 UTC Severity: normal Tags: patch, security, upstream Foun ...

Debian Bug report logs - #761002 squid3: CVE-2014-6270: off by one in snmp subsystem Package: src:squid3; Maintainer for src:squid3 is Luigi Gangitano <luigi@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 9 Sep 2014 19:09:02 UTC Severity: important Tags: patch, security, upstream Foun ...

The pinger in Squid 3x before 348 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet ...

CWE-19 https://bugzilla.novell.com/show_bug.cgi?id=891268 http://www.squid-cache.org/Advisories/SQUID-2014_4.txt http://ubuntu.com/usn/usn-2422-1 http://seclists.org/oss-sec/2014/q3/612 http://seclists.org/oss-sec/2014/q3/626 http://seclists.org/oss-sec/2014/q3/539 http://secunia.com/advisories/60242 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html http://www.securityfocus.com/bid/69688 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html https://usn.ubuntu.com/2422-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2014-7141

Get Started

CVE-2014-7141

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect