Published: 07/04/2016 Updated: 28/11/2016

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 8.2 | Impact Score: 4.2 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid prior to 3.5.16 and 4.x prior to 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 packet.

Vulnerable Product	Search on Vulmon	Subscribe to Product
squid-cache squid 4.0.5
squid-cache squid 4.0.4
squid-cache squid 4.0.3
squid-cache squid 4.0.2
squid-cache squid 4.0.1
squid-cache squid 4.0.6
squid-cache squid 4.0.7
squid-cache squid
canonical ubuntu linux 14.04
canonical ubuntu linux 12.04
canonical ubuntu linux 16.04
canonical ubuntu linux 15.10

Several security issues were fixed in Squid ...

Debian Bug report logs - #819784 squid3: CVE-2016-3948 Package: src:squid3; Maintainer for src:squid3 is Luigi Gangitano <luigi@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 2 Apr 2016 09:09:05 UTC Severity: important Tags: patch, security, upstream Found in version squid3/3515-1 F ...

Debian Bug report logs - #819783 squid3: CVE-2016-3947 Package: src:squid3; Maintainer for src:squid3 is Luigi Gangitano <luigi@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 2 Apr 2016 09:09:01 UTC Severity: important Tags: patch, security, upstream Found in version squid3/3515-1 F ...

Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6cc in the pinger utility in Squid before 3516 and 4x before 408 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 packet ...

CWE-119 http://www.squid-cache.org/Advisories/SQUID-2016_3.txt http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13232.patch http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11839.patch http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14015.patch http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10495.patch http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12694.patch http://www.securitytracker.com/id/1035457 http://www.ubuntu.com/usn/USN-2995-1 https://security.gentoo.org/glsa/201607-01 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html https://usn.ubuntu.com/2995-1/https://nvd.nist.gov

CVE-2016-3947

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect