Squid up to and including 4.14 and 5.x up to and including 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
squid-cache squid |
||
fedoraproject fedora 33 |
||
fedoraproject fedora 34 |
||
debian debian linux 10.0 |
||
debian debian linux 11.0 |