Описание
Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| squid | fixed | 5.2-1 | package | |
| squid3 | removed | package | ||
| squid3 | postponed | stretch | package |
Примечания
https://www.zerodayinitiative.com/advisories/ZDI-CAN-11610/
https://bugs.squid-cache.org/show_bug.cgi?id=5131
https://www.openwall.com/lists/oss-security/2021/10/04/1
Squid4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_12.patch
Squid5: http://www.squid-cache.org/Versions/v5/changesets/squid-5-7a73a54cefff6bb83c03de219a73276e42d183d0.patch
EPSS
Связанные уязвимости
Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody.
Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody.
Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody.
EPSS