CVE-2014-7142

Опубликовано: 26 нояб. 2014

Источник: nvd

CVSS2: 6.4

EPSS Средний

Описание

The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html
http://seclists.org/oss-sec/2014/q3/539
Third Party Advisory
http://seclists.org/oss-sec/2014/q3/613
Third Party Advisory
http://seclists.org/oss-sec/2014/q3/626
Third Party Advisory
http://secunia.com/advisories/60242
Permissions Required
Third Party Advisory
http://ubuntu.com/usn/usn-2422-1
Vendor Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
Third Party Advisory
http://www.securityfocus.com/bid/70022
http://www.squid-cache.org/Advisories/SQUID-2014_4.txt
Vendor Advisory
https://bugzilla.novell.com/show_bug.cgi?id=891268
Issue Tracking
Third Party Advisory
VDB Entry
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html
http://seclists.org/oss-sec/2014/q3/539
Third Party Advisory
http://seclists.org/oss-sec/2014/q3/613
Third Party Advisory
http://seclists.org/oss-sec/2014/q3/626
Third Party Advisory
http://secunia.com/advisories/60242
Permissions Required
Third Party Advisory
http://ubuntu.com/usn/usn-2422-1
Vendor Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
Third Party Advisory
http://www.securityfocus.com/bid/70022

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:a:squid-cache:squid:3.1.1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.2:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.3:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.4:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.5:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.5.1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.6:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.7:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.8:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.9:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.10:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.11:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.12:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.13:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.14:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.15:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.16:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.17:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.18:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.19:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.20:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.21:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.1.22:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.12:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.13:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.14:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.15:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.16:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.17:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.18:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.0.19:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.2:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.3:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.4:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.5:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.6:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.7:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.8:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.9:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.10:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.11:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.2.12:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.3.0:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.3.0.3:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.3.1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.3.2:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.3.3:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.3.4:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.3.5:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.3.6:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.3.7:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.3.8:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.3.9:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.3.10:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.3.11:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.3.12:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.4.0.1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.4.0.2:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.4.0.3:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.4.1:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.4.2:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.4.3:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.4.4:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.4.5:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.4.6:*:*:*:*:*:*:*

cpe:2.3:a:squid-cache:squid:3.4.7:*:*:*:*:*:*:*

EPSS

Процентиль: 98%

0.64227

Средний

6.4 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

CVE-2014-7142

ubuntu

около 11 лет назад

The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.

CVE-2014-7142

redhat

больше 11 лет назад

The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.

CVE-2014-7142

debian

около 11 лет назад

The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain ...

GHSA-rrff-4cvp-7q5p

github

больше 3 лет назад

The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.

SUSE-SU-2016:2089-1

suse-cvrf

больше 9 лет назад

Security update for squid3

EPSS

Процентиль: 98%

0.64227

Средний

6.4 Medium

CVSS2

Дефекты

CWE-20