Описание
A flaw was found in Squid. A buffer over-read in the ConfigParser::UnQuote function in the src/ConfigParser.cc file can be triggered when a specially crafted configuration file is being parsed by Squid when it's initializing, causing an application crash.
Отчет
This CVE has been rejected and Red Hat Product Security does not consider this to be a vulnerability because this issue can only be triggered when Squid is initializing and by using a specially crafted configuration file. The only impact of this issue is an application crash before Squid is in fact started and running.
Меры по смягчению последствий
Do not use untrusted Squid configuration files.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | squid | Will not fix | ||
| Red Hat Enterprise Linux 6 | squid | Out of support scope | ||
| Red Hat Enterprise Linux 6 | squid34 | Out of support scope | ||
| Red Hat Enterprise Linux 7 | squid | Will not fix | ||
| Red Hat Enterprise Linux 8 | squid:4/squid | Will not fix | ||
| Red Hat Enterprise Linux 9 | squid | Will not fix |
Показывать по
Дополнительная информация
0 Low
CVSS3
Связанные уязвимости
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
0 Low
CVSS3