Описание
Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URN due to incorrect buffer management. This has been fixed in version 6.4. To work around this issue, disable URN access permissions.
A heap-based buffer overflow flaw was found in the Squid caching proxy. When processing the Uniform Resource Name (URNs), specific conditions can lead to remote code execution.
Меры по смягчению последствий
Users can disable URN access permissions to mitigate this issue.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | squid | Not affected | ||
| Red Hat Enterprise Linux 6 | squid | Affected | ||
| Red Hat Enterprise Linux 6 | squid34 | Affected | ||
| Red Hat Enterprise Linux 7 | squid | Affected | ||
| Red Hat Enterprise Linux 8 | squid:4/squid | Affected | ||
| Red Hat Enterprise Linux 9 | squid | Affected |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
8.9 High
CVSS3
Связанные уязвимости
Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URN due to incorrect buffer management. This has been fixed in version 6.4. To work around this issue, disable URN access permissions.
Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URN due to incorrect buffer management. This has been fixed in version 6.4. To work around this issue, disable URN access permissions.
Squid is a caching proxy for the Web. In versions 6.3 and below, Squid ...
Уязвимость прокси-сервера Squid, связанная с переполнением буфера в динамической памяти при обработке URN-заголовков, позволяющая нарушителю выполнить произвольный код
EPSS
8.9 High
CVSS3