Vulnerability CVE-2020-8517


Published: 2020-02-04

Description:
An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating and a denial of service for all clients using the proxy.

Type:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Squid-cache -> Squid 

 References:
http://www.squid-cache.org/Advisories/SQUID-2020_3.txt
http://www.squid-cache.org/Versions/v4/changesets/squid-4-6982f1187a26557e582172965e266f544ea562a5.patch

Copyright 2024, cxsecurity.com

 

Back to Top