CVE-2014-0128

Related Files

Mandriva Linux Security Advisory 2015-103

Posted Mar 30, 2015

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-103 - Due to incorrect state management, Squid before 3.3.12 is vulnerable to a denial of service attack when processing certain HTTPS requests if the SSL-Bump feature is enabled. Matthew Daley discovered that Squid 3 did not properly perform input validation in request parsing. A remote attacker could send crafted Range requests to cause a denial of service. Due to incorrect buffer management Squid can be caused by an attacker to write outside its allocated SNMP buffer. Due to incorrect bounds checking Squid pinger binary is vulnerable to denial of service or information leak attack when processing larger than normal ICMP or ICMPv6 packets. Due to incorrect input validation Squid pinger binary is vulnerable to denial of service or information leak attacks when processing ICMP or ICMPv6 packets.

tags | advisory, remote, web, denial of service

systems | linux, mandriva

advisories | CVE-2014-0128, CVE-2014-3609, CVE-2014-6270, CVE-2014-7141, CVE-2014-7142

SHA-256 | b3a7102719ad1db82c04532795f87002757f84b9b74f8c08a14cd808e53dcbcc

Download | Favorite | View

Gentoo Linux Security Advisory 201411-11

Posted Nov 28, 2014

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201411-11 - Multiple vulnerabilities have been found in Squid, allowing remote attackers to execute arbitrary code or cause a Denial of Service condition. Versions less than 3.3.13-r1 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability

systems | linux, gentoo

advisories | CVE-2014-0128, CVE-2014-7141, CVE-2014-7142

SHA-256 | 73ccf120cd4c0ce4a96bbcd00e0a93a9fa5bff2c7dac71efc1a6c14ead3b2cff

Download | Favorite | View

Mandriva Linux Security Advisory 2014-114

Posted Jun 12, 2014

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-114 - Due to incorrect state management, Squid before 3.3.12 is vulnerable to a denial of service attack when processing certain HTTPS requests if the SSL-Bump feature is enabled.

tags | advisory, web, denial of service

systems | linux, mandriva

advisories | CVE-2014-0128

SHA-256 | 225c7f2b9fa30d957c67b7a006555a1296a4018846787e04b1214490fcdaf0c7

Download | Favorite | View

Red Hat Security Advisory 2014-0597-01

Posted Jun 3, 2014

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0597-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A denial of service flaw was found in the way Squid processed certain HTTPS requests when the SSL Bump feature was enabled. A remote attacker could send specially crafted requests that could cause Squid to crash.

tags | advisory, remote, web, denial of service

systems | linux, redhat

advisories | CVE-2014-0128

SHA-256 | a93d86f1f5060ac79e0f3de5c45e337415845e6a955bd0933312513c4fbafde0

Download | Favorite | View