PRIOn knowledge basePRION:CVE-2020-8449Input validation
An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ubuntu_linux | eq | 16.04 | |
| ubuntu_linux | eq | 18.04 | |
| ubuntu_linux | eq | 19.10 | |
| debian_linux | eq | 9.0 | |
| debian_linux | eq | 10.0 | |
| fedora | eq | 30 | |
| fedora | eq | 31 | |
| leap | eq | 15.1 | |
| squid | lt | 4.10 |
References
lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html
lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html
www.squid-cache.org/Advisories/SQUID-2020_1.txt
www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch
www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch
www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch
www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch
www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch
lists.debian.org/debian-lts-announce/2020/07/msg00009.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/
security.gentoo.org/glsa/202003-34
security.netapp.com/advisory/ntap-20210304-0002/
usn.ubuntu.com/4289-1/
www.debian.org/security/2020/dsa-4682
Related
