CVE-2014-7142

Loading...

General

Score:6.4/10.0
Severity:Medium
Category:Input Validation Error

Impact Metrics

Confidentiality:Partial
Integrity:None
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:None

Relative vulnerabilities

CVE-2011-3205, CVE-2011-4096, CVE-2012-5643, CVE-2013-0188, CVE-2013-4115, CVE-2014-0128, CVE-2014-6270, CVE-2014-7141, CVE-2015-5400, CVE-2016-2390, CVE-2016-2569, CVE-2016-2570, CVE-2016-2571, CVE-2016-2572, CVE-2016-3947, CVE-2016-3948, CVE-2016-4051, CVE-2016-4052, CVE-2016-4053, CVE-2016-4054, CVE-2016-4553, CVE-2016-4554, CVE-2016-4555, CVE-2016-4556

Published on 26/11/14 - Updated on 28/11/16

Description

The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.

Category: Input Validation Error

CWE-20 (Input Validation)
The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.

Security Notices

US National Vulnerability DatabaseCVE-2014-7142
Agence Nationale de la Sécurité des Systèmes d'Information CERTFR-2014-AVI-407
SUSE SUSE-SU-2016:1996, SUSE-SU-2016:2089
Ubuntu USN-2422-1

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
canonicalubuntu_linux
oraclesolaris
squid-cachesquid

Share this vulnerability with:

Twitter Facebook LinkedIn Mail