CVE-2014-7142

The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
VendorProductVersion
oraclesolaris
11.2
canonicalubuntu_linux
14.04
canonicalubuntu_linux
14.10
squid-cachesquid
3.1.1
squid-cachesquid
3.1.2
squid-cachesquid
3.1.3
squid-cachesquid
3.1.4
squid-cachesquid
3.1.5
squid-cachesquid
3.1.5.1
squid-cachesquid
3.1.6
squid-cachesquid
3.1.7
squid-cachesquid
3.1.8
squid-cachesquid
3.1.9
squid-cachesquid
3.1.10
squid-cachesquid
3.1.11
squid-cachesquid
3.1.12
squid-cachesquid
3.1.13
squid-cachesquid
3.1.14
squid-cachesquid
3.1.15
squid-cachesquid
3.1.16
squid-cachesquid
3.1.17
squid-cachesquid
3.1.18
squid-cachesquid
3.1.19
squid-cachesquid
3.1.20
squid-cachesquid
3.1.21
squid-cachesquid
3.1.22
squid-cachesquid
3.2.0.1
squid-cachesquid
3.2.0.2
squid-cachesquid
3.2.0.3
squid-cachesquid
3.2.0.4
squid-cachesquid
3.2.0.5
squid-cachesquid
3.2.0.6
squid-cachesquid
3.2.0.7
squid-cachesquid
3.2.0.8
squid-cachesquid
3.2.0.9
squid-cachesquid
3.2.0.10
squid-cachesquid
3.2.0.11
squid-cachesquid
3.2.0.12
squid-cachesquid
3.2.0.13
squid-cachesquid
3.2.0.14
squid-cachesquid
3.2.0.15
squid-cachesquid
3.2.0.16
squid-cachesquid
3.2.0.17
squid-cachesquid
3.2.0.18
squid-cachesquid
3.2.0.19
squid-cachesquid
3.2.1
squid-cachesquid
3.2.2
squid-cachesquid
3.2.3
squid-cachesquid
3.2.4
squid-cachesquid
3.2.5
squid-cachesquid
3.2.6
squid-cachesquid
3.2.7
squid-cachesquid
3.2.8
squid-cachesquid
3.2.9
squid-cachesquid
3.2.10
squid-cachesquid
3.2.11
squid-cachesquid
3.2.12
squid-cachesquid
3.3.0
squid-cachesquid
3.3.0.1
squid-cachesquid
3.3.0.2
squid-cachesquid
3.3.0.3
squid-cachesquid
3.3.1
squid-cachesquid
3.3.2
squid-cachesquid
3.3.3
squid-cachesquid
3.3.4
squid-cachesquid
3.3.5
squid-cachesquid
3.3.6
squid-cachesquid
3.3.7
squid-cachesquid
3.3.8
squid-cachesquid
3.3.9
squid-cachesquid
3.3.10
squid-cachesquid
3.3.11
squid-cachesquid
3.3.12
squid-cachesquid
3.4.0.1
squid-cachesquid
3.4.0.2
squid-cachesquid
3.4.0.3
squid-cachesquid
3.4.1
squid-cachesquid
3.4.2
squid-cachesquid
3.4.3
squid-cachesquid
3.4.4
squid-cachesquid
3.4.5
squid-cachesquid
3.4.6
squid-cachesquid
3.4.7
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
squid
bullseye (security)
4.13-10+deb11u3
fixed
bullseye
4.13-10+deb11u3
fixed
squeeze
no-dsa
wheezy
no-dsa
bookworm
5.7-2+deb12u2
fixed
bookworm (security)
5.7-2+deb12u2
fixed
sid
6.12-1
fixed
trixie
6.12-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
squid
utopic
dne
trusty
dne
precise
dne
lucid
not-affected
squid3
utopic
Fixed 3.3.8-1ubuntu8.1
released
trusty
Fixed 3.3.8-1ubuntu6.2
released
precise
not-affected
lucid
not-affected
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html
http://seclists.org/oss-sec/2014/q3/539
http://seclists.org/oss-sec/2014/q3/613
http://seclists.org/oss-sec/2014/q3/626
http://secunia.com/advisories/60242
http://ubuntu.com/usn/usn-2422-1
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
http://www.securityfocus.com/bid/70022
http://www.squid-cache.org/Advisories/SQUID-2014_4.txt
https://bugzilla.novell.com/show_bug.cgi?id=891268
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html
http://seclists.org/oss-sec/2014/q3/539
http://seclists.org/oss-sec/2014/q3/613
http://seclists.org/oss-sec/2014/q3/626
http://secunia.com/advisories/60242
http://ubuntu.com/usn/usn-2422-1
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
http://www.securityfocus.com/bid/70022
http://www.squid-cache.org/Advisories/SQUID-2014_4.txt
https://bugzilla.novell.com/show_bug.cgi?id=891268