CVE-2020-8450 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.3 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 97%

Vendor	Product	Version
squid-cache	squid	𝑥 < 4.10
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	19.10
opensuse	leap	15.1
debian	debian_linux	9.0
debian	debian_linux	10.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

squid

bullseye (security)	4.13-10+deb11u3 fixed
bullseye	4.13-10+deb11u3 fixed
bookworm	5.7-2+deb12u2 fixed
bookworm (security)	5.7-2+deb12u2 fixed
sid	6.12-1 fixed
trixie	6.12-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

squid

hirsute	Fixed 4.9-2ubuntu4 released
groovy	Fixed 4.9-2ubuntu4 released
focal	Fixed 4.9-2ubuntu4 released
eoan	Fixed 4.8-1ubuntu2.2 released
bionic	dne
xenial	dne
trusty	dne

squid3

hirsute	dne
groovy	dne
focal	dne
eoan	dne
bionic	Fixed 3.5.27-1ubuntu1.5 released
xenial	Fixed 3.5.12-1ubuntu7.10 released
trusty	dne

Common Weakness Enumeration

CWE-131 - Incorrect Calculation of Buffer Size
The software does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

References

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html

http://www.squid-cache.org/Advisories/SQUID-2020_1.txt

http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch

http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch

http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch

http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch

http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch

https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/

https://security.gentoo.org/glsa/202003-34

https://security.netapp.com/advisory/ntap-20210304-0002/

https://usn.ubuntu.com/4289-1/

https://www.debian.org/security/2020/dsa-4682

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html

http://www.squid-cache.org/Advisories/SQUID-2020_1.txt

http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch

http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch

http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch

http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch

http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch

https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/

https://security.gentoo.org/glsa/202003-34

https://security.netapp.com/advisory/ntap-20210304-0002/

https://usn.ubuntu.com/4289-1/

https://www.debian.org/security/2020/dsa-4682