Description
Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 packet.
References (12)
Core 12
Core References
Patch x_refsource_confirm
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14015.patch
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201607-01
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html
Patch, Third Party Advisory, US Government Resource x_refsource_confirm
http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11839.patch
Vendor Advisory x_refsource_confirm
http://www.squid-cache.org/Advisories/SQUID-2016_3.txt
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2995-1
Patch x_refsource_confirm
http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10495.patch
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1035457
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html
Patch x_refsource_confirm
http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13232.patch
Patch x_refsource_confirm
http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12694.patch
Scores
CVSS v3
8.2
EPSS
0.1462
EPSS Percentile
96.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Details
CWE
CWE-119
Status
published
Products (12)
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
15.10
canonical/ubuntu_linux
16.04
squid-cache/squid
4.0.1
squid-cache/squid
4.0.2
squid-cache/squid
4.0.3
squid-cache/squid
4.0.4
squid-cache/squid
4.0.5
squid-cache/squid
4.0.6
... and 2 more
Published
Apr 07, 2016
Tracked Since
Feb 18, 2026