CVE-2016-3947

HIGH

Squid <3.5.16, <4.0.8 - Buffer Overflow

Title source: llm
STIX 2.1

Description

Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 packet.

References (12)

Core 12
Core References
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201607-01
Patch, Third Party Advisory, US Government Resource x_refsource_confirm
http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11839.patch
Vendor Advisory x_refsource_confirm
http://www.squid-cache.org/Advisories/SQUID-2016_3.txt
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2995-1
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1035457
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html

Scores

CVSS v3 8.2
EPSS 0.1462
EPSS Percentile 96.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Details

CWE
CWE-119
Status published
Products (12)
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 15.10
canonical/ubuntu_linux 16.04
squid-cache/squid 4.0.1
squid-cache/squid 4.0.2
squid-cache/squid 4.0.3
squid-cache/squid 4.0.4
squid-cache/squid 4.0.5
squid-cache/squid 4.0.6
... and 2 more
Published Apr 07, 2016
Tracked Since Feb 18, 2026