Updated: 2024-11-23 05:45:59.579783
Description:
Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | MEDIUM | 4.3 |
| CVSS Version 3.x | MEDIUM | 5.3 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| CentOS 6 ELS | squid34 | 3.4.14 | 5.3 | MEDIUM | Ignored | 2022-04-04 12:49:20 | ||
| CentOS 6 ELS | squid | 3.1.23 | 5.3 | MEDIUM | Ignored | 2022-04-04 12:49:20 | ||
| CentOS 8.4 ELS | squid | 4.11-4 | 5.3 | MEDIUM | Released | CLSA-2022:1652719177 | 2022-04-04 12:49:20 | |
| CentOS 8.5 ELS | squid | 4.15-1 | 5.3 | MEDIUM | Released | CLSA-2022:1652732686 | 2022-05-10 16:04:37 | |
| CloudLinux 6 ELS | squid34 | 3.4.14 | 5.3 | MEDIUM | Ignored | 2022-04-04 12:49:20 | ||
| CloudLinux 6 ELS | squid | 3.1.23 | 5.3 | MEDIUM | Ignored | 2022-04-04 12:49:20 | ||
| Oracle Linux 6 ELS | squid34 | 3.4.14 | 5.3 | MEDIUM | Ignored | 2022-04-04 12:49:20 | ||
| Oracle Linux 6 ELS | squid | 3.1.23 | 5.3 | MEDIUM | Ignored | 2022-04-04 12:49:20 | ||
| Ubuntu 16.04 ELS | squid | 3.5.12-1 | 5.3 | MEDIUM | Ignored | 2022-04-04 12:49:20 | ||
| Ubuntu 18.04 ELS | squid | 3.5.27-1 | 5.3 | MEDIUM | Already Fixed | 2023-06-22 17:07:08 |