CVE-2016-3947

CVSS v3.0 8.2 (High)

CVSS v2.0 7.5 (High)

EPSS 1.69 % (88^th)

Affected Products 2

Advisories 7

Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 packet.

Weaknesses

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2016-04-07 18:59:00
(8 years ago)
Updated Date: 2016-11-28 20:14:19
(7 years ago)

Affected Products

Canonical

Ubuntu Linux

Squid-cache

Squid

Configuration #1

	CPE23	Up To
Squid-cache Squid 3.5.15 and prior versions	cpe:2.3:a:squid-cache:squid	<= 3.5.15
Squid-cache Squid 4.0.1	cpe:2.3:a:squid-cache:squid:4.0.1
Squid-cache Squid 4.0.2	cpe:2.3:a:squid-cache:squid:4.0.2
Squid-cache Squid 4.0.3	cpe:2.3:a:squid-cache:squid:4.0.3
Squid-cache Squid 4.0.4	cpe:2.3:a:squid-cache:squid:4.0.4
Squid-cache Squid 4.0.5	cpe:2.3:a:squid-cache:squid:4.0.5
Squid-cache Squid 4.0.6	cpe:2.3:a:squid-cache:squid:4.0.6
Squid-cache Squid 4.0.7	cpe:2.3:a:squid-cache:squid:4.0.7

Configuration #2

		CPE23	From	Up To
	Canonical Ubuntu Linux 12.04	cpe:2.3:o:canonical:ubuntu_linux:12.04:::*:lts
	Canonical Ubuntu Linux 14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04:::*:lts
	Canonical Ubuntu Linux 15.10	cpe:2.3:o:canonical:ubuntu_linux:15.10
	Canonical Ubuntu Linux 16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04:::*:lts