1. Home
  2. Vulnerabilities
  3. CVE-2020-8517

CVE-2020-8517

CVSS v3.1 7.5 (High)
75% Progress
CVSS v2.0 5 (Medium)
50% Progress
EPSS 0.43 % (75th)
0.43% Progress
Affected Products 3
Advisories 14
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating and a denial of service for all clients using the proxy.

Weaknesses
CWE-20
Improper Input Validation
CWE-787
Out-of-bounds Write
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2020-02-04 20:15:14
(4 years ago)
Updated Date
2021-07-21 11:39:23
(3 years ago)

Affected Products

Canonical

Opensuse

Squid-cache

Configuration #1

    CPE23 From Up To
  Squid-cache Squid prior 4.10 version cpe:2.3:a:squid-cache:squid < 4.10

Configuration #2

    CPE23 From Up To
  Opensuse Leap 15.1 cpe:2.3:o:opensuse:leap:15.1

Configuration #3

    CPE23 From Up To
  Canonical Ubuntu Linux 16.04 cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts
  Canonical Ubuntu Linux 18.04 cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts
  Canonical Ubuntu Linux 19.10 cpe:2.3:o:canonical:ubuntu_linux:19.10