CVE-2020-8517 Information
Share on:Description
An issue was discovered in Squid before 4.10. Due to incorrect input validation the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating and a denial of service for all clients using the proxy.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Reference
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html http://www.squid-cache.org/Advisories/SQUID-2020_3.txt http://www.squid-cache.org/Versions/v4/changesets/squid-4-6982f1187a26557e582172965e266f544ea562a5.patch https://security.gentoo.org/glsa/202003-34 https://usn.ubuntu.com/4289-1/
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
NONE
Base Score
HIGH
Base Severity
7.5