Your submission was sent successfully! Close

CVE-2014-6270

Published: 12 September 2014

Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow.

Priority

Low

Status

Package Release Status
squid3
Launchpad, Ubuntu, Debian
lucid Ignored
(reached end-of-life)
precise
Released (3.1.19-1ubuntu3.12.04.6)
trusty Does not exist
(trusty was released [3.3.8-1ubuntu6.6])
upstream
Released (3.4.8-1)
utopic Ignored
(reached end-of-life)
vivid Ignored
(reached end-of-life)
wily
Released (3.3.8-1ubuntu16.2)