Your submission was sent successfully! Close

CVE-2014-7142

Published: 23 September 2014

The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.

Notes

AuthorNote
mdeslaur
pinger utility only started shipping in saucy
Priority

Low

Status

Package Release Status
squid
Launchpad, Ubuntu, Debian
lucid Not vulnerable
(code not present)
precise Does not exist

trusty Does not exist

upstream Needs triage

utopic Does not exist

squid3
Launchpad, Ubuntu, Debian
lucid Not vulnerable
(code not shipped)
precise Not vulnerable
(code not shipped)
trusty Does not exist
(trusty was released [3.3.8-1ubuntu6.2])
upstream Needs triage

utopic
Released (3.3.8-1ubuntu8.1)
Patches:
upstream: http://bazaar.launchpad.net/~squid/squid/trunk/revision/13583 (trunk)
upstream: http://bazaar.launchpad.net/~squid/squid/3.2/revision/11830 (3.2)