Your submission was sent successfully! Close

CVE-2016-3947

Published: 07 April 2016

Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 packet.

Priority

Medium

CVSS 3 base score: 8.2

Status

Package Release Status
squid3
Launchpad, Ubuntu, Debian
Upstream
Released (3.5.16)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (3.5.12-1ubuntu7.2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [3.3.8-1ubuntu6.8])
Patches:
Upstream: http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10495.patch (3.1)
Upstream: http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12694.patch (3.3)
Upstream: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14015.patch (3.5)