SynopsisThe remote proxy server is affected by multiple attack vectors.
DescriptionVersions of Squid 3.5.x prior to 3.5.15 are affected by multiple vulnerabilities :
- A flaw is triggered when performing improper bounds checks on specially crafted HTTP responses. This may allow a remote attacker to cause a denial of service.
- A flaw is triggered as bounds are not properly checked when processing HTTP responses. This may allow a remote attacker to cause a denial of service for all clients accessing the service.
- An overflow condition exists in the 'Icmp6::Recv()' function in 'icmp/Icmp6.cc' of the pinger binary. The issue is triggered as user-supplied input is not properly validated when handling specially crafted ICMPv6 packets. This may allow a remote attacker to cause a buffer overflow, crashing the pinger process or potentially leaking data into log files.
SolutionEither upgrade to Squid version 3.5.15 or later, or apply the vendor-supplied patch.