Improper input validation in Squid-cache Squid

CVE-2014-0128

Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.550 (98.1th percentile) — read the EPSS interpretation.

Affected products

Squid-cache Squid — versions 3.1, 3.1.0.1, 3.1.0.2
Opensuse — versions 11.4
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

openSUSE-SU-2014:0513 (vendor-advisory, x_refsource_SUSE, Vendor Advisory)
openSUSE-SU-2014:0559 (vendor-advisory, x_refsource_SUSE)
57889 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
SUSE-SU-2016:1996 (vendor-advisory, x_refsource_SUSE)
secalert@redhat.com (x_refsource_CONFIRM)
57288 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
66112 (vdb-entry, x_refsource_BID)
SUSE-SU-2016:2089 (vendor-advisory, x_refsource_SUSE)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)