What is CVE-2014-7142?

CVE-2014-7142 is a vulnerability in Oracle Solaris, classified under Improper Input Validation. Published 2014-11-26.

Is CVE-2014-7142 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Oracle Solaris

CVE-2014-7142

The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.642 (98.5th percentile) — read the EPSS interpretation.

Affected products

Oracle Solaris — versions 11.2
Squid-cache Squid — versions 3.1.1, 3.1.2, 3.1.3
Canonical Ubuntu_linux — versions 14.04, 14.10
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

c-skills/CVEs

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
SUSE-SU-2016:1996 (vendor-advisory, x_refsource_SUSE)
cve@mitre.org (x_refsource_CONFIRM, Third Party Advisory)
60242 (Permissions Required, x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
cve@mitre.org (x_refsource_CONFIRM, VDB Entry, Third Party Advisory, Issue Tracking)
[oss-security] 20140916 Re: Re: CVE-Request: squid pinger remote DoS (mailing-list, x_refsource_MLIST, Third Party Advisory)
[oss-security] 20140909 CVE-Request: squid pinger remote DoS (mailing-list, x_refsource_MLIST, Third Party Advisory)
70022 (vdb-entry, x_refsource_BID)
USN-2422-1 (x_refsource_UBUNTU, vendor-advisory, Vendor Advisory)
SUSE-SU-2016:2089 (vendor-advisory, x_refsource_SUSE)

Frequently asked questions

What is CVE-2014-7142?: CVE-2014-7142 is a vulnerability in Oracle Solaris, classified under Improper Input Validation. Published 2014-11-26.
Is CVE-2014-7142 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.