CVE-2020-8449

An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.
References
Link Resource
http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch Patch Vendor Advisory
http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch Patch Vendor Advisory
http://www.squid-cache.org/Advisories/SQUID-2020_1.txt Patch Vendor Advisory
http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch Patch Vendor Advisory
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch Patch Vendor Advisory
http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch Patch Vendor Advisory
https://usn.ubuntu.com/4289-1/ Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html Mailing List Third Party Advisory
https://security.gentoo.org/glsa/202003-34 Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/ Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html Mailing List Third Party Advisory
https://www.debian.org/security/2020/dsa-4682 Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20210304-0002/ Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

Information

Published : 2020-02-04 08:15

Updated : 2021-03-04 08:47


NVD link : CVE-2020-8449

Mitre link : CVE-2020-8449

Products Affected
No products.
CWE