CVE-2020-8449 - Vulncode-DB

CVE-2020-8449 (NVD)

2020-02-04

An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.

Products	Ubuntu_linux, Debian_linux, Fedora, Leap, Squid
Type	Exposure of Resource to Wrong Sphere (CWE-668)
First patch	- None (likely due to unavailable code)
Patches	• http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch • http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch • http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch • http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch • http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch
Links	• http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/ • http://www.squid-cache.org/Advisories/SQUID-2020_1.txt • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html • https://security.gentoo.org/glsa/202003-34 More/Less (5) • https://usn.ubuntu.com/4289-1/ • https://www.debian.org/security/2020/dsa-4682 • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/ • https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html • https://security.netapp.com/advisory/ntap-20210304-0002/