Security Alert (A20-04-05): Vulnerability in Squid


 

Published on: 28 April 2020

  
  

Description:

Squid has published a security advisory (SQUID-2020:4) to address an integer overflow vulnerability. A remote attacker could exploit the vulnerability by sending a specially crafted HTTP request to the target server.

 

Affected Systems:

  • Squid 2.x to 2.7.STABLE9
  • Squid 3.x to 3.5.28
  • Squid 4.x to 4.10
  • Squid 5.x to 5.0.1

 

Impact:

A successful attack could lead to arbitrary code execution and security feature bypass.

 

Recommendation:

Squid has released version 4.11 and 5.0.2 to address the issue and it can be downloaded at the following URLs:
http://www.squid-cache.org/Versions/v4/
http://www.squid-cache.org/Versions/v5/

 

More Information:

- http://www.squid-cache.org/Advisories/SQUID-2020_4.txt
- https://www.hkcert.org/my_url/en/alert/20042701
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11945

 



Tag: Squid
Tags