Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
0

CVE-2020-8450

Disclosure Date: February 04, 2020
CVE-2020-8450 CVSS v3 Base Score: 7.3
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
7.3 High
Impact Score:
3.4
Exploitability Score:
3.9
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
Low
Integrity (I):
Low
Availability (A):
Low

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • canonical,
  • debian,
  • fedoraproject,
  • opensuse,
  • squid-cache

Products

  • debian linux 10.0,
  • debian linux 9.0,
  • fedora 30,
  • fedora 31,
  • leap 15.1,
  • squid,
  • ubuntu linux 16.04,
  • ubuntu linux 18.04,
  • ubuntu linux 19.10

References

Canonical
CVE-2020-8450 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8450)
Advisory
USN-4289-1 (https://usn.ubuntu.com/4289-1)
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html
GLSA-202003-34 (https://security.gentoo.org/glsa/202003-34)
FEDORA-2020-ab8e7463ab (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R)
FEDORA-2020-790296a8f4 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J)
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html
DSA-4682 (https://www.debian.org/security/2020/dsa-4682)
[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update (https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html)
USN-4289-1 (https://usn.ubuntu.com/4289-1/)
FEDORA-2020-ab8e7463ab (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/)
FEDORA-2020-790296a8f4 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/)
https://security.netapp.com/advisory/ntap-20210304-0002/
Miscellaneous
http://www.squid-cache.org/Advisories/SQUID-2020_1.txt
http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch
http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch
http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch
http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis