CVE-2020-8449
An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.
| Software | From | Fixed in |
|---|---|---|
| squid-cache / squid | - | 4.10 |
| debian / debian_linux | 9.0 | 9.0.x |
| debian / debian_linux | 10.0 | 10.0.x |
| canonical / ubuntu_linux | 16.04 | 16.04.x |
| canonical / ubuntu_linux | 18.04 | 18.04.x |
| canonical / ubuntu_linux | 19.10 | 19.10.x |
| opensuse / leap | 15.1 | 15.1.x |
| fedoraproject / fedora | 30 | 30.x |
| fedoraproject / fedora | 31 | 31.x |
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html
- http://www.squid-cache.org/Advisories/SQUID-2020_1.txt
- http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch
- http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch
- http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch
- http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch
- http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch
- https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/
- https://security.gentoo.org/glsa/202003-34
- https://security.netapp.com/advisory/ntap-20210304-0002/
- https://usn.ubuntu.com/4289-1/
- https://www.debian.org/security/2020/dsa-4682
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime