CVE-2020-8449

An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.

Published: Feb 4, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-8449
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-668

Affected Software
References

Software	From	Fixed in
squid-cache / squid	-	4.10
debian / debian_linux	9.0	9.0.x
debian / debian_linux	10.0	10.0.x
canonical / ubuntu_linux	16.04	16.04.x
canonical / ubuntu_linux	18.04	18.04.x
canonical / ubuntu_linux	19.10	19.10.x
opensuse / leap	15.1	15.1.x
fedoraproject / fedora	30	30.x
fedoraproject / fedora	31	31.x

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html
http://www.squid-cache.org/Advisories/SQUID-2020_1.txt
http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch
http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch
http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch
http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch
https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html
https://lists.fedoraproject.org/archives/list/[email protected]/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/
https://lists.fedoraproject.org/archives/list/[email protected]/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/
https://security.gentoo.org/glsa/202003-34
https://security.netapp.com/advisory/ntap-20210304-0002/
https://usn.ubuntu.com/4289-1/
https://www.debian.org/security/2020/dsa-4682

Vulnerability Database

289,599

CVE-2020-8449