CVE-2014-6270 - OpenCVE

Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Oracle	Solaris
Squid-cache	Squid

Configuration 1 [-]

OR	cpe:2.3:a:squid-cache:squid:2.4.stable1:::::::*
	cpe:2.3:a:squid-cache:squid:2.4.stable2:::::::*
	cpe:2.3:a:squid-cache:squid:2.4.stable3:::::::*
	cpe:2.3:a:squid-cache:squid:2.4.stable4:::::::*
	cpe:2.3:a:squid-cache:squid:2.4.stable5:::::::*
	cpe:2.3:a:squid-cache:squid:2.4.stable6:::::::*
	cpe:2.3:a:squid-cache:squid:2.4.stable7:::::::*
	cpe:2.3:a:squid-cache:squid:2.5.stable1:::::::*
	cpe:2.3:a:squid-cache:squid:2.5.stable2:::::::*
	cpe:2.3:a:squid-cache:squid:2.5.stable3:::::::*
	cpe:2.3:a:squid-cache:squid:2.5.stable4:::::::*
	cpe:2.3:a:squid-cache:squid:2.5.stable5:::::::*
	cpe:2.3:a:squid-cache:squid:2.5.stable6:::::::*
	cpe:2.3:a:squid-cache:squid:2.5.stable7:::::::*
	cpe:2.3:a:squid-cache:squid:2.5.stable8:::::::*
	cpe:2.3:a:squid-cache:squid:2.5.stable9:::::::*
	cpe:2.3:a:squid-cache:squid:2.5.stable10:::::::*
	cpe:2.3:a:squid-cache:squid:2.5.stable11:::::::*
	cpe:2.3:a:squid-cache:squid:2.5.stable12:::::::*
	cpe:2.3:a:squid-cache:squid:2.5.stable13:::::::*
	cpe:2.3:a:squid-cache:squid:2.5.stable14:::::::*
	cpe:2.3:a:squid-cache:squid:2.6.stable1:::::::*
	cpe:2.3:a:squid-cache:squid:2.6.stable2:::::::*
	cpe:2.3:a:squid-cache:squid:2.6.stable3:::::::*
	cpe:2.3:a:squid-cache:squid:2.6.stable4:::::::*
	cpe:2.3:a:squid-cache:squid:2.6.stable5:::::::*
	cpe:2.3:a:squid-cache:squid:2.6.stable6:::::::*
	cpe:2.3:a:squid-cache:squid:2.6.stable7:::::::*
	cpe:2.3:a:squid-cache:squid:2.6.stable8:::::::*
	cpe:2.3:a:squid-cache:squid:2.6.stable9:::::::*
	cpe:2.3:a:squid-cache:squid:2.6.stable10:::::::*
	cpe:2.3:a:squid-cache:squid:2.6.stable11:::::::*
	cpe:2.3:a:squid-cache:squid:2.6.stable12:::::::*
	cpe:2.3:a:squid-cache:squid:2.6.stable13:::::::*
	cpe:2.3:a:squid-cache:squid:2.6.stable14:::::::*
	cpe:2.3:a:squid-cache:squid:2.6.stable15:::::::*
	cpe:2.3:a:squid-cache:squid:2.6.stable16:::::::*
	cpe:2.3:a:squid-cache:squid:2.6.stable17:::::::*
	cpe:2.3:a:squid-cache:squid:2.6.stable18:::::::*
	cpe:2.3:a:squid-cache:squid:2.6.stable19:::::::*
	cpe:2.3:a:squid-cache:squid:2.6.stable20:::::::*
	cpe:2.3:a:squid-cache:squid:2.6.stable21:::::::*
	cpe:2.3:a:squid-cache:squid:2.6.stable22:::::::*
	cpe:2.3:a:squid-cache:squid:2.6.stable23:::::::*
	cpe:2.3:a:squid-cache:squid:2.7.stable1:::::::*
	cpe:2.3:a:squid-cache:squid:2.7.stable2:::::::*
	cpe:2.3:a:squid-cache:squid:2.7.stable3:::::::*
	cpe:2.3:a:squid-cache:squid:2.7.stable4:::::::*
	cpe:2.3:a:squid-cache:squid:2.7.stable5:::::::*
	cpe:2.3:a:squid-cache:squid:2.7.stable6:::::::*
	cpe:2.3:a:squid-cache:squid:2.7.stable7:::::::*
	cpe:2.3:a:squid-cache:squid:2.7.stable8:::::::*
	cpe:2.3:a:squid-cache:squid:2.7.stable9:::::::*
	cpe:2.3:a:squid-cache:squid:3.0:::::::*
	cpe:2.3:a:squid-cache:squid:3.0:-:pre1:::::*
	cpe:2.3:a:squid-cache:squid:3.0:-:pre2:::::*
	cpe:2.3:a:squid-cache:squid:3.0:-:pre3:::::*
	cpe:2.3:a:squid-cache:squid:3.0:-:pre4:::::*
	cpe:2.3:a:squid-cache:squid:3.0:-:pre5:::::*
	cpe:2.3:a:squid-cache:squid:3.0:-:pre6:::::*
	cpe:2.3:a:squid-cache:squid:3.0:-:pre7:::::*
	cpe:2.3:a:squid-cache:squid:3.0:rc4::::::
	cpe:2.3:a:squid-cache:squid:3.0.stable1:::::::*
	cpe:2.3:a:squid-cache:squid:3.0.stable2:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable3:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable4:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable5:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable6:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable7:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable8:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable9:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable10:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable11:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable11:rc1::::::
cpe:2.3:a:squid-cache:squid:3.0.stable12:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable13:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable14:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable15:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable16:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable16:rc1::::::
cpe:2.3:a:squid-cache:squid:3.0.stable17:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable18:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable19:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable20:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable21:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable22:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable23:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable24:::::::*
cpe:2.3:a:squid-cache:squid:3.0.stable25:::::::*
cpe:2.3:a:squid-cache:squid:3.1:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.1:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.2:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.3:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.4:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.5:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.6:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.7:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.8:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.9:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.10:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.11:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.12:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.13:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.14:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.15:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.16:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.17:::::::*
cpe:2.3:a:squid-cache:squid:3.1.0.18:::::::*
cpe:2.3:a:squid-cache:squid:3.1.1:::::::*
cpe:2.3:a:squid-cache:squid:3.1.2:::::::*
cpe:2.3:a:squid-cache:squid:3.1.3:::::::*
cpe:2.3:a:squid-cache:squid:3.1.4:::::::*
cpe:2.3:a:squid-cache:squid:3.1.5:::::::*
cpe:2.3:a:squid-cache:squid:3.1.5.1:::::::*
cpe:2.3:a:squid-cache:squid:3.1.6:::::::*
cpe:2.3:a:squid-cache:squid:3.1.7:::::::*
cpe:2.3:a:squid-cache:squid:3.1.8:::::::*
cpe:2.3:a:squid-cache:squid:3.1.9:::::::*
cpe:2.3:a:squid-cache:squid:3.1.10:::::::*
cpe:2.3:a:squid-cache:squid:3.1.11:::::::*
cpe:2.3:a:squid-cache:squid:3.1.12:::::::*
cpe:2.3:a:squid-cache:squid:3.1.13:::::::*
cpe:2.3:a:squid-cache:squid:3.1.14:::::::*
cpe:2.3:a:squid-cache:squid:3.1.15:::::::*
cpe:2.3:a:squid-cache:squid:3.2.0.1:::::::*
cpe:2.3:a:squid-cache:squid:3.2.0.2:::::::*
cpe:2.3:a:squid-cache:squid:3.2.0.3:::::::*
cpe:2.3:a:squid-cache:squid:3.2.0.4:::::::*
cpe:2.3:a:squid-cache:squid:3.2.0.5:::::::*
cpe:2.3:a:squid-cache:squid:3.2.0.6:::::::*
cpe:2.3:a:squid-cache:squid:3.2.0.7:::::::*
cpe:2.3:a:squid-cache:squid:3.2.0.8:::::::*
cpe:2.3:a:squid-cache:squid:3.2.0.9:::::::*
cpe:2.3:a:squid-cache:squid:3.2.0.10:::::::*
cpe:2.3:a:squid-cache:squid:3.2.0.11:::::::*
cpe:2.3:a:squid-cache:squid:3.2.0.12:::::::*
cpe:2.3:a:squid-cache:squid:3.2.0.13:::::::*
cpe:2.3:a:squid-cache:squid:3.2.0.14:::::::*
cpe:2.3:a:squid-cache:squid:3.2.0.15:::::::*
cpe:2.3:a:squid-cache:squid:3.2.0.16:::::::*
cpe:2.3:a:squid-cache:squid:3.2.0.17:::::::*
cpe:2.3:a:squid-cache:squid:3.2.0.18:::::::*
cpe:2.3:a:squid-cache:squid:3.2.0.19:::::::*
cpe:2.3:a:squid-cache:squid:3.2.1:::::::*
cpe:2.3:a:squid-cache:squid:3.2.2:::::::*
cpe:2.3:a:squid-cache:squid:3.2.3:::::::*
cpe:2.3:a:squid-cache:squid:3.2.4:::::::*
cpe:2.3:a:squid-cache:squid:3.2.5:::::::*
cpe:2.3:a:squid-cache:squid:3.2.6:::::::*
cpe:2.3:a:squid-cache:squid:3.2.7:::::::*
cpe:2.3:a:squid-cache:squid:3.2.8:::::::*
cpe:2.3:a:squid-cache:squid:3.2.9:::::::*
cpe:2.3:a:squid-cache:squid:3.2.10:::::::*
cpe:2.3:a:squid-cache:squid:3.2.11:::::::*
cpe:2.3:a:squid-cache:squid:3.2.12:::::::*
cpe:2.3:a:squid-cache:squid:3.3.0:::::::*
cpe:2.3:a:squid-cache:squid:3.3.0.2:::::::*
cpe:2.3:a:squid-cache:squid:3.3.0.3:::::::*
cpe:2.3:a:squid-cache:squid:3.3.1:::::::*
cpe:2.3:a:squid-cache:squid:3.3.2:::::::*
cpe:2.3:a:squid-cache:squid:3.3.3:::::::*
cpe:2.3:a:squid-cache:squid:3.3.4:::::::*
cpe:2.3:a:squid-cache:squid:3.3.5:::::::*
cpe:2.3:a:squid-cache:squid:3.3.6:::::::*
cpe:2.3:a:squid-cache:squid:3.3.7:::::::*
cpe:2.3:a:squid-cache:squid:3.3.8:::::::*
cpe:2.3:a:squid-cache:squid:3.3.9:::::::*
cpe:2.3:a:squid-cache:squid:3.3.10:::::::*
cpe:2.3:a:squid-cache:squid:3.3.11:::::::*
cpe:2.3:a:squid-cache:squid:3.3.12:::::::*
cpe:2.3:a:squid-cache:squid:3.4.0.1:::::::*
cpe:2.3:a:squid-cache:squid:3.4.0.2:::::::*
cpe:2.3:a:squid-cache:squid:3.4.0.3:::::::*
cpe:2.3:a:squid-cache:squid:3.4.1:::::::*
cpe:2.3:a:squid-cache:squid:3.4.2:::::::*
cpe:2.3:a:squid-cache:squid:3.4.3:::::::*
cpe:2.3:a:squid-cache:squid:3.4.4:::::::*
cpe:2.3:a:squid-cache:squid:3.4.5:::::::*
cpe:2.3:a:squid-cache:squid:3.4.6:::::::*
cpe:2.3:a:squid-cache:squid:3.4.7:::::::*

Configuration 2 [-]

cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html
http://seclists.org/oss-sec/2014/q3/542
http://seclists.org/oss-sec/2014/q3/550
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
http://www.securityfocus.com/bid/69686
http://www.squid-cache.org/Advisories/SQUID-2014_3.txt
http://www.ubuntu.com/usn/USN-2921-1
https://bugzilla.novell.com/show_bug.cgi?id=895773
https://bugzilla.redhat.com/show_bug.cgi?id=1139967
https://exchange.xforce.ibmcloud.com/vulnerabilities/95873
https://nvd.nist.gov/vuln/detail/CVE-2014-6270
https://security.gentoo.org/glsa/201607-01
https://www.cve.org/CVERecord?id=CVE-2014-6270

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-09-12T14:00:00

Updated: 2024-08-06T12:10:13.341Z

Reserved: 2014-09-09T00:00:00

Link: CVE-2014-6270

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-09-12T14:55:07.907

Modified: 2017-09-08T01:29:13.510

Link: CVE-2014-6270

Redhat

Severity : Moderate

Publid Date: 2014-09-09T00:00:00Z

Links: CVE-2014-6270 - Bugzilla

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object