Unrated severityNVD Advisory· Published Feb 4, 2020· Updated Aug 4, 2024
CVE-2020-8449
CVE-2020-8449
Description
An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
24- Squid/Squiddescription
- osv-coords22 versionspkg:rpm/almalinux/libecappkg:rpm/almalinux/libecap-develpkg:rpm/opensuse/squid&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/squid&distro=openSUSE%20Tumbleweedpkg:rpm/suse/squid3&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/squid3&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/squid&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/squid&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP1pkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/squid&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/squid&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/squid&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208
< 1.0.1-2.module_el8.6.0+2741+01592ae8+ 21 more
- (no CPE)range: < 1.0.1-2.module_el8.6.0+2741+01592ae8
- (no CPE)range: < 1.0.1-2.module_el8.6.0+2741+01592ae8
- (no CPE)range: < 4.10-lp151.2.11.1
- (no CPE)range: < 4.16-1.5
- (no CPE)range: < 3.1.23-8.16.37.12.1
- (no CPE)range: < 3.1.23-8.16.37.12.1
- (no CPE)range: < 3.5.21-26.20.1
- (no CPE)range: < 3.5.21-26.20.1
- (no CPE)range: < 4.10-5.14.1
- (no CPE)range: < 3.5.21-26.20.1
- (no CPE)range: < 3.5.21-26.20.1
- (no CPE)range: < 3.5.21-26.20.1
- (no CPE)range: < 3.5.21-26.20.1
- (no CPE)range: < 3.5.21-26.20.1
- (no CPE)range: < 4.10-4.6.1
- (no CPE)range: < 3.5.21-26.20.1
- (no CPE)range: < 3.5.21-26.20.1
- (no CPE)range: < 3.5.21-26.20.1
- (no CPE)range: < 4.10-4.6.1
- (no CPE)range: < 3.5.21-26.20.1
- (no CPE)range: < 3.5.21-26.20.1
- (no CPE)range: < 3.5.21-26.20.1
Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
15- lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/mitrevendor-advisoryx_refsource_FEDORA
- security.gentoo.org/glsa/202003-34mitrevendor-advisoryx_refsource_GENTOO
- usn.ubuntu.com/4289-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2020/dsa-4682mitrevendor-advisoryx_refsource_DEBIAN
- www.squid-cache.org/Advisories/SQUID-2020_1.txtmitrex_refsource_MISC
- www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patchmitrex_refsource_MISC
- www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patchmitrex_refsource_MISC
- www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patchmitrex_refsource_MISC
- www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patchmitrex_refsource_MISC
- www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patchmitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2020/07/msg00009.htmlmitremailing-listx_refsource_MLIST
- security.netapp.com/advisory/ntap-20210304-0002/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.