Launchpad CVE tracker

CVE 2014-6270

Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow.

Related bugs and status

CVE-2014-6270 (Candidate) is related to these bugs:

Bug #1473691: [FFe] squid: Update to latest upstream release (3.5)

Summary				In	Importance	Status
	1473691	[FFe] squid: Update to latest upstream release (3.5)		squid3 (Ubuntu)	Critical	Fix Released

Bug #1547640: proxy tries ipv6 and gets 503 when no ipv6 routes

		In	Importance	Status
1547640	proxy tries ipv6 and gets 503 when no ipv6 routes	squid3 (Ubuntu)	High	Fix Released
1547640	proxy tries ipv6 and gets 503 when no ipv6 routes	squid3 (Ubuntu Trusty)	High	Fix Released
1547640	proxy tries ipv6 and gets 503 when no ipv6 routes	squid3 (Ubuntu Xenial)	High	Fix Released
1547640	proxy tries ipv6 and gets 503 when no ipv6 routes	squid3 (Ubuntu Wily)	Medium	Fix Released
1547640	proxy tries ipv6 and gets 503 when no ipv6 routes	squid3 (Ubuntu Precise)	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2014-6270

References