CVE-2014-6270

Description

Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow.

How to fix CVE-2014-6270

To remediate CVE-2014-6270, upgrade the affected package to a fixed version below.

• Debian/squid—upgrade to 4.1-1 or later

Is CVE-2014-6270 being exploited?

Moderate — EPSS is 18.2%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 4.1-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2014-6270