#VU25017 Input validation error in Squid - CVE-2020-8449

Vulnerability identifier: #VU25017

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-8449

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Squid
Server applications / IDS/IPS systems, Firewalls and proxy servers

Vendor: Squid-cache.org

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input when processing HTTP requests. A remote attacker can send a specially crafted HTTP request, bypass configured security filters and gain access to certain server resources.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Squid: 2.0.release - 2.0.patch2, 2.1.release - 2.1.pre4, 2.2.stable1 - 2.2.pre2, 2.3.stable1 - 2.3.devel3, 2.4.stable1 - 2.4_9, 2.5.stable1 - 2.5.9, 2.6.stable1 - 2.6.stable6, 2.7.stable1 - 2.7.STABLE9, 3.0.stable1 - 3.5.28, 4.0.1 - 4.9

---

External links
https://www.squid-cache.org/Advisories/SQUID-2020_1.txt
https://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch
https://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch
https://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch
https://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch
https://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.