[Secure-testing-team] Bug#760999: squid3: pinger remote DoS
Salvatore Bonaccorso
carnil at debian.org
Tue Sep 9 18:53:08 UTC 2014
Source: squid3
Version: 3.1.6-1.2
Severity: normal
Tags: security upstream patch
Hi
See [1] for a remote DoS reported by Sebastian Krahmer.
[1] https://bugzilla.novell.com/show_bug.cgi?id=891268
> The pinger code that checks for nodes being alive doesnt
> properly validate ICMP and ICMPv6 replies, in particular
> icmp6 types which are used to index into a string array.
> This could cause crashes when the index is OOB.
[...]
No CVE is assigned yet for this issue.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list