Strix
26.1K

CVE-2014-6270

UnknownEPSS 23.32%

Last modified

CVE-2014-6270 is a vulnerability of currently unknown severity. Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow.. EPSS estimates a 23.32% chance of exploitation in the next 30 days.

Description

Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow.

Metrics

EPSS Probability
23.32%

97.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
Squid-CacheSquid2.4.stable1
Squid-CacheSquid2.4.stable2
Squid-CacheSquid2.4.stable3
Squid-CacheSquid2.4.stable4
Squid-CacheSquid2.4.stable5
Squid-CacheSquid2.4.stable6
Squid-CacheSquid2.4.stable7
Squid-CacheSquid2.5.stable1
Squid-CacheSquid2.5.stable2
Squid-CacheSquid2.5.stable3
Squid-CacheSquid2.5.stable4
Squid-CacheSquid2.5.stable5
Squid-CacheSquid2.5.stable6
Squid-CacheSquid2.5.stable7
Squid-CacheSquid2.5.stable8
Squid-CacheSquid2.5.stable9
Squid-CacheSquid2.5.stable10
Squid-CacheSquid2.5.stable11
Squid-CacheSquid2.5.stable12
Squid-CacheSquid2.5.stable13
Squid-CacheSquid2.5.stable14
Squid-CacheSquid2.6.stable1
Squid-CacheSquid2.6.stable2
Squid-CacheSquid2.6.stable3
Squid-CacheSquid2.6.stable4
Squid-CacheSquid2.6.stable5
Squid-CacheSquid2.6.stable6
Squid-CacheSquid2.6.stable7
Squid-CacheSquid2.6.stable8
Squid-CacheSquid2.6.stable9
Squid-CacheSquid2.6.stable10
Squid-CacheSquid2.6.stable11
Squid-CacheSquid2.6.stable12
Squid-CacheSquid2.6.stable13
Squid-CacheSquid2.6.stable14
Squid-CacheSquid2.6.stable15
Squid-CacheSquid2.6.stable16
Squid-CacheSquid2.6.stable17
Squid-CacheSquid2.6.stable18
Squid-CacheSquid2.6.stable19
Squid-CacheSquid2.6.stable20
Squid-CacheSquid2.6.stable21
Squid-CacheSquid2.6.stable22
Squid-CacheSquid2.6.stable23
Squid-CacheSquid2.7.stable1
Squid-CacheSquid2.7.stable2
Squid-CacheSquid2.7.stable3
Squid-CacheSquid2.7.stable4
Squid-CacheSquid2.7.stable5
Squid-CacheSquid2.7.stable6

Showing 50 of 171 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2014-6270?
Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow.
How severe is CVE-2014-6270?
Severity scoring for CVE-2014-6270 is pending analysis. The EPSS model estimates a 23.32% probability of exploitation in the next 30 days.
How do I fix CVE-2014-6270?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2014-6270?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST