Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Squid has issues in ICP message handling
Vulnerability Description
Squid is a caching proxy for the Web. Prior to version 7.5, due to improper input validation, Squid is vulnerable to out of bounds read when handling ICP traffic. This problem allows a remote attacker to receive small amounts of memory potentially containing sensitive information when responding with errors to invalid ICP requests. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero `icp_port`). This problem cannot be mitigated by denying ICP queries using `icp_access` rules. Version 7.5 contains a patch.
CVSS Information
N/A
Vulnerability Type
跨界内存读
Vulnerability Title
Squid 安全漏洞
Vulnerability Description
Squid是Squid开源的一套代理服务器和Web缓存服务器软件。该软件提供缓存万维网、过滤流量、代理上网等功能。 Squid 7.5之前版本存在安全漏洞,该漏洞源于输入验证不当,可能导致处理ICP流量时发生越界读取。
CVSS Information
N/A
Vulnerability Type
N/A