Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 536276 - <net-proxy/squid-3.5.10: Heap-based buffer overflow vulnerability (CVE-2014-6270)
Summary: <net-proxy/squid-3.5.10: Heap-based buffer overflow vulnerability (CVE-2014-6...
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: B2 [glsa cve]
Depends on:
Reported: 2015-01-11 02:17 UTC by GLSAMaker/CVETool Bot
Modified: 2016-07-09 01:51 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2015-01-11 02:17:26 UTC
CVE-2014-6270 (
  Off-by-one error in the snmpHandleUdp function in in Squid 2.x
  and 3.x, when an SNMP port is configured, allows remote attackers to cause a
  denial of service (crash) or possibly execute arbitrary code via a crafted
  UDP SNMP request, which triggers a heap-based buffer overflow.
Comment 1 Aaron Bauman (RETIRED) gentoo-dev 2016-04-05 07:35:26 UTC
Original Advisory:

Upstream commits fixing the issue:

The issue was fixed in >=net-proxy/squid-3.4.8.

Assigned to existing GLSA.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2016-07-09 01:51:57 UTC
This issue was resolved and addressed in
 GLSA 201607-01 at
by GLSA coordinator Aaron Bauman (b-man).