Vulnerability Change Records for CVE-2016-3947

Change History

Modified Analysis 4/11/2016 9:30:12 AM

Action Type Old Value New Value
Added CPE Configuration

								
							
							
						
Configuration 1
     OR
          *cpe:2.3:a:squid-cache:squid:4.0.6:*:*:*:*:*:*:*
          *cpe:2.3:a:squid-cache:squid:4.0.7:*:*:*:*:*:*:*
          *cpe:2.3:a:squid-cache:squid:4.0.5:*:*:*:*:*:*:*
          *cpe:2.3:a:squid-cache:squid:4.0.4:*:*:*:*:*:*:*
          *cpe:2.3:a:squid-cache:squid:4.0.3:*:*:*:*:*:*:*
          *cpe:2.3:a:squid-cache:squid:4.0.2:*:*:*:*:*:*:*
          *cpe:2.3:a:squid-cache:squid:4.0.1:*:*:*:*:*:*:*
          *cpe:2.3:a:squid-cache:squid:3.5.15:*:*:*:*:*:*:* (and previous)
Added CVSS V2

								
							
							
						
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Added CVSS V3

								
							
							
						
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Added CWE

								
							
							
						
CWE-119
Changed Reference Type
http://www.squid-cache.org/Advisories/SQUID-2016_3.txt No Types Assigned
http://www.squid-cache.org/Advisories/SQUID-2016_3.txt Advisory
Changed Reference Type
http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10495.patch No Types Assigned
http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10495.patch Patch
Changed Reference Type
http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11839.patch No Types Assigned
http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11839.patch Advisory, Patch, US Govt Resource
Changed Reference Type
http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12694.patch No Types Assigned
http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12694.patch Patch
Changed Reference Type
http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13232.patch No Types Assigned
http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13232.patch Patch
Changed Reference Type
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14015.patch No Types Assigned
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14015.patch Patch

CVE Modified by MITRE 11/28/2016 3:14:19 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html [No Types Assigned]
Added Reference

								
							
							
						
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html [No Types Assigned]
Added Reference

								
							
							
						
http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html [No Types Assigned]
Added Reference

								
							
							
						
https://security.gentoo.org/glsa/201607-01 [No Types Assigned]

CVE Modified by Source 6/20/2016 9:59:42 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://www.ubuntu.com/usn/USN-2995-1

CVE Modified by Source 6/16/2016 10:4:36 PM

Action Type Old Value New Value
Changed Description
Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 packet.
Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 packet.

Initial CVE Analysis 4/08/2016 12:36:26 PM

Action Type Old Value New Value

CVE Translated 6/17/2016 7:45:01 AM

Action Type Old Value New Value
Added Translation

								
							
							
						
Desbordamiento de buffer basado en memoria dinámica en la función Icmp6::Recv en icmp/Icmp6.cc en la utilidad pinger en Squid en versiones anteriores a 3.5.16 y 4.x en versiones anteriores a 4.0.8 permite a servidores remotos provocar una denegación de servicio (degradación de rendimiento o fallos de transición) o escribir información sensible en archivos de registro a través de un paquete ICMPv6.
Removed Translation
Desbordamiento de buffer basado en memoria dinámica en la función Icmp6::Recv en icmp/Icmp6.cc en el pinger en Squid en versiones anteriores a 3.5.16 y 4.x en versiones anteriores a 4.0.8 permite a servidores remotos provocar una denegación de servicio (degradación de rendimiento o fallos de transición) o escribir información sensible en archivos de registro a través de un paquete ICMPv6.