{"api_version":"1","generated_at":"2026-04-23T04:33:31+00:00","cve":"CVE-2020-8517","urls":{"html":"https://cve.report/CVE-2020-8517","api":"https://cve.report/api/cve/CVE-2020-8517.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-8517","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-8517"},"summary":{"title":"CVE-2020-8517","description":"An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating and a denial of service for all clients using the proxy.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2020-02-04 20:15:00","updated_at":"2021-07-21 11:39:00"},"problem_types":["CWE-20","CWE-787"],"metrics":[],"references":[{"url":"https://security.netapp.com/advisory/ntap-20210304-0002/","name":"https://security.netapp.com/advisory/ntap-20210304-0002/","refsource":"CONFIRM","tags":["Third Party Advisory"],"title":"February 2020 Squid Vulnerabilities in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html","name":"openSUSE-SU-2020:0623","refsource":"SUSE","tags":["Mailing List","Third Party Advisory"],"title":"[security-announce] openSUSE-SU-2020:0623-1: important: Security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/202003-34","name":"GLSA-202003-34","refsource":"GENTOO","tags":["Third Party Advisory"],"title":"Squid: Multiple vulnerabilities (GLSA 202003-34) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.squid-cache.org/Advisories/SQUID-2020_3.txt","name":"http://www.squid-cache.org/Advisories/SQUID-2020_3.txt","refsource":"MISC","tags":["Vendor Advisory"],"title":"","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/4289-1/","name":"USN-4289-1","refsource":"UBUNTU","tags":["Third Party Advisory"],"title":"USN-4289-1: Squid vulnerabilities | Ubuntu security notices | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html","name":"openSUSE-SU-2020:0307","refsource":"SUSE","tags":["Mailing List","Third Party Advisory"],"title":"[security-announce] openSUSE-SU-2020:0307-1: moderate: Security update f","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.squid-cache.org/Versions/v4/changesets/squid-4-6982f1187a26557e582172965e266f544ea562a5.patch","name":"http://www.squid-cache.org/Versions/v4/changesets/squid-4-6982f1187a26557e582172965e266f544ea562a5.patch","refsource":"MISC","tags":["Patch","Vendor Advisory"],"title":"","mime":"text/x-diff","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html","name":"openSUSE-SU-2020:0606","refsource":"SUSE","tags":["Mailing List","Third Party Advisory"],"title":"[security-announce] openSUSE-SU-2020:0606-1: moderate: Security update f","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-8517","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8517","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"8517","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"16.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"8517","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"18.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"8517","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"19.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"8517","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"16.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"8517","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"18.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"8517","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"19.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"8517","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"opensuse","cpe5":"leap","cpe6":"15.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"8517","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"opensuse","cpe5":"leap","cpe6":"15.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"8517","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"squid-cache","cpe5":"squid","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"8517","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"squid-cache","cpe5":"squid","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-8517","qid":"296075","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 21.69.0 Missing (CPUAPR2020)"},{"cve":"CVE-2020-8517","qid":"355323","title":"Amazon Linux Security Advisory for squid : ALAS2-2023-2062"},{"cve":"CVE-2020-8517","qid":"355430","title":"Amazon Linux Security Advisory for squid : ALAS-2023-1766"},{"cve":"CVE-2020-8517","qid":"500658","title":"Alpine Linux Security Update for squid"},{"cve":"CVE-2020-8517","qid":"504427","title":"Alpine Linux Security Update for squid"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2020-8517","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating and a denial of service for all clients using the proxy."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"http://www.squid-cache.org/Advisories/SQUID-2020_3.txt","refsource":"MISC","name":"http://www.squid-cache.org/Advisories/SQUID-2020_3.txt"},{"url":"http://www.squid-cache.org/Versions/v4/changesets/squid-4-6982f1187a26557e582172965e266f544ea562a5.patch","refsource":"MISC","name":"http://www.squid-cache.org/Versions/v4/changesets/squid-4-6982f1187a26557e582172965e266f544ea562a5.patch"},{"refsource":"UBUNTU","name":"USN-4289-1","url":"https://usn.ubuntu.com/4289-1/"},{"refsource":"SUSE","name":"openSUSE-SU-2020:0307","url":"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html"},{"refsource":"GENTOO","name":"GLSA-202003-34","url":"https://security.gentoo.org/glsa/202003-34"},{"refsource":"SUSE","name":"openSUSE-SU-2020:0606","url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html"},{"refsource":"SUSE","name":"openSUSE-SU-2020:0623","url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20210304-0002/","url":"https://security.netapp.com/advisory/ntap-20210304-0002/"}]}},"nvd":{"publishedDate":"2020-02-04 20:15:00","lastModifiedDate":"2021-07-21 11:39:00","problem_types":["CWE-20","CWE-787"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*","versionEndExcluding":"4.10","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"8517","Ordinal":"168856","Title":"CVE-2020-8517","CVE":"CVE-2020-8517","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"8517","Ordinal":"1","NoteData":"An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating and a denial of service for all clients using the proxy.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"8517","Ordinal":"2","NoteData":"2020-02-04","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"8517","Ordinal":"3","NoteData":"2021-03-04","Type":"Other","Title":"Modified"}]}}}