Wiz
Vulnerability DatabaseCVE-2020-4082

CVE-2020-4082
NixOS vulnerability analysis and mitigation

Overview

A security update was released for Squid, a high-performance proxy caching server for web clients. The update addresses multiple vulnerabilities discovered in 2020, including HTTP Request Smuggling, HTTP Request Splitting, and Information Disclosure issues (Red Hat Advisory).

Technical details

The vulnerability affects Squid version 3.5.20 and includes multiple security issues: HTTP Request Smuggling (CVE-2020-15810), HTTP Request Splitting (CVE-2020-15811), Information Disclosure in FTP Gateway (CVE-2019-12528), Improper input validation in HTTP Request processing (CVE-2020-8449), Buffer overflow in reverse-proxy configurations (CVE-2020-8450), Request smuggling and poisoning attack against the HTTP cache (CVE-2020-15049), and Improper input validation leading to DoS (CVE-2020-24606) (Red Hat Advisory).

Impact

The vulnerabilities could result in cache poisoning, information disclosure, buffer overflow in reverse-proxy configurations, and denial of service conditions (Red Hat Advisory).

Mitigation and workarounds

Red Hat has released security updates to address these vulnerabilities. After installing the update, the squid service will be restarted automatically. The fix is available through package update squid-3.5.20-17.el7_9.4 for affected systems (Red Hat Advisory).

Additional resources

SourceThis report was generated using AI

Related NixOS vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2026-22783HIGH8.1
  • NixOSNixOS
  • iris
NoYesJan 12, 2026
CVE-2026-0821MEDIUM6.9
  • NixOSNixOS
  • quickjs
NoNoJan 10, 2026
CVE-2025-68949MEDIUM5.3
  • NixOSNixOS
  • n8n
NoYesJan 13, 2026
CVE-2026-22784LOW2.3
  • NixOSNixOS
  • lychee
NoYesJan 12, 2026
CVE-2026-23497LOW1.3
  • NixOSNixOS
  • learning
NoYesJan 14, 2026

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo