Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2016-2569

Опубликовано: 27 фев. 2016
Источник: debian
EPSS Средний

Описание

Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
squid3fixed3.5.15-1package
squid3no-dsawheezypackage
squidnot-affectedpackage

Примечания

  • http://www.squid-cache.org/Advisories/SQUID-2016_2.txt

  • http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13991.patch

  • http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13998.patch

  • http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13999.patch

  • http://www.squid-cache.org/Versions/v4/changesets/squid-4-14552.patch

  • Upstream confirmed it does not affect squid 2.7.x

EPSS

Процентиль: 98%
0.65757
Средний

Связанные уязвимости

ubuntu логотип

CVE-2016-2569

CVSS3: 7.5
ubuntu
больше 9 лет назад

Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.

redhat логотип

CVE-2016-2569

redhat
больше 9 лет назад

Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.

nvd логотип

CVE-2016-2569

CVSS3: 7.5
nvd
больше 9 лет назад

Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.

github логотип

GHSA-6gm6-3v5f-xfhg

CVSS3: 7.5
github
больше 3 лет назад

Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.

fstec логотип

BDU:2016-00733

fstec
больше 9 лет назад

Уязвимость прокси-сервера Squid, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 98%
0.65757
Средний
Уязвимость CVE-2016-2569