Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2016-2570

Опубликовано: 27 фев. 2016
Источник: debian

Описание

The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
squid3fixed3.5.15-1package
squid3no-dsawheezypackage
squidnot-affectedpackage

Примечания

  • http://www.squid-cache.org/Advisories/SQUID-2016_2.txt

  • http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13993.patch

  • http://bugs.squid-cache.org/show_bug.cgi?id=3870

  • http://www.squid-cache.org/Versions/v4/changesets/squid-4-14549.patch

  • Upstream confirmed it does not affect squid 2.7.x

  • It's maybe too instrusive to fix in 3.1 (squeeze and wheezy).

Связанные уязвимости

ubuntu логотип

CVE-2016-2570

CVSS3: 7.5
ubuntu
почти 10 лет назад

The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.

redhat логотип

CVE-2016-2570

redhat
почти 10 лет назад

The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.

nvd логотип

CVE-2016-2570

CVSS3: 7.5
nvd
почти 10 лет назад

The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.

github логотип

GHSA-xwvc-2x67-786x

CVSS3: 7.5
github
больше 3 лет назад

The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.

fstec логотип

BDU:2016-00732

fstec
почти 10 лет назад

Уязвимость прокси-сервера Squid, позволяющая нарушителю вызвать отказ в обслуживании