CVE-2016-4054

Опубликовано: 25 апр. 2016

Источник: debian

EPSS Средний

Описание

Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
squid3	fixed	3.5.17-1		package
squid	not-affected			package

Примечания

http://www.squid-cache.org/Advisories/SQUID-2016_6.txt
http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11841.patch (Squid 3.2)
http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12697.patch (Squid 3.3)
http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13235.patch (Squid 3.4)
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14034.patch (Squid 3.5)

EPSS

Процентиль: 98%

0.6095

Средний

Связанные уязвимости

CVE-2016-4054

CVSS3: 8.1

ubuntu

больше 9 лет назад

Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses.

CVE-2016-4054

redhat

больше 9 лет назад

Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses.

CVE-2016-4054

CVSS3: 8.1

nvd

больше 9 лет назад

Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses.

GHSA-4qf5-r4mp-pqp5

CVSS3: 8.1

github

больше 3 лет назад

Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses.

ELSA-2016-1138

oracle-oval

больше 9 лет назад

ELSA-2016-1138: squid security update (MODERATE)

EPSS

Процентиль: 98%

0.6095

Средний