Описание
The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:squid-cache:squid:3.0:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.0:-:pre1:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.0:-:pre2:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.0:-:pre3:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.0:-:pre4:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.0:-:pre5:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.0:-:pre6:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.0:-:pre7:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.0:rc4:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.0.stable1:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.0.stable2:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.0.stable3:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.0.stable4:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.0.stable5:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.0.stable6:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.0.stable7:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.0.stable8:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.0.stable9:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.0.stable10:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.0.stable11:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.0.stable11:rc1:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.0.stable12:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.0.stable13:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.0.stable14:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.0.stable15:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.0.stable16:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.0.stable16:rc1:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.0.stable17:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.0.stable18:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.0.stable19:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.0.stable20:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.0.stable21:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.0.stable22:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.0.stable23:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.0.stable24:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.0.stable25:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.1:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.1.0.9:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.1.0.10:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.1.0.11:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.1.0.12:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.1.0.13:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.1.0.14:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.1.0.15:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.1.0.16:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.1.0.17:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.1.0.18:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.1.3:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.1.4:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.1.5:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.1.6:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.1.7:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.1.8:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.1.9:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.1.10:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.1.11:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.1.12:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.1.13:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.1.14:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.1.15:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.2.0.12:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.2.0.13:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.2.0.14:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.2.0.15:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.2.0.16:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.2.0.17:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.2.0.18:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.2.0.19:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.2.5:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.2.6:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.2.7:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.2.8:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.2.9:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.2.10:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.2.11:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.2.12:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.2.13:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.3.0:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.3.3:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.3.4:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.3.5:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.3.6:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.3.7:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.3.8:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.3.9:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.3.10:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.3.11:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.3.12:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.3.13:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.4.1:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.4.2:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.4.3:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.4.4:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.4.8:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.4.9:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.4.10:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.4.11:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.4.12:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.4.13:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.6:*:*:*:*:*:*:*
EPSS
Процентиль: 90%
0.05822
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
CVSS3: 7.5
ubuntu
больше 9 лет назад
The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.
redhat
больше 9 лет назад
The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.
CVSS3: 7.5
debian
больше 9 лет назад
The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x ...
CVSS3: 7.5
github
больше 3 лет назад
The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.
fstec
больше 9 лет назад
Уязвимость прокси-сервера Squid, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
Процентиль: 90%
0.05822
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-20