CVE-2016-2569

Опубликовано: 24 фев. 2016

Источник: redhat

CVSS2: 5

EPSS Средний

Описание

Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.

Incorrect boundary checks were found in the way squid handled headers in HTTP responses, which could lead to an assertion failure. A malicious HTTP server could use this flaw to crash squid using a specially crafted HTTP response.

Отчет

Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	squid	Will not fix
Red Hat Enterprise Linux 6	squid	Will not fix
Red Hat Enterprise Linux 6	squid34	Will not fix
Red Hat Enterprise Linux 7	squid	Fixed	RHSA-2016:2600	03.11.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-617

https://bugzilla.redhat.com/show_bug.cgi?id=1312257squid: some code paths fail to check bounds in string object

EPSS

Процентиль: 98%

0.65757

Средний

5 Medium

CVSS2

Связанные уязвимости

CVE-2016-2569

CVSS3: 7.5

ubuntu

больше 9 лет назад

CVE-2016-2569

CVSS3: 7.5

nvd

больше 9 лет назад

CVE-2016-2569

CVSS3: 7.5

debian

больше 9 лет назад

Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append ...

GHSA-6gm6-3v5f-xfhg

CVSS3: 7.5

github

больше 3 лет назад

BDU:2016-00733

fstec

больше 9 лет назад

Уязвимость прокси-сервера Squid, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 98%

0.65757

Средний

5 Medium

CVSS2