CVE-2016-2569

Опубликовано: 24 фев. 2016

Источник: redhat

CVSS2: 5

Описание

Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.

Incorrect boundary checks were found in the way squid handled headers in HTTP responses, which could lead to an assertion failure. A malicious HTTP server could use this flaw to crash squid using a specially crafted HTTP response.

Отчет

Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	squid	Will not fix
Red Hat Enterprise Linux 6	squid	Will not fix
Red Hat Enterprise Linux 6	squid34	Will not fix
Red Hat Enterprise Linux 7	squid	Fixed	RHSA-2016:2600	03.11.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-617

https://bugzilla.redhat.com/show_bug.cgi?id=1312257squid: some code paths fail to check bounds in string object

5 Medium

CVSS2

Связанные уязвимости

CVE-2016-2569

CVSS3: 7.5

ubuntu

почти 10 лет назад

CVE-2016-2569

CVSS3: 7.5

nvd

почти 10 лет назад

CVE-2016-2569

CVSS3: 7.5

debian

почти 10 лет назад

Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append ...

GHSA-6gm6-3v5f-xfhg

CVSS3: 7.5

github

больше 3 лет назад

BDU:2016-00733

fstec

почти 10 лет назад

Уязвимость прокси-сервера Squid, позволяющая нарушителю вызвать отказ в обслуживании

5 Medium

CVSS2