Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-2570

Опубликовано: 24 фев. 2016
Источник: redhat
CVSS2: 5
EPSS Средний

Описание

The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.

Incorrect boundary checks were found in the way squid handled headers in HTTP responses, which could lead to an assertion failure. A malicious HTTP server could use this flaw to crash squid using a specially crafted HTTP response.

Отчет

Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5squidWill not fix
Red Hat Enterprise Linux 6squidWill not fix
Red Hat Enterprise Linux 6squid34Will not fix
Red Hat Enterprise Linux 7squidFixedRHSA-2016:260003.11.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-617
https://bugzilla.redhat.com/show_bug.cgi?id=1312257squid: some code paths fail to check bounds in string object

EPSS

Процентиль: 93%
0.10072
Средний

5 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-2570

CVSS3: 7.5
ubuntu
почти 10 лет назад

The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.

nvd логотип

CVE-2016-2570

CVSS3: 7.5
nvd
почти 10 лет назад

The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.

debian логотип

CVE-2016-2570

CVSS3: 7.5
debian
почти 10 лет назад

The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x ...

github логотип

GHSA-xwvc-2x67-786x

CVSS3: 7.5
github
больше 3 лет назад

The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.

fstec логотип

BDU:2016-00732

fstec
почти 10 лет назад

Уязвимость прокси-сервера Squid, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 93%
0.10072
Средний

5 Medium

CVSS2