Описание
Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 3.5.23-5ubuntu1 |
| devel | not-affected | 3.5.23-5ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was ignored] |
| esm-infra/xenial | released | 3.5.12-1ubuntu7.5 |
| precise | ignored | |
| precise/esm | ignored | |
| trusty | ignored | |
| trusty/esm | DNE | trusty was ignored |
| upstream | released | 3.5.15, 4.0.7 |
| vivid/stable-phone-overlay | DNE |
Показывать по
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.
Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.
Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append ...
Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.
Уязвимость прокси-сервера Squid, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5 Medium
CVSS2
7.5 High
CVSS3