CVE-2018-1172

Опубликовано: 16 мая 2018

Источник: ubuntu

Приоритет: low

CVSS2: 4.3

CVSS3: 5.9

Описание

This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCheck(). A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition to users of the system. Was ZDI-CAN-6088.

Релиз	Статус	Примечание
artful	ignored	end of life
bionic	not-affected	not built with --with-openssl
cosmic	DNE
devel	DNE
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was not-affected [not built with --with-openssl]]
esm-infra/bionic	not-affected	not built with --with-openssl
esm-infra/xenial	not-affected	not built with --with-openssl
precise/esm	not-affected	not built with --with-openssl
trusty	not-affected	not built with --with-openssl
trusty/esm	DNE	trusty was not-affected [not built with --with-openssl]

Показывать по

Ссылки на источники

4.3 Medium

CVSS2

5.9 Medium

CVSS3

Связанные уязвимости

CVE-2018-1172

CVSS3: 5.9

redhat

почти 8 лет назад

CVE-2018-1172

CVSS3: 5.9

nvd

больше 7 лет назад

CVE-2018-1172

CVSS3: 5.9

debian

больше 7 лет назад

This vulnerability allows remote attackers to deny service on vulnerab ...

openSUSE-SU-2018:1135-1

suse-cvrf

почти 8 лет назад

Security update for squid

SUSE-SU-2018:1365-1

suse-cvrf

больше 7 лет назад

Security update for squid3

4.3 Medium

CVSS2

5.9 Medium

CVSS3

CVE-2018-1172

Описание

Пакет squid3

Ссылки на источники

Связанные уязвимости