605
VMScore

CVE-2016-4052

Published: 25/04/2016 Updated: 30/11/2016
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Multiple stack-based buffer overflows in Squid 3.x prior to 3.5.17 and 4.x prior to 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses.

Vulnerable Product Search on Vulmon Subscribe to Product

canonical ubuntu linux 12.04

canonical ubuntu linux 14.04

canonical ubuntu linux 15.10

canonical ubuntu linux 16.04

squid-cache squid 3.0

squid-cache squid 3.1

squid-cache squid 3.1.0.1

squid-cache squid 3.1.0.2

squid-cache squid 3.1.0.3

squid-cache squid 3.1.0.4

squid-cache squid 3.1.0.5

squid-cache squid 3.1.0.6

squid-cache squid 3.1.0.7

squid-cache squid 3.1.0.8

squid-cache squid 3.1.0.9

squid-cache squid 3.1.0.10

squid-cache squid 3.1.0.11

squid-cache squid 3.1.0.12

squid-cache squid 3.1.0.13

squid-cache squid 3.1.0.14

squid-cache squid 3.1.0.15

squid-cache squid 3.1.0.16

squid-cache squid 3.1.0.17

squid-cache squid 3.1.0.18

squid-cache squid 3.1.1

squid-cache squid 3.1.2

squid-cache squid 3.1.3

squid-cache squid 3.1.4

squid-cache squid 3.1.5

squid-cache squid 3.1.5.1

squid-cache squid 3.1.6

squid-cache squid 3.1.7

squid-cache squid 3.1.8

squid-cache squid 3.1.9

squid-cache squid 3.1.10

squid-cache squid 3.1.11

squid-cache squid 3.1.12

squid-cache squid 3.1.12.1

squid-cache squid 3.1.12.2

squid-cache squid 3.1.12.3

squid-cache squid 3.1.13

squid-cache squid 3.1.14

squid-cache squid 3.1.15

squid-cache squid 3.1.16

squid-cache squid 3.1.17

squid-cache squid 3.1.18

squid-cache squid 3.1.19

squid-cache squid 3.1.20

squid-cache squid 3.1.21

squid-cache squid 3.1.22

squid-cache squid 3.2.0.1

squid-cache squid 3.2.0.2

squid-cache squid 3.2.0.3

squid-cache squid 3.2.0.4

squid-cache squid 3.2.0.5

squid-cache squid 3.2.0.6

squid-cache squid 3.2.0.7

squid-cache squid 3.2.0.8

squid-cache squid 3.2.0.9

squid-cache squid 3.2.0.10

squid-cache squid 3.2.0.11

squid-cache squid 3.2.0.12

squid-cache squid 3.2.0.13

squid-cache squid 3.2.0.14

squid-cache squid 3.2.0.15

squid-cache squid 3.2.0.16

squid-cache squid 3.2.0.17

squid-cache squid 3.2.0.18

squid-cache squid 3.2.0.19

squid-cache squid 3.2.1

squid-cache squid 3.2.2

squid-cache squid 3.2.3

squid-cache squid 3.2.4

squid-cache squid 3.2.5

squid-cache squid 3.2.6

squid-cache squid 3.2.7

squid-cache squid 3.2.8

squid-cache squid 3.2.9

squid-cache squid 3.2.10

squid-cache squid 3.2.11

squid-cache squid 3.2.12

squid-cache squid 3.2.13

squid-cache squid 3.3.0

squid-cache squid 3.3.0.1

squid-cache squid 3.3.0.2

squid-cache squid 3.3.0.3

squid-cache squid 3.3.1

squid-cache squid 3.3.2

squid-cache squid 3.3.3

squid-cache squid 3.3.4

squid-cache squid 3.3.5

squid-cache squid 3.3.6

squid-cache squid 3.3.7

squid-cache squid 3.3.8

squid-cache squid 3.3.9

squid-cache squid 3.3.10

squid-cache squid 3.3.11

squid-cache squid 3.3.12

squid-cache squid 3.3.13

squid-cache squid 3.3.14

squid-cache squid 3.4.0.1

squid-cache squid 3.4.0.2

squid-cache squid 3.4.0.3

squid-cache squid 3.4.1

squid-cache squid 3.4.2

squid-cache squid 3.4.3

squid-cache squid 3.4.4

squid-cache squid 3.4.4.1

squid-cache squid 3.4.4.2

squid-cache squid 3.4.8

squid-cache squid 3.4.9

squid-cache squid 3.4.10

squid-cache squid 3.4.11

squid-cache squid 3.4.12

squid-cache squid 3.4.13

squid-cache squid 3.4.14

squid-cache squid 3.5.0.1

squid-cache squid 3.5.0.2

squid-cache squid 3.5.0.3

squid-cache squid 3.5.0.4

squid-cache squid 3.5.1

squid-cache squid 3.5.2

squid-cache squid 3.5.3

squid-cache squid 3.5.4

squid-cache squid 3.5.5

squid-cache squid 3.5.6

squid-cache squid 3.5.7

squid-cache squid 3.5.8

squid-cache squid 3.5.9

squid-cache squid 3.5.10

squid-cache squid 3.5.11

squid-cache squid 3.5.12

squid-cache squid 3.5.13

squid-cache squid 3.5.14

squid-cache squid 3.5.15

squid-cache squid 3.5.16

squid-cache squid 4.0.1

squid-cache squid 4.0.2

squid-cache squid 4.0.3

squid-cache squid 4.0.4

squid-cache squid 4.0.5

squid-cache squid 4.0.6

squid-cache squid 4.0.7

squid-cache squid 4.0.8

Vendor Advisories

Buffer overflow and input validation flaws were found in the way Squid processed ESI responses If Squid was used as a reverse proxy, or for TLS/HTTPS interception, a remote attacker able to control ESI components on an HTTP server could use these flaws to crash Squid, disclose parts of the stack memory, or possibly execute arbitrary code as the us ...
Several security issues were fixed in Squid ...
Several security issues have been discovered in the Squid caching proxy CVE-2016-4051: CESG and Yuriy M Kaminskiy discovered that Squid cachemgrcgi was vulnerable to a buffer overflow when processing remotely supplied inputs relayed through Squid CVE-2016-4052: CESG discovered that a buffer overflow made Squid vulnerable to a ...
A buffer overflow flaw was found in the way the Squid cachemgrcgi utility processed remotely relayed Squid input When the CGI interface utility is used, a remote attacker could possibly use this flaw to execute arbitrary code (CVE-2016-4051 ) Buffer overflow and input validation flaws were found in the way Squid processed ESI responses If Squid ...
Oracle Critical Patch Update Advisory - July 2016 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous C ...
Oracle Linux Bulletin - April 2016 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are release ...