Published: 09/02/2018 Updated: 03/10/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax.. This vulnerability appears to have been fixed in 4.0.23 and later.

Vulnerable Product	Search on Vulmon	Subscribe to Product
squid-cache squid
debian debian linux 9.0
debian debian linux 8.0
debian debian linux 7.0
canonical ubuntu linux 14.04
canonical ubuntu linux 16.04
canonical ubuntu linux 17.10

Synopsis Moderate: squid security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for squid is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base s ...

Several vulnerabilities have been discovered in Squid3, a fully featured web proxy cache The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2018-1000024 Louis Dion-Marcil discovered that Squid does not properly handle processing of certain ESI responses A remote server delivering certain ESI respons ...

Several security issues were fixed in Squid ...

USN-3557-1 introduced a regression in Squid ...

Debian Bug report logs - #888719 squid3: CVE-2018-1000024: SQUID-2018:1 Denial of Service issue in ESI Response processing Package: src:squid3; Maintainer for src:squid3 is Luigi Gangitano <luigi@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 29 Jan 2018 05:57:01 UTC Severity: important ...

Debian Bug report logs - #888720 squid3: CVE-2018-1000027: SQUID-2018:2 Denial of Service issue in HTTP Message processing Package: src:squid3; Maintainer for src:squid3 is Luigi Gangitano <luigi@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 29 Jan 2018 05:57:04 UTC Severity: important ...

The Squid Software Foundation Squid HTTP Caching Proxy contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP r ...

The Squid Software Foundation Squid HTTP Caching Proxy version 30 to 3527, 40 to 4022 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid bu ...

NVD-CWE-noinfo http://www.squid-cache.org/Versions/http://www.squid-cache.org/Advisories/SQUID-2018_1.txt https://lists.debian.org/debian-lts-announce/2018/02/msg00001.html https://www.debian.org/security/2018/dsa-4122 https://usn.ubuntu.com/3557-1/https://usn.ubuntu.com/4059-2/https://access.redhat.com/errata/RHSA-2020:1068 https://www.debian.org/security/./dsa-4122 https://nvd.nist.gov https://usn.ubuntu.com/4059-2/https://usn.ubuntu.com/3557-1/

Get Started

CVE-2018-1000024

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect