CVE-2016-2569
published 2016-02-27CVE-2016-2569: Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service…
PriorityP348high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
31.41%
98.1th percentile
Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.
Affected
134 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Trigger vector is a crafted HTTP response from a remote server containing an oversized HTTP Vary header that exceeds the 64KB String object limit in Squid, causing an assertion failure and daemon exit. ↗
- →The vulnerability is in Squid's String object class which has a 64KB content limit; monitor for assertion failures in squid processes when handling HTTP responses with abnormally large headers. ↗
- →A malicious HTTP server (not client) triggers the crash; detection should focus on inbound HTTP responses to the proxy containing oversized header values, particularly the Vary header. ↗
- ·Affected versions are Squid 3.x before 3.5.15 and 4.x before 4.0.7; the vulnerability is not exploitable from arbitrary clients but requires a controlled or malicious upstream HTTP server. ↗
- ·CVE-2016-2570 is a related variant of the same root cause but is noted by upstream as not triggerable from outside a controlled CDN environment. ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5LOW
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Squid regression
vendor_ubuntu·2022-12-12·CVSS 7.5
[HIGH] Squid regression
Title: Squid regression
Summary: USN-3557-1 introduced a regression in Squid.
USN-3557-1 fixed vulnerabilities in Squid. This update introduced a regression
which could cause the cache log to be filled with many Vary loop messages. This
update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Mathias Fischer discovered that Squid incorrectly handled certain long
strings in headers. A malicious remote server could possibly cause Squid to
crash, resulting in a denial of service. This issue was only addressed in
Ubuntu 16.04 LTS. (CVE-2016-2569)
William Lima discovered that Squid incorrectly handled XML parsing when
processing Edge Side Includes (ESI). A malicious remote server could
possibly cause Squid to crash, resulting in a denial of service. This is
Ubuntu
Squid vulnerabilities
vendor_ubuntu·2018-02-05·CVSS 7.5
CVE-2016-2569 [HIGH] Squid vulnerabilities
Title: Squid vulnerabilities
Summary: Several security issues were fixed in Squid.
Mathias Fischer discovered that Squid incorrectly handled certain long
strings in headers. A malicious remote server could possibly cause Squid to
crash, resulting in a denial of service. This issue was only addressed in
Ubuntu 16.04 LTS. (CVE-2016-2569)
William Lima discovered that Squid incorrectly handled XML parsing when
processing Edge Side Includes (ESI). A malicious remote server could
possibly cause Squid to crash, resulting in a denial of service. This issue
was only addressed in Ubuntu 16.04 LTS. (CVE-2016-2570)
Alex Rousskov discovered that Squid incorrectly handled response-parsing
failures. A malicious remote server could possibly cause Squid to crash,
resulting in a denial of service. This
Red Hat
squid: some code paths fail to check bounds in string object
vendor_redhat·2016-02-24·CVSS 7.5
CVE-2016-2569 [HIGH] CWE-617 squid: some code paths fail to check bounds in string object
squid: some code paths fail to check bounds in string object
Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.
Incorrect boundary checks were found in the way squid handled headers in HTTP responses, which could lead to an assertion failure. A malicious HTTP server could use this flaw to crash squid using a specially crafted HTTP response.
Statement: Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates.
For additional information, refer to the Issue Severity Classification: https://access.r
Debian
CVE-2016-2569: squid - Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to St...
vendor_debian·2016·CVSS 7.5
CVE-2016-2569 [HIGH] CVE-2016-2569: squid - Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to St...
Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
OSV
squid3 regression
osv·2022-12-12·CVSS 7.5
[HIGH] squid3 regression
squid3 regression
USN-3557-1 fixed vulnerabilities in Squid. This update introduced a regression
which could cause the cache log to be filled with many Vary loop messages. This
update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Mathias Fischer discovered that Squid incorrectly handled certain long
strings in headers. A malicious remote server could possibly cause Squid to
crash, resulting in a denial of service. This issue was only addressed in
Ubuntu 16.04 LTS. (CVE-2016-2569)
William Lima discovered that Squid incorrectly handled XML parsing when
processing Edge Side Includes (ESI). A malicious remote server could
possibly cause Squid to crash, resulting in a denial of service. This issue
was only addressed in Ubuntu 16.04 LTS. (CVE-2016-2570)
GHSA
GHSA-6gm6-3v5f-xfhg: Squid 3
ghsa_unreviewed·2022-05-14
CVE-2016-2569 [HIGH] CWE-20 GHSA-6gm6-3v5f-xfhg: Squid 3
Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.
OSV
squid3 vulnerabilities
osv·2018-02-05·CVSS 7.5
CVE-2016-2569 [HIGH] squid3 vulnerabilities
squid3 vulnerabilities
Mathias Fischer discovered that Squid incorrectly handled certain long
strings in headers. A malicious remote server could possibly cause Squid to
crash, resulting in a denial of service. This issue was only addressed in
Ubuntu 16.04 LTS. (CVE-2016-2569)
William Lima discovered that Squid incorrectly handled XML parsing when
processing Edge Side Includes (ESI). A malicious remote server could
possibly cause Squid to crash, resulting in a denial of service. This issue
was only addressed in Ubuntu 16.04 LTS. (CVE-2016-2570)
Alex Rousskov discovered that Squid incorrectly handled response-parsing
failures. A malicious remote server could possibly cause Squid to crash,
resulting in a denial of service. This issue only applied to Ubuntu 16.04
LTS. (CVE-2016-2571)
Sant
OSV
CVE-2016-2569: Squid 3
osv·2016-02-27·CVSS 7.5
CVE-2016-2569 [HIGH] CVE-2016-2569: Squid 3
Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-3623 libtiff: divide by zero in the rgb2ycybr tool
bugzilla·2016-04-08·CVSS 7.5
CVE-2016-3623 [HIGH] CVE-2016-3623 libtiff: divide by zero in the rgb2ycybr tool
CVE-2016-3623 libtiff: divide by zero in the rgb2ycybr tool
Division by zero vulnerability was found in cvtRaster function in rgb2ycybr.c, allowing attacker to cause a denial of service via a crafted TIFF image.
Public via:
http://seclists.org/oss-sec/2016/q2/27
Discussion:
Acknowledgments:
Name: Mei Wang (Qihoo 360)
---
The division by zero (which is hardly a security issue already) is caused by passing the zero/0 as a command line parameter. I can't think of a reasonable scenario where this would be any different from shooting yourself in the foot. Thus, I'm not convinced of the security impact.
---
External References:
http://bugzilla.maptools.org/show_bug.cgi?id=2569
---
Statement:
Red Hat Product Security determined that this flaw was not a security vulnerability. See th
Bugzilla
CVE-2016-2569 CVE-2016-2570 CVE-2016-2571 CVE-2016-2572 squid: SQUID-2016_2 advisory, multiple DoS issues[fedora-all]
bugzilla·2016-02-26·CVSS 7.5
CVE-2016-2569 [HIGH] CVE-2016-2569 CVE-2016-2570 CVE-2016-2571 CVE-2016-2572 squid: SQUID-2016_2 advisory, multiple DoS issues[fedora-all]
CVE-2016-2569 CVE-2016-2570 CVE-2016-2571 CVE-2016-2572 squid: SQUID-2016_2 advisory, multiple DoS issues[fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue
Bugzilla
CVE-2016-2569 CVE-2016-2570 squid: some code paths fail to check bounds in string object
bugzilla·2016-02-26·CVSS 7.5
CVE-2016-2569 [HIGH] CVE-2016-2569 CVE-2016-2570 squid: some code paths fail to check bounds in string object
CVE-2016-2569 CVE-2016-2570 squid: some code paths fail to check bounds in string object
The proxy contains a String object class with 64KB content limits.
Some code paths do not bounds check before appending to these String
and overflow leads to an assertion which terminates all client
transactions using the proxy, including those unrelated to the limit
being exceeded.
Upstream patches:
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13991.patch
http://www.squid-cache.org/Versions/v4/changesets/squid-4-14552.patch
External references:
http://www.squid-cache.org/Advisories/SQUID-2016_2.txt
CVE assignment:
http://seclists.org/oss-sec/2016/q1/442
Discussion:
Added CVE 2016-2570, as it relates to other patches for the same issue.
Upstream comment about this:
This pa
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.htmlhttp://lists.opensuse.org/opensuse-updates/2016-08/msg00069.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2600.htmlhttp://www.openwall.com/lists/oss-security/2016/02/26/2http://www.securitytracker.com/id/1035101http://www.squid-cache.org/Advisories/SQUID-2016_2.txthttp://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13991.patchhttp://www.squid-cache.org/Versions/v4/changesets/squid-4-14552.patchhttps://security.gentoo.org/glsa/201607-01https://usn.ubuntu.com/3557-1/http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.htmlhttp://lists.opensuse.org/opensuse-updates/2016-08/msg00069.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2600.htmlhttp://www.openwall.com/lists/oss-security/2016/02/26/2http://www.securitytracker.com/id/1035101http://www.squid-cache.org/Advisories/SQUID-2016_2.txthttp://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13991.patchhttp://www.squid-cache.org/Versions/v4/changesets/squid-4-14552.patchhttps://security.gentoo.org/glsa/201607-01https://usn.ubuntu.com/3557-1/
2016-02-27
Published