CVE-2016-3948
published 2016-04-07CVE-2016-3948: Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP…
PriorityP346high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
35.27%
98.2th percentile
Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers.
Affected
153 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | squid | < squid 4.1-1 (bookworm) | squid 4.1-1 (bookworm) |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
| squid-cache | squid | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability is triggered via a crafted HTTP response containing a malformed Vary header, causing an assertion failure (DoS) in Squid. Monitor for unexpected Squid process crashes or assertion failures originating from HTTP response processing. ↗
- →Refer to the upstream patch for the specific bounds-check code change to build a targeted detection or integrity check: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14016.patch ↗
- →Refer to the Squid advisory SQUID-2016_4.txt for additional technical details on the attack vector. ↗
- ·Affected versions are Squid 3.x before 3.5.16 and 4.x before 4.0.8. Squid on Red Hat Enterprise Linux 5 is not affected; RHEL 6 packages (squid, squid34) are 'Will not fix'. ↗
- ·The attack is initiated by a malicious upstream HTTP server (not a client), so the threat actor must control or compromise a server that Squid is proxying to. ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Squid regression
vendor_ubuntu·2022-12-12·CVSS 7.5
[HIGH] Squid regression
Title: Squid regression
Summary: USN-3557-1 introduced a regression in Squid.
USN-3557-1 fixed vulnerabilities in Squid. This update introduced a regression
which could cause the cache log to be filled with many Vary loop messages. This
update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Mathias Fischer discovered that Squid incorrectly handled certain long
strings in headers. A malicious remote server could possibly cause Squid to
crash, resulting in a denial of service. This issue was only addressed in
Ubuntu 16.04 LTS. (CVE-2016-2569)
William Lima discovered that Squid incorrectly handled XML parsing when
processing Edge Side Includes (ESI). A malicious remote server could
possibly cause Squid to crash, resulting in a denial of service. This is
Ubuntu
Squid vulnerabilities
vendor_ubuntu·2018-02-05·CVSS 7.5
CVE-2016-2569 [HIGH] Squid vulnerabilities
Title: Squid vulnerabilities
Summary: Several security issues were fixed in Squid.
Mathias Fischer discovered that Squid incorrectly handled certain long
strings in headers. A malicious remote server could possibly cause Squid to
crash, resulting in a denial of service. This issue was only addressed in
Ubuntu 16.04 LTS. (CVE-2016-2569)
William Lima discovered that Squid incorrectly handled XML parsing when
processing Edge Side Includes (ESI). A malicious remote server could
possibly cause Squid to crash, resulting in a denial of service. This issue
was only addressed in Ubuntu 16.04 LTS. (CVE-2016-2570)
Alex Rousskov discovered that Squid incorrectly handled response-parsing
failures. A malicious remote server could possibly cause Squid to crash,
resulting in a denial of service. This
Red Hat
squid: denial of service issue in HTTP response processing
vendor_redhat·2016-04-01·CVSS 7.5
CVE-2016-3948 [HIGH] CWE-617 squid: denial of service issue in HTTP response processing
squid: denial of service issue in HTTP response processing
Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers.
An incorrect boundary check was found in the way squid handled the Vary header in HTTP responses, which could lead to an assertion failure. A malicious HTTP server could use this flaw to crash squid using a specially crafted HTTP response.
Statement: Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates.
For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Package
Debian
CVE-2016-3948: squid - Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking,...
vendor_debian·2016·CVSS 7.5
CVE-2016-3948 [HIGH] CVE-2016-3948: squid - Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking,...
Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers.
Scope: local
bookworm: resolved (fixed in 4.1-1)
bullseye: resolved (fixed in 4.1-1)
forky: resolved (fixed in 4.1-1)
sid: resolved (fixed in 4.1-1)
trixie: resolved (fixed in 4.1-1)
OSV
squid3 regression
osv·2022-12-12·CVSS 7.5
[HIGH] squid3 regression
squid3 regression
USN-3557-1 fixed vulnerabilities in Squid. This update introduced a regression
which could cause the cache log to be filled with many Vary loop messages. This
update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Mathias Fischer discovered that Squid incorrectly handled certain long
strings in headers. A malicious remote server could possibly cause Squid to
crash, resulting in a denial of service. This issue was only addressed in
Ubuntu 16.04 LTS. (CVE-2016-2569)
William Lima discovered that Squid incorrectly handled XML parsing when
processing Edge Side Includes (ESI). A malicious remote server could
possibly cause Squid to crash, resulting in a denial of service. This issue
was only addressed in Ubuntu 16.04 LTS. (CVE-2016-2570)
GHSA
GHSA-f5f6-9f53-wf3r: Squid 3
ghsa_unreviewed·2022-05-14
CVE-2016-3948 [HIGH] CWE-119 GHSA-f5f6-9f53-wf3r: Squid 3
Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers.
OSV
squid3 vulnerabilities
osv·2018-02-05·CVSS 7.5
CVE-2016-2569 [HIGH] squid3 vulnerabilities
squid3 vulnerabilities
Mathias Fischer discovered that Squid incorrectly handled certain long
strings in headers. A malicious remote server could possibly cause Squid to
crash, resulting in a denial of service. This issue was only addressed in
Ubuntu 16.04 LTS. (CVE-2016-2569)
William Lima discovered that Squid incorrectly handled XML parsing when
processing Edge Side Includes (ESI). A malicious remote server could
possibly cause Squid to crash, resulting in a denial of service. This issue
was only addressed in Ubuntu 16.04 LTS. (CVE-2016-2570)
Alex Rousskov discovered that Squid incorrectly handled response-parsing
failures. A malicious remote server could possibly cause Squid to crash,
resulting in a denial of service. This issue only applied to Ubuntu 16.04
LTS. (CVE-2016-2571)
Sant
OSV
CVE-2016-3948: Squid 3
osv·2016-04-07·CVSS 7.5
CVE-2016-3948 [HIGH] CVE-2016-3948: Squid 3
Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-3947 CVE-2016-3948 squid: 3.5.16 version [fedora-all]
bugzilla·2016-04-04·CVSS 8.2
CVE-2016-3947 [HIGH] CVE-2016-3947 CVE-2016-3948 squid: 3.5.16 version [fedora-all]
CVE-2016-3947 CVE-2016-3948 squid: 3.5.16 version [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While o
Bugzilla
CVE-2016-3948 squid: denial of service issue in HTTP response processing
bugzilla·2016-04-04·CVSS 7.5
CVE-2016-3948 [HIGH] CVE-2016-3948 squid: denial of service issue in HTTP response processing
CVE-2016-3948 squid: denial of service issue in HTTP response processing
Due to incorrect bounds checking Squid is vulnerable to a denial of service attack when processing HTTP responses.
External references:
http://www.squid-cache.org/Advisories/SQUID-2016_4.txt
Upstream fix:
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14016.patch
References:
http://seclists.org/oss-sec/2016/q2/3
Discussion:
Statement:
Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates.
For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
---
squid-3.5.19-2.fc24 has been pushed to the Fedora 24 stable repository.
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.htmlhttp://lists.opensuse.org/opensuse-updates/2016-08/msg00069.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2600.htmlhttp://www.securitytracker.com/id/1035458http://www.squid-cache.org/Advisories/SQUID-2016_4.txthttp://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14016.patchhttps://security.gentoo.org/glsa/201607-01https://usn.ubuntu.com/3557-1/http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.htmlhttp://lists.opensuse.org/opensuse-updates/2016-08/msg00069.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2600.htmlhttp://www.securitytracker.com/id/1035458http://www.squid-cache.org/Advisories/SQUID-2016_4.txthttp://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14016.patchhttps://security.gentoo.org/glsa/201607-01https://usn.ubuntu.com/3557-1/
2016-04-07
Published