CVE-2016-4051Improper Restriction of Operations within the Bounds of a Memory Buffer in Squid

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-122Heap-based Buffer Overflow12 documents8 sources
Severity
8.8HIGHNVD
EPSS
10.3%
top 6.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
SquidCanonical Ubuntu LinuxOracle Linux+1 more
Timeline
PublishedApr 25
Latest updateMay 13

Description

Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

Debiansquid/squid< 4.1-1+3
NVDsquid-cache/squid148 versions+147
NVDoracle/linux6, 7+1

Also affects: Ubuntu Linux 12.04, 14.04, 15.10, 16.04

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

4
GHSA
GHSA-ggh7-xm84-5v2g: Buffer overflow in cachemgr2022-05-13
OSV
squid3 vulnerabilities2016-06-09
OSV
CVE-2016-4051: Buffer overflow in cachemgr2016-04-25
CVEList
CVE-2016-4051: Buffer overflow in cachemgr2016-04-25

📋Vendor Advisories

4
Ubuntu
Squid vulnerabilities2016-06-09
Red Hat
squid: buffer overflow in cachemgr.cgi2016-04-20
Red Hat
squid: Buffer overflow vulnerability in cachemgr.cgi tool2016-04-20
Debian
CVE-2016-4051: squid - Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before ...2016

💬Community

3
Bugzilla
CVE-2016-5408 squid: Buffer overflow vulnerability in cachemgr.cgi tool2016-07-22
Bugzilla
CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 squid: various flaws [fedora-all]2016-04-21
Bugzilla
CVE-2016-4051 squid: buffer overflow in cachemgr.cgi2016-04-21
CVE-2016-4051 — Squid-cache Squid vulnerability | cvebase