CVE-2016-4052 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Squid

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-20 — Improper Input Validation9 documents8 sources

Severity

8.1HIGHNVD

EPSS

35.3%

top 2.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Canonical Ubuntu Linux Squid-cache Squid

Timeline

PublishedApr 25

Latest updateMay 17

Description

Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages1 packages

▶NVDsquid-cache/squid140 versions+139

Also affects: Ubuntu Linux 12.04, 14.04, 15.10, 16.04

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-wvw8-g2vj-44m4: Multiple stack-based buffer overflows in Squid 3↗2022-05-17

▶

CVEList

CVE-2016-4052: Multiple stack-based buffer overflows in Squid 3↗2016-04-25

▶

OSV

CVE-2016-4052: Multiple stack-based buffer overflows in Squid 3↗2016-04-25

▶

📋Vendor Advisories

Ubuntu

Squid vulnerabilities↗2016-06-09

▶

Red Hat

squid: multiple issues in ESI processing↗2016-04-20

▶

Debian

CVE-2016-4052: squid - Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before ...↗2016

▶

💬Community

Bugzilla

CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 squid: various flaws [fedora-all]↗2016-04-21

▶

Bugzilla

CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 squid: multiple issues in ESI processing↗2016-04-21

▶