CVE-2016-4053 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Squid

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-20 — Improper Input Validation9 documents8 sources

Severity

3.7LOWNVD

EPSS

26.2%

top 3.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Canonical Ubuntu Linux Oracle Linux Squid-cache Squid

Timeline

PublishedApr 25

Latest updateMay 13

Description

Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages2 packages

▶NVDsquid-cache/squid140 versions+139

▶NVDoracle/linux6, 7+1

Also affects: Ubuntu Linux 12.04, 14.04, 15.10, 16.04

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-w3wm-74g5-vppf: Squid 3↗2022-05-13

▶

OSV

CVE-2016-4053: Squid 3↗2016-04-25

▶

CVEList

CVE-2016-4053: Squid 3↗2016-04-25

▶

📋Vendor Advisories

Ubuntu

Squid vulnerabilities↗2016-06-09

▶

Red Hat

squid: multiple issues in ESI processing↗2016-04-20

▶

Debian

CVE-2016-4053: squid - Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain se...↗2016

▶

💬Community

Bugzilla

CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 squid: various flaws [fedora-all]↗2016-04-21

▶

Bugzilla

CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 squid: multiple issues in ESI processing↗2016-04-21

▶