CVE-2016-4054 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Squid

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-20 — Improper Input Validation9 documents8 sources

Severity

8.1HIGHNVD

EPSS

79.9%

top 0.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Canonical Ubuntu Linux Oracle Linux Squid-cache Squid

Timeline

PublishedApr 25

Latest updateMay 13

Description

Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

▶NVDsquid-cache/squid140 versions+139

▶NVDoracle/linux6, 7+1

Also affects: Ubuntu Linux 12.04, 14.04, 15.10, 16.04

🔴Vulnerability Details

GHSA

GHSA-4qf5-r4mp-pqp5: Buffer overflow in Squid 3↗2022-05-13

▶

OSV

CVE-2016-4054: Buffer overflow in Squid 3↗2016-04-25

▶

CVEList

CVE-2016-4054: Buffer overflow in Squid 3↗2016-04-25

▶

📋Vendor Advisories

Ubuntu

Squid vulnerabilities↗2016-06-09

▶

Red Hat

squid: multiple issues in ESI processing↗2016-04-20

▶

Debian

CVE-2016-4054: squid - Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote at...↗2016

▶

💬Community

Bugzilla

CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 squid: various flaws [fedora-all]↗2016-04-21

▶

Bugzilla

CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 squid: multiple issues in ESI processing↗2016-04-21

▶