The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax.. This vulnerability appears to have been fixed in 4.0.23 and later.
References
Link | Resource |
---|---|
http://www.squid-cache.org/Versions/ | Release Notes Vendor Advisory |
http://www.squid-cache.org/Advisories/SQUID-2018_1.txt | Patch Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2018/02/msg00001.html | Mailing List Third Party Advisory |
https://www.debian.org/security/2018/dsa-4122 | Third Party Advisory |
https://usn.ubuntu.com/3557-1/ | Third Party Advisory |
https://usn.ubuntu.com/4059-2/ |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Information
Published : 2018-02-09 15:29
Updated : 2019-10-02 17:03
NVD link : CVE-2018-1000024
Mitre link : CVE-2018-1000024
JSON object : View
CWE
Products Affected
debian
- debian_linux
canonical
- ubuntu_linux
squid-cache
- squid