PT-2016-1319 · Squid+3 · Squid+4

Alex Rousskov

Published

2016-02-27

Updated

2018-01-05

CVE-2016-2572

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Squid versions 4.0.0 through 4.0.6

Description The issue exists due to insufficient input validation in the http.cc proxy server function. It allows a remote attacker to cause a denial of service, resulting in an "Assertion failure" error and termination of the daemon, by sending a malformed response.

Recommendations For Squid versions 4.0.0 through 4.0.6, update to version 4.0.7 or later to resolve the issue.

Exploit

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2016-00618

CESA-2016_2600

CVE-2016-2572

RHSA-2016:2600

RHSA-2016_2600

SUSE-SU-2016:2008-1

SUSE-SU-2016:2089-1

Affected Products

Centos

Red Hat

Squid

Squid Cache

Suse

PT-2016-1319 · Squid+3 · Squid+4

CVE-2016-2572

Weakness Enumeration

Related Identifiers

Affected Products

References · 89