BDU%3A2016-00733

Risk Scores

Affected Products

Exploit Intelligence

• Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header. (github-poc-repo)
• Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header. (github-poc)

Timeline

• Mar 31, 2016 CVE Published
• Mar 23, 2021 CVE Updated

References

• http://www.squid-cache.org/Versions/v4/changesets/squid-4-14552.patch url
• http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13991.patch url
• http://www.squid-cache.org/Advisories/SQUID-2016_2.txt url
• http://www.openwall.com/lists/oss-security/2016/02/26/2 url