CVE-2016-2570

HIGH

Squid 3.x < 3.5.15 and 4.x < 4.0.7 - Denial of Service via ESI XML Parser Buffer Overflow

Title source: llm
STIX 2.1

Description

The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.

References (11)

Core 11
Core References
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/3557-1/
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201607-01
Vendor Advisory x_refsource_confirm
http://www.squid-cache.org/Advisories/SQUID-2016_2.txt
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-2600.html
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/02/26/2
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1035101

Scores

CVSS v3 7.5
EPSS 0.0895
EPSS Percentile 94.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-20
Status published
Products (40)
squid-cache/squid 3.0 (9 CPE variants)
squid-cache/squid 3.0.stable1
squid-cache/squid 3.0.stable2
squid-cache/squid 3.0.stable3
squid-cache/squid 3.0.stable4
squid-cache/squid 3.0.stable5
squid-cache/squid 3.0.stable6
squid-cache/squid 3.0.stable7
squid-cache/squid 3.0.stable8
squid-cache/squid 3.0.stable9
... and 30 more
Published Feb 27, 2016
Tracked Since Feb 18, 2026