CVE-2016-2570

EPSS 9.55%
Veröffentlicht 27.02.2016 05:59:04
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 14

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Squid-cache ≫ Squid Version3.0

Squid-cache ≫ Squid Version3.0 Update- Editionpre1

Squid-cache ≫ Squid Version3.0 Update- Editionpre2

Squid-cache ≫ Squid Version3.0 Update- Editionpre3

Squid-cache ≫ Squid Version3.0 Update- Editionpre4

Squid-cache ≫ Squid Version3.0 Update- Editionpre5

Squid-cache ≫ Squid Version3.0 Update- Editionpre6

Squid-cache ≫ Squid Version3.0 Update- Editionpre7

Squid-cache ≫ Squid Version3.0 Updaterc4

Squid-cache ≫ Squid Version3.0.stable1

Squid-cache ≫ Squid Version3.0.stable2

Squid-cache ≫ Squid Version3.0.stable3

Squid-cache ≫ Squid Version3.0.stable4

Squid-cache ≫ Squid Version3.0.stable5

Squid-cache ≫ Squid Version3.0.stable6

Squid-cache ≫ Squid Version3.0.stable7

Squid-cache ≫ Squid Version3.0.stable8

Squid-cache ≫ Squid Version3.0.stable9

Squid-cache ≫ Squid Version3.0.stable10

Squid-cache ≫ Squid Version3.0.stable11

Squid-cache ≫ Squid Version3.0.stable11 Updaterc1

Squid-cache ≫ Squid Version3.0.stable12

Squid-cache ≫ Squid Version3.0.stable13

Squid-cache ≫ Squid Version3.0.stable14

Squid-cache ≫ Squid Version3.0.stable15

Squid-cache ≫ Squid Version3.0.stable16

Squid-cache ≫ Squid Version3.0.stable16 Updaterc1

Squid-cache ≫ Squid Version3.0.stable17

Squid-cache ≫ Squid Version3.0.stable18

Squid-cache ≫ Squid Version3.0.stable19

Squid-cache ≫ Squid Version3.0.stable20

Squid-cache ≫ Squid Version3.0.stable21

Squid-cache ≫ Squid Version3.0.stable22

Squid-cache ≫ Squid Version3.0.stable23

Squid-cache ≫ Squid Version3.0.stable24

Squid-cache ≫ Squid Version3.0.stable25

Squid-cache ≫ Squid Version3.1

Squid-cache ≫ Squid Version3.1.0.1

Squid-cache ≫ Squid Version3.1.0.2

Squid-cache ≫ Squid Version3.1.0.3

Squid-cache ≫ Squid Version3.1.0.4

Squid-cache ≫ Squid Version3.1.0.5

Squid-cache ≫ Squid Version3.1.0.6

Squid-cache ≫ Squid Version3.1.0.7

Squid-cache ≫ Squid Version3.1.0.8

Squid-cache ≫ Squid Version3.1.0.9

Squid-cache ≫ Squid Version3.1.0.10

Squid-cache ≫ Squid Version3.1.0.11

Squid-cache ≫ Squid Version3.1.0.12

Squid-cache ≫ Squid Version3.1.0.13

Squid-cache ≫ Squid Version3.1.0.14

Squid-cache ≫ Squid Version3.1.0.15

Squid-cache ≫ Squid Version3.1.0.16

Squid-cache ≫ Squid Version3.1.0.17

Squid-cache ≫ Squid Version3.1.0.18

Squid-cache ≫ Squid Version3.1.1

Squid-cache ≫ Squid Version3.1.2

Squid-cache ≫ Squid Version3.1.3

Squid-cache ≫ Squid Version3.1.4

Squid-cache ≫ Squid Version3.1.5

Squid-cache ≫ Squid Version3.1.5.1

Squid-cache ≫ Squid Version3.1.6

Squid-cache ≫ Squid Version3.1.7

Squid-cache ≫ Squid Version3.1.8

Squid-cache ≫ Squid Version3.1.9

Squid-cache ≫ Squid Version3.1.10

Squid-cache ≫ Squid Version3.1.11

Squid-cache ≫ Squid Version3.1.12

Squid-cache ≫ Squid Version3.1.13

Squid-cache ≫ Squid Version3.1.14

Squid-cache ≫ Squid Version3.1.15

Squid-cache ≫ Squid Version3.2.0.1

Squid-cache ≫ Squid Version3.2.0.2

Squid-cache ≫ Squid Version3.2.0.3

Squid-cache ≫ Squid Version3.2.0.4

Squid-cache ≫ Squid Version3.2.0.5

Squid-cache ≫ Squid Version3.2.0.6

Squid-cache ≫ Squid Version3.2.0.7

Squid-cache ≫ Squid Version3.2.0.8

Squid-cache ≫ Squid Version3.2.0.9

Squid-cache ≫ Squid Version3.2.0.10

Squid-cache ≫ Squid Version3.2.0.11

Squid-cache ≫ Squid Version3.2.0.12

Squid-cache ≫ Squid Version3.2.0.13

Squid-cache ≫ Squid Version3.2.0.14

Squid-cache ≫ Squid Version3.2.0.15

Squid-cache ≫ Squid Version3.2.0.16

Squid-cache ≫ Squid Version3.2.0.17

Squid-cache ≫ Squid Version3.2.0.18

Squid-cache ≫ Squid Version3.2.0.19

Squid-cache ≫ Squid Version3.2.1

Squid-cache ≫ Squid Version3.2.2

Squid-cache ≫ Squid Version3.2.3

Squid-cache ≫ Squid Version3.2.4

Squid-cache ≫ Squid Version3.2.5

Squid-cache ≫ Squid Version3.2.6

Squid-cache ≫ Squid Version3.2.7

Squid-cache ≫ Squid Version3.2.8

Squid-cache ≫ Squid Version3.2.9

Squid-cache ≫ Squid Version3.2.10

Squid-cache ≫ Squid Version3.2.11

Squid-cache ≫ Squid Version3.2.12

Squid-cache ≫ Squid Version3.2.13

Squid-cache ≫ Squid Version3.3.0

Squid-cache ≫ Squid Version3.3.0.2

Squid-cache ≫ Squid Version3.3.0.3

Squid-cache ≫ Squid Version3.3.1

Squid-cache ≫ Squid Version3.3.2

Squid-cache ≫ Squid Version3.3.3

Squid-cache ≫ Squid Version3.3.4

Squid-cache ≫ Squid Version3.3.5

Squid-cache ≫ Squid Version3.3.6

Squid-cache ≫ Squid Version3.3.7

Squid-cache ≫ Squid Version3.3.8

Squid-cache ≫ Squid Version3.3.9

Squid-cache ≫ Squid Version3.3.10

Squid-cache ≫ Squid Version3.3.11

Squid-cache ≫ Squid Version3.3.12

Squid-cache ≫ Squid Version3.3.13

Squid-cache ≫ Squid Version3.4.0.1

Squid-cache ≫ Squid Version3.4.0.2

Squid-cache ≫ Squid Version3.4.0.3

Squid-cache ≫ Squid Version3.4.1

Squid-cache ≫ Squid Version3.4.2

Squid-cache ≫ Squid Version3.4.3

Squid-cache ≫ Squid Version3.4.4

Squid-cache ≫ Squid Version3.4.8

Squid-cache ≫ Squid Version3.4.9

Squid-cache ≫ Squid Version3.4.10

Squid-cache ≫ Squid Version3.4.11

Squid-cache ≫ Squid Version3.4.12

Squid-cache ≫ Squid Version3.4.13

Squid-cache ≫ Squid Version3.5.0.1

Squid-cache ≫ Squid Version3.5.0.2

Squid-cache ≫ Squid Version3.5.0.3

Squid-cache ≫ Squid Version3.5.0.4

Squid-cache ≫ Squid Version3.5.1

Squid-cache ≫ Squid Version4.0.1

Squid-cache ≫ Squid Version4.0.2

Squid-cache ≫ Squid Version4.0.3

Squid-cache ≫ Squid Version4.0.4

Squid-cache ≫ Squid Version4.0.5

Squid-cache ≫ Squid Version4.0.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	9.55%	0.926

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html

https://security.gentoo.org/glsa/201607-01

http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html

http://rhn.redhat.com/errata/RHSA-2016-2600.html

http://www.openwall.com/lists/oss-security/2016/02/26/2

http://www.securitytracker.com/id/1035101

http://www.squid-cache.org/Advisories/SQUID-2016_2.txt

Vendor Advisory

https://usn.ubuntu.com/3557-1/

http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13993.patch

http://www.squid-cache.org/Versions/v4/changesets/squid-4-14549.patch

https://nvd.nist.gov/vuln/detail/CVE-2016-2570

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-2570

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-2570

EUVD