CVE-2016-4053
Last modified
CVE-2016-4053 is a vulnerability of currently unknown severity. Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization.. EPSS estimates a 11.43% chance of exploitation in the next 30 days.
Description
Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Squid-Cache | Squid | 3.0 |
| Squid-Cache | Squid | 3.1 |
| Squid-Cache | Squid | 3.1.0.1 |
| Squid-Cache | Squid | 3.1.0.2 |
| Squid-Cache | Squid | 3.1.0.3 |
| Squid-Cache | Squid | 3.1.0.4 |
| Squid-Cache | Squid | 3.1.0.5 |
| Squid-Cache | Squid | 3.1.0.6 |
| Squid-Cache | Squid | 3.1.0.7 |
| Squid-Cache | Squid | 3.1.0.8 |
| Squid-Cache | Squid | 3.1.0.9 |
| Squid-Cache | Squid | 3.1.0.10 |
| Squid-Cache | Squid | 3.1.0.11 |
| Squid-Cache | Squid | 3.1.0.12 |
| Squid-Cache | Squid | 3.1.0.13 |
| Squid-Cache | Squid | 3.1.0.14 |
| Squid-Cache | Squid | 3.1.0.15 |
| Squid-Cache | Squid | 3.1.0.16 |
| Squid-Cache | Squid | 3.1.0.17 |
| Squid-Cache | Squid | 3.1.0.18 |
| Squid-Cache | Squid | 3.1.1 |
| Squid-Cache | Squid | 3.1.2 |
| Squid-Cache | Squid | 3.1.3 |
| Squid-Cache | Squid | 3.1.4 |
| Squid-Cache | Squid | 3.1.5 |
| Squid-Cache | Squid | 3.1.5.1 |
| Squid-Cache | Squid | 3.1.6 |
| Squid-Cache | Squid | 3.1.7 |
| Squid-Cache | Squid | 3.1.8 |
| Squid-Cache | Squid | 3.1.9 |
| Squid-Cache | Squid | 3.1.10 |
| Squid-Cache | Squid | 3.1.11 |
| Squid-Cache | Squid | 3.1.12 |
| Squid-Cache | Squid | 3.1.12.1 |
| Squid-Cache | Squid | 3.1.12.2 |
| Squid-Cache | Squid | 3.1.12.3 |
| Squid-Cache | Squid | 3.1.13 |
| Squid-Cache | Squid | 3.1.14 |
| Squid-Cache | Squid | 3.1.15 |
| Squid-Cache | Squid | 3.1.16 |
| Squid-Cache | Squid | 3.1.17 |
| Squid-Cache | Squid | 3.1.18 |
| Squid-Cache | Squid | 3.1.19 |
| Squid-Cache | Squid | 3.1.20 |
| Squid-Cache | Squid | 3.1.21 |
| Squid-Cache | Squid | 3.1.22 |
| Squid-Cache | Squid | 3.2.0.1 |
| Squid-Cache | Squid | 3.2.0.2 |
| Squid-Cache | Squid | 3.2.0.3 |
| Squid-Cache | Squid | 3.2.0.4 |
Showing 50 of 146 affected configurations. See NVD for the full list.
References
- http://www.openwall.com/lists/oss-security/2016/04/20/6Mailing List, Third Party Advisory
- http://www.openwall.com/lists/oss-security/2016/04/20/9Mailing List, Third Party Advisory
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlPatch, Third Party Advisory
- http://www.securityfocus.com/bid/91787Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1035647Third Party Advisory, VDB Entry
- http://www.squid-cache.org/Advisories/SQUID-2016_6.txtVendor Advisory
- http://www.ubuntu.com/usn/USN-2995-1Third Party Advisory
- http://www.openwall.com/lists/oss-security/2016/04/20/6Mailing List, Third Party Advisory
- http://www.openwall.com/lists/oss-security/2016/04/20/9Mailing List, Third Party Advisory
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlPatch, Third Party Advisory
- http://www.securityfocus.com/bid/91787Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1035647Third Party Advisory, VDB Entry
- http://www.squid-cache.org/Advisories/SQUID-2016_6.txtVendor Advisory
- http://www.ubuntu.com/usn/USN-2995-1Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-4053?
How severe is CVE-2016-4053?
How do I fix CVE-2016-4053?
Are you affected by CVE-2016-4053?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST