github - ghsa-xwvc-2x67-786x

ghsa-xwvc-2x67-786x

Vulnerability from github

Published

2022-05-14 03:38

Modified

2022-05-14 03:38

Severity

7.5 (High) - CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-2570"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-02-27T05:59:00Z",
    "severity": "HIGH"
  },
  "details": "The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.",
  "id": "GHSA-xwvc-2x67-786x",
  "modified": "2022-05-14T03:38:02Z",
  "published": "2022-05-14T03:38:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2570"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201607-01"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3557-1"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2600.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/02/26/2"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1035101"
    },
    {
      "type": "WEB",
      "url": "http://www.squid-cache.org/Advisories/SQUID-2016_2.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13993.patch"
    },
    {
      "type": "WEB",
      "url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-14549.patch"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cve-2016-2570

Vulnerability from cvelistv5

Published

2016-02-27 02:00

Modified

2024-08-05 23:32

Severity

Summary

References

URL	Tags
https://usn.ubuntu.com/3557-1/	vendor-advisory, x_refsource_UBUNTU
https://security.gentoo.org/glsa/201607-01	vendor-advisory, x_refsource_GENTOO
http://www.squid-cache.org/Advisories/SQUID-2016_2.txt	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html	vendor-advisory, x_refsource_SUSE
http://www.squid-cache.org/Versions/v4/changesets/squid-4-14549.patch	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2016-2600.html	vendor-advisory, x_refsource_REDHAT
http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html	vendor-advisory, x_refsource_SUSE
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13993.patch	x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2016/02/26/2	mailing-list, x_refsource_MLIST
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html	vendor-advisory, x_refsource_SUSE
http://www.securitytracker.com/id/1035101	vdb-entry, x_refsource_SECTRACK

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website