CVE-2016-2570
EUVD-2016-364427.02.2016, 05:59
The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| squid-cache | squid | 3.0 |
| squid-cache | squid | 3.0 |
| squid-cache | squid | 3.0 |
| squid-cache | squid | 3.0 |
| squid-cache | squid | 3.0 |
| squid-cache | squid | 3.0 |
| squid-cache | squid | 3.0 |
| squid-cache | squid | 3.0 |
| squid-cache | squid | 3.0:rc4 |
| squid-cache | squid | 3.0.stable1:stable1 |
| squid-cache | squid | 3.0.stable2:stable2 |
| squid-cache | squid | 3.0.stable3:stable3 |
| squid-cache | squid | 3.0.stable4:stable4 |
| squid-cache | squid | 3.0.stable5:stable5 |
| squid-cache | squid | 3.0.stable6:stable6 |
| squid-cache | squid | 3.0.stable7:stable7 |
| squid-cache | squid | 3.0.stable8:stable8 |
| squid-cache | squid | 3.0.stable9:stable9 |
| squid-cache | squid | 3.0.stable10:stable10 |
| squid-cache | squid | 3.0.stable11:stable11 |
| squid-cache | squid | 3.0.stable11:stable11 |
| squid-cache | squid | 3.0.stable12:stable12 |
| squid-cache | squid | 3.0.stable13:stable13 |
| squid-cache | squid | 3.0.stable14:stable14 |
| squid-cache | squid | 3.0.stable15:stable15 |
| squid-cache | squid | 3.0.stable16:stable16 |
| squid-cache | squid | 3.0.stable16:stable16 |
| squid-cache | squid | 3.0.stable17:stable17 |
| squid-cache | squid | 3.0.stable18:stable18 |
| squid-cache | squid | 3.0.stable19:stable19 |
| squid-cache | squid | 3.0.stable20:stable20 |
| squid-cache | squid | 3.0.stable21:stable21 |
| squid-cache | squid | 3.0.stable22:stable22 |
| squid-cache | squid | 3.0.stable23:stable23 |
| squid-cache | squid | 3.0.stable24:stable24 |
| squid-cache | squid | 3.0.stable25:stable25 |
| squid-cache | squid | 3.1 |
| squid-cache | squid | 3.1.0.1 |
| squid-cache | squid | 3.1.0.2 |
| squid-cache | squid | 3.1.0.3 |
| squid-cache | squid | 3.1.0.4 |
| squid-cache | squid | 3.1.0.5 |
| squid-cache | squid | 3.1.0.6 |
| squid-cache | squid | 3.1.0.7 |
| squid-cache | squid | 3.1.0.8 |
| squid-cache | squid | 3.1.0.9 |
| squid-cache | squid | 3.1.0.10 |
| squid-cache | squid | 3.1.0.11 |
| squid-cache | squid | 3.1.0.12 |
| squid-cache | squid | 3.1.0.13 |
| squid-cache | squid | 3.1.0.14 |
| squid-cache | squid | 3.1.0.15 |
| squid-cache | squid | 3.1.0.16 |
| squid-cache | squid | 3.1.0.17 |
| squid-cache | squid | 3.1.0.18 |
| squid-cache | squid | 3.1.1 |
| squid-cache | squid | 3.1.2 |
| squid-cache | squid | 3.1.3 |
| squid-cache | squid | 3.1.4 |
| squid-cache | squid | 3.1.5 |
| squid-cache | squid | 3.1.5.1 |
| squid-cache | squid | 3.1.6 |
| squid-cache | squid | 3.1.7 |
| squid-cache | squid | 3.1.8 |
| squid-cache | squid | 3.1.9 |
| squid-cache | squid | 3.1.10 |
| squid-cache | squid | 3.1.11 |
| squid-cache | squid | 3.1.12 |
| squid-cache | squid | 3.1.13 |
| squid-cache | squid | 3.1.14 |
| squid-cache | squid | 3.1.15 |
| squid-cache | squid | 3.2.0.1 |
| squid-cache | squid | 3.2.0.2 |
| squid-cache | squid | 3.2.0.3 |
| squid-cache | squid | 3.2.0.4 |
| squid-cache | squid | 3.2.0.5 |
| squid-cache | squid | 3.2.0.6 |
| squid-cache | squid | 3.2.0.7 |
| squid-cache | squid | 3.2.0.8 |
| squid-cache | squid | 3.2.0.9 |
| squid-cache | squid | 3.2.0.10 |
| squid-cache | squid | 3.2.0.11 |
| squid-cache | squid | 3.2.0.12 |
| squid-cache | squid | 3.2.0.13 |
| squid-cache | squid | 3.2.0.14 |
| squid-cache | squid | 3.2.0.15 |
| squid-cache | squid | 3.2.0.16 |
| squid-cache | squid | 3.2.0.17 |
| squid-cache | squid | 3.2.0.18 |
| squid-cache | squid | 3.2.0.19 |
| squid-cache | squid | 3.2.1 |
| squid-cache | squid | 3.2.2 |
| squid-cache | squid | 3.2.3 |
| squid-cache | squid | 3.2.4 |
| squid-cache | squid | 3.2.5 |
| squid-cache | squid | 3.2.6 |
| squid-cache | squid | 3.2.7 |
| squid-cache | squid | 3.2.8 |
| squid-cache | squid | 3.2.9 |
| squid-cache | squid | 3.2.10 |
| squid-cache | squid | 3.2.11 |
| squid-cache | squid | 3.2.12 |
| squid-cache | squid | 3.2.13 |
| squid-cache | squid | 3.3.0 |
| squid-cache | squid | 3.3.0.2 |
| squid-cache | squid | 3.3.0.3 |
| squid-cache | squid | 3.3.1 |
| squid-cache | squid | 3.3.2 |
| squid-cache | squid | 3.3.3 |
| squid-cache | squid | 3.3.4 |
| squid-cache | squid | 3.3.5 |
| squid-cache | squid | 3.3.6 |
| squid-cache | squid | 3.3.7 |
| squid-cache | squid | 3.3.8 |
| squid-cache | squid | 3.3.9 |
| squid-cache | squid | 3.3.10 |
| squid-cache | squid | 3.3.11 |
| squid-cache | squid | 3.3.12 |
| squid-cache | squid | 3.3.13 |
| squid-cache | squid | 3.4.0.1 |
| squid-cache | squid | 3.4.0.2 |
| squid-cache | squid | 3.4.0.3 |
| squid-cache | squid | 3.4.1 |
| squid-cache | squid | 3.4.2 |
| squid-cache | squid | 3.4.3 |
| squid-cache | squid | 3.4.4 |
| squid-cache | squid | 3.4.8 |
| squid-cache | squid | 3.4.9 |
| squid-cache | squid | 3.4.10 |
| squid-cache | squid | 3.4.11 |
| squid-cache | squid | 3.4.12 |
| squid-cache | squid | 3.4.13 |
| squid-cache | squid | 3.5.0.1 |
| squid-cache | squid | 3.5.0.2 |
| squid-cache | squid | 3.5.0.3 |
| squid-cache | squid | 3.5.0.4 |
| squid-cache | squid | 3.5.1 |
| squid-cache | squid | 4.0.1 |
| squid-cache | squid | 4.0.2 |
| squid-cache | squid | 4.0.3 |
| squid-cache | squid | 4.0.4 |
| squid-cache | squid | 4.0.5 |
| squid-cache | squid | 4.0.6 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
References