CVE-2018-1172

EUVD-2018-11810

16.05.2018, 21:29

This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCheck(). A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition to users of the system. Was ZDI-CAN-6088.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.9 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 93%

Affected Products (NVD)

Vendor	Product	Version
squid-cache	squid	3.5.27

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

squid

bookworm	5.7-2+deb12u2 fixed
bookworm (security)	5.7-2+deb12u2 fixed
bullseye	4.13-10+deb11u3 fixed
bullseye (security)	4.13-10+deb11u3 fixed
sid	6.12-1 fixed
trixie	6.12-1 fixed
wheezy	not-affected

Ubuntu Releases

Ubuntu Product

Codename

squid3

artful	ignored
bionic	not-affected
cosmic	dne
trusty	dne
xenial	not-affected

Common Weakness Enumeration

CWE-476 - NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

References

http://www.squid-cache.org/Advisories/SQUID-2018_3.txt

https://zerodayinitiative.com/advisories/ZDI-18-309

http://www.squid-cache.org/Advisories/SQUID-2018_3.txt

https://zerodayinitiative.com/advisories/ZDI-18-309