Vulnerability Description
Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Squid-Cache | Squid | 3.0 |
| Oracle | Linux | 6 |
| Canonical | Ubuntu Linux | 12.04 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html
- http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html
- http://www.debian.org/security/2016/dsa-3625
- http://www.openwall.com/lists/oss-security/2016/04/20/6Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2016/04/20/9Mailing ListThird Party Advisory
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlPatchThird Party Advisory
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.hThird Party Advisory
- http://www.securityfocus.com/bid/86788
- http://www.securityfocus.com/bid/91787Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1035647Third Party AdvisoryVDB Entry
- http://www.squid-cache.org/Advisories/SQUID-2016_6.txtVendor Advisory
- http://www.ubuntu.com/usn/USN-2995-1Third Party Advisory
- https://access.redhat.com/errata/RHSA-2016:1138
- https://access.redhat.com/errata/RHSA-2016:1139
FAQ
What is CVE-2016-4053?
CVE-2016-4053 is a vulnerability with a CVSS score of 3.7 (LOW). Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and ...
How severe is CVE-2016-4053?
CVE-2016-4053 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-4053?
Check the references section above for vendor advisories and patch information. Affected products include: Squid-Cache Squid, Oracle Linux, Canonical Ubuntu Linux.