CVE-2016-2390

Priority
Description
The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14
and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when
built with the --with-openssl option, which allows remote attackers to
cause a denial of service (application crash) via a plaintext HTTP message.
Notes
tyhicksonly affects --with-openssl builds
Package
Upstream:released (4.0.6)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [not built with --with-openssl])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (not built with --with-openssl)
More Information

Updated: 2020-01-29 19:54:55 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)