CVE-2018-1000024

Priority
Low
Description
The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to
3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability
in ESI Response Processing that can result in Denial of Service for all
clients using the proxy.. This attack appear to be exploitable via Remote
server delivers an HTTP response payload containing valid but unusual ESI
syntax.. This vulnerability appears to have been fixed in 4.0.23 and later.
References
Bugs
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):needed
Ubuntu 14.04 LTS (Trusty Tahr):released (3.3.8-1ubuntu6.11)
Ubuntu 16.04 LTS (Xenial Xerus):released (3.5.12-1ubuntu7.5)
Ubuntu 17.10 (Artful Aardvark):released (3.5.23-5ubuntu1.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (3.5.23-5ubuntu2)
Patches:
Upstream:http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_1.patch
More Information

Updated: 2018-04-28 06:30:24 UTC (commit 14638)