CVE-2018-1000024 (retired)

Priority
Description
The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to
3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability
in ESI Response Processing that can result in Denial of Service for all
clients using the proxy.. This attack appear to be exploitable via Remote
server delivers an HTTP response payload containing valid but unusual ESI
syntax.. This vulnerability appears to have been fixed in 4.0.23 and later.
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):released (3.1.19-1ubuntu3.12.04.9)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [3.3.8-1ubuntu6.11])
Ubuntu 16.04 LTS (Xenial Xerus):released (3.5.12-1ubuntu7.5)
Ubuntu 18.04 LTS (Bionic Beaver):released (3.5.23-5ubuntu2)
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Patches:
Upstream:http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_1.patch
More Information

Updated: 2019-07-17 19:17:15 UTC (commit 429a747557dd922e07188520a5abc1fcf2e02afe)