Home CVE Database CVE-2016-2570

CVE-2016-2570

Description

The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.

Priority: MEDIUM
CVSS v3: 7.5
Publish Date: Feb 27, 2016
Related ID: --
CVSS v2: High
Modified Date: Feb 27, 2016

Find out more about CVE-2016-2570 from the MITRE-CVE dictionary and NIST NVD


Products Affected

Login may be required to access defects or downloads.

Related Products

Product Name Status Defect Fixed Downloads
Linux 7 SCP Not Vulnerable -- -- --
Linux 7 CGP Not Vulnerable -- -- --

Comments

squid

Live chat
Online