[3.6] squid: Multiple vulnerabilities (CVE-2018-1000024, CVE-2018-1000027)ID: oval:org.secpod.oval:def:1800399 | Date: (C)2018-03-28 (M)2023-12-20 |
Class: PATCH | Family: unix |
CVE-2018-1000024: Incorrect pointer handling when processing ESI Responses can lead to denial of service; Due to incorrect pointer handling, Squid versions 3.x and 4.x are vulnerable to a denial of service attack when processing ESI responses. This problem allows a remote server delivering certain ESI response syntax to trigger a denial of service for all clients accessing the Squid service. Fixed In Version: squid 3.5.27, squid 4.0.23
Platform: |
Alpine Linux 3.6 |