CVE-2018-1000024

2018-01-2900:00:00

ubuntu.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.006 Low

EPSS

Percentile

77.7%

JSON

The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to
3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability
in ESI Response Processing that can result in Denial of Service for all
clients using the proxy… This attack appear to be exploitable via Remote
server delivers an HTTP response payload containing valid but unusual ESI
syntax… This vulnerability appears to have been fixed in 4.0.23 and later.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888719>

OSVersionArchitecturePackageVersionFilename
ubuntu17.10noarchsquid3< 3.5.23-5ubuntu1.1UNKNOWN
ubuntu18.04noarchsquid3< 3.5.23-5ubuntu2UNKNOWN
ubuntu14.04noarchsquid3< 3.3.8-1ubuntu6.11UNKNOWN
ubuntu16.04noarchsquid3< 3.5.12-1ubuntu7.5UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	17.10	noarch	squid3	< 3.5.23-5ubuntu1.1	UNKNOWN
ubuntu	18.04	noarch	squid3	< 3.5.23-5ubuntu2	UNKNOWN
ubuntu	14.04	noarch	squid3	< 3.3.8-1ubuntu6.11	UNKNOWN
ubuntu	16.04	noarch	squid3	< 3.5.12-1ubuntu7.5	UNKNOWN