OpenCVE

This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCheck(). A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition to users of the system. Was ZDI-CAN-6088.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Squid-cache	Squid

Configuration 1 [-]

cpe:2.3:a:squid-cache:squid:3.5.27:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.squid-cache.org/Advisories/SQUID-2018_3.txt
https://nvd.nist.gov/vuln/detail/CVE-2018-1172
https://www.cve.org/CVERecord?id=CVE-2018-1172
https://zerodayinitiative.com/advisories/ZDI-18-309

History

No history.

MITRE

Status: PUBLISHED

Assigner: zdi

Published: 2018-05-16T21:00:00

Updated: 2024-08-05T03:51:48.966Z

Reserved: 2017-12-05T00:00:00

Link: CVE-2018-1172

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-05-16T21:29:00.280

Modified: 2024-11-21T03:59:19.947

Link: CVE-2018-1172

Redhat

Severity : Low

Publid Date: 2018-04-18T00:00:00Z

Links: CVE-2018-1172 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "The Squid Software Foundation Squid", "vendor": "The Squid Software Foundation", "versions": [{"status": "affected", "version": "3.5.27-20180318"}]}], "datePublic": "2018-04-18T00:00:00", "descriptions": [{"lang": "en", "value": "This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCheck(). A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition to users of the system. Was ZDI-CAN-6088."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "description": "CWE-476-NULL Pointer Dereference", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-05-16T20:57:01", "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://zerodayinitiative.com/advisories/ZDI-18-309"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.squid-cache.org/Advisories/SQUID-2018_3.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "zdi-disclosures@trendmicro.com", "ID": "CVE-2018-1172", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "The Squid Software Foundation Squid", "version": {"version_data": [{"version_value": "3.5.27-20180318"}]}}]}, "vendor_name": "The Squid Software Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCheck(). A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition to users of the system. Was ZDI-CAN-6088."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-476-NULL Pointer Dereference"}]}]}, "references": {"reference_data": [{"name": "https://zerodayinitiative.com/advisories/ZDI-18-309", "refsource": "MISC", "url": "https://zerodayinitiative.com/advisories/ZDI-18-309"}, {"name": "http://www.squid-cache.org/Advisories/SQUID-2018_3.txt", "refsource": "CONFIRM", "url": "http://www.squid-cache.org/Advisories/SQUID-2018_3.txt"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:51:48.966Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://zerodayinitiative.com/advisories/ZDI-18-309"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.squid-cache.org/Advisories/SQUID-2018_3.txt"}]}]}, "cveMetadata": {"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "assignerShortName": "zdi", "cveId": "CVE-2018-1172", "datePublished": "2018-05-16T21:00:00", "dateReserved": "2017-12-05T00:00:00", "dateUpdated": "2024-08-05T03:51:48.966Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:squid-cache:squid:3.5.27:*:*:*:*:*:*:*", "matchCriteriaId": "D83BE9E6-CEAF-47B8-9501-68FC6AB94BB8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCheck(). A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition to users of the system. Was ZDI-CAN-6088."}, {"lang": "es", "value": "Esta vulnerabilidad permite que atacantes remotos denieguen el servicio de instalaciones vulnerables de The Squid Software Foundation Squid 3.5.27-20180318. No se requiere autenticaci\u00f3n para explotar esta vulnerabilidad. Este error en concreto existe en ClientRequestContext::sslBumpAccessCheck(). Una petici\u00f3n manipulada puede desencadenar la desreferencia de un puntero NULL. Un atacante puede aprovechar esta vulnerabilidad para crear una condici\u00f3n de denegaci\u00f3n de servicio (DoS) a los usuarios del sistema. Anteriormente era ZDI-CAN-6088."}], "id": "CVE-2018-1172", "lastModified": "2024-11-21T03:59:19.947", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-05-16T21:29:00.280", "references": [{"source": "zdi-disclosures@trendmicro.com", "tags": ["Vendor Advisory"], "url": "http://www.squid-cache.org/Advisories/SQUID-2018_3.txt"}, {"source": "zdi-disclosures@trendmicro.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://zerodayinitiative.com/advisories/ZDI-18-309"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.squid-cache.org/Advisories/SQUID-2018_3.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://zerodayinitiative.com/advisories/ZDI-18-309"}], "sourceIdentifier": "zdi-disclosures@trendmicro.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "zdi-disclosures@trendmicro.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "squid: Incorrect pointer handling when processing ESI responses allows denial of service", "id": "1569424", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1569424"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCheck(). A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition to users of the system. Was ZDI-CAN-6088.", "it was found that Squid, when used as a reverse proxy, did not handle ESI responses properly. A malicious web server could use this flaw to crash Squid."], "name": "CVE-2018-1172", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "squid", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "squid", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "squid34", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "squid", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "squid", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2018-04-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-1172\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-1172\nhttp://www.squid-cache.org/Advisories/SQUID-2018_3.txt"], "statement": "This issue affects the versions of squid and squid34 as shipped with Red Hat Enterprise Linux 6. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "threat_severity": "Low", "upstream_fix": "squid 4.0.13"}