CVE-2016-4053: Buffer Overflow
First published: Mon Apr 25 2016(Updated: )
Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Squid Web Proxy Cache | =3.0 | |
| Squid Web Proxy Cache | =3.1 | |
| Squid Web Proxy Cache | =3.1.0.1 | |
| Squid Web Proxy Cache | =3.1.0.2 | |
| Squid Web Proxy Cache | =3.1.0.3 | |
| Squid Web Proxy Cache | =3.1.0.4 | |
| Squid Web Proxy Cache | =3.1.0.5 | |
| Squid Web Proxy Cache | =3.1.0.6 | |
| Squid Web Proxy Cache | =3.1.0.7 | |
| Squid Web Proxy Cache | =3.1.0.8 | |
| Squid Web Proxy Cache | =3.1.0.9 | |
| Squid Web Proxy Cache | =3.1.0.10 | |
| Squid Web Proxy Cache | =3.1.0.11 | |
| Squid Web Proxy Cache | =3.1.0.12 | |
| Squid Web Proxy Cache | =3.1.0.13 | |
| Squid Web Proxy Cache | =3.1.0.14 | |
| Squid Web Proxy Cache | =3.1.0.15 | |
| Squid Web Proxy Cache | =3.1.0.16 | |
| Squid Web Proxy Cache | =3.1.0.17 | |
| Squid Web Proxy Cache | =3.1.0.18 | |
| Squid Web Proxy Cache | =3.1.1 | |
| Squid Web Proxy Cache | =3.1.2 | |
| Squid Web Proxy Cache | =3.1.3 | |
| Squid Web Proxy Cache | =3.1.4 | |
| Squid Web Proxy Cache | =3.1.5 | |
| Squid Web Proxy Cache | =3.1.5.1 | |
| Squid Web Proxy Cache | =3.1.6 | |
| Squid Web Proxy Cache | =3.1.7 | |
| Squid Web Proxy Cache | =3.1.8 | |
| Squid Web Proxy Cache | =3.1.9 | |
| Squid Web Proxy Cache | =3.1.10 | |
| Squid Web Proxy Cache | =3.1.11 | |
| Squid Web Proxy Cache | =3.1.12 | |
| Squid Web Proxy Cache | =3.1.12.1 | |
| Squid Web Proxy Cache | =3.1.12.2 | |
| Squid Web Proxy Cache | =3.1.12.3 | |
| Squid Web Proxy Cache | =3.1.13 | |
| Squid Web Proxy Cache | =3.1.14 | |
| Squid Web Proxy Cache | =3.1.15 | |
| Squid Web Proxy Cache | =3.1.16 | |
| Squid Web Proxy Cache | =3.1.17 | |
| Squid Web Proxy Cache | =3.1.18 | |
| Squid Web Proxy Cache | =3.1.19 | |
| Squid Web Proxy Cache | =3.1.20 | |
| Squid Web Proxy Cache | =3.1.21 | |
| Squid Web Proxy Cache | =3.1.22 | |
| Squid Web Proxy Cache | =3.2.0.1 | |
| Squid Web Proxy Cache | =3.2.0.2 | |
| Squid Web Proxy Cache | =3.2.0.3 | |
| Squid Web Proxy Cache | =3.2.0.4 | |
| Squid Web Proxy Cache | =3.2.0.5 | |
| Squid Web Proxy Cache | =3.2.0.6 | |
| Squid Web Proxy Cache | =3.2.0.7 | |
| Squid Web Proxy Cache | =3.2.0.8 | |
| Squid Web Proxy Cache | =3.2.0.9 | |
| Squid Web Proxy Cache | =3.2.0.10 | |
| Squid Web Proxy Cache | =3.2.0.11 | |
| Squid Web Proxy Cache | =3.2.0.12 | |
| Squid Web Proxy Cache | =3.2.0.13 | |
| Squid Web Proxy Cache | =3.2.0.14 | |
| Squid Web Proxy Cache | =3.2.0.15 | |
| Squid Web Proxy Cache | =3.2.0.16 | |
| Squid Web Proxy Cache | =3.2.0.17 | |
| Squid Web Proxy Cache | =3.2.0.18 | |
| Squid Web Proxy Cache | =3.2.0.19 | |
| Squid Web Proxy Cache | =3.2.1 | |
| Squid Web Proxy Cache | =3.2.2 | |
| Squid Web Proxy Cache | =3.2.3 | |
| Squid Web Proxy Cache | =3.2.4 | |
| Squid Web Proxy Cache | =3.2.5 | |
| Squid Web Proxy Cache | =3.2.6 | |
| Squid Web Proxy Cache | =3.2.7 | |
| Squid Web Proxy Cache | =3.2.8 | |
| Squid Web Proxy Cache | =3.2.9 | |
| Squid Web Proxy Cache | =3.2.10 | |
| Squid Web Proxy Cache | =3.2.11 | |
| Squid Web Proxy Cache | =3.2.12 | |
| Squid Web Proxy Cache | =3.2.13 | |
| Squid Web Proxy Cache | =3.3.0 | |
| Squid Web Proxy Cache | =3.3.0.1 | |
| Squid Web Proxy Cache | =3.3.0.2 | |
| Squid Web Proxy Cache | =3.3.0.3 | |
| Squid Web Proxy Cache | =3.3.1 | |
| Squid Web Proxy Cache | =3.3.2 | |
| Squid Web Proxy Cache | =3.3.3 | |
| Squid Web Proxy Cache | =3.3.4 | |
| Squid Web Proxy Cache | =3.3.5 | |
| Squid Web Proxy Cache | =3.3.6 | |
| Squid Web Proxy Cache | =3.3.7 | |
| Squid Web Proxy Cache | =3.3.8 | |
| Squid Web Proxy Cache | =3.3.9 | |
| Squid Web Proxy Cache | =3.3.10 | |
| Squid Web Proxy Cache | =3.3.11 | |
| Squid Web Proxy Cache | =3.3.12 | |
| Squid Web Proxy Cache | =3.3.13 | |
| Squid Web Proxy Cache | =3.3.14 | |
| Squid Web Proxy Cache | =3.4.0.1 | |
| Squid Web Proxy Cache | =3.4.0.2 | |
| Squid Web Proxy Cache | =3.4.0.3 | |
| Squid Web Proxy Cache | =3.4.1 | |
| Squid Web Proxy Cache | =3.4.2 | |
| Squid Web Proxy Cache | =3.4.3 | |
| Squid Web Proxy Cache | =3.4.4 | |
| Squid Web Proxy Cache | =3.4.4.1 | |
| Squid Web Proxy Cache | =3.4.4.2 | |
| Squid Web Proxy Cache | =3.4.8 | |
| Squid Web Proxy Cache | =3.4.9 | |
| Squid Web Proxy Cache | =3.4.10 | |
| Squid Web Proxy Cache | =3.4.11 | |
| Squid Web Proxy Cache | =3.4.12 | |
| Squid Web Proxy Cache | =3.4.13 | |
| Squid Web Proxy Cache | =3.4.14 | |
| Squid Web Proxy Cache | =3.5.0.1 | |
| Squid Web Proxy Cache | =3.5.0.2 | |
| Squid Web Proxy Cache | =3.5.0.3 | |
| Squid Web Proxy Cache | =3.5.0.4 | |
| Squid Web Proxy Cache | =3.5.1 | |
| Squid Web Proxy Cache | =3.5.2 | |
| Squid Web Proxy Cache | =3.5.3 | |
| Squid Web Proxy Cache | =3.5.4 | |
| Squid Web Proxy Cache | =3.5.5 | |
| Squid Web Proxy Cache | =3.5.6 | |
| Squid Web Proxy Cache | =3.5.7 | |
| Squid Web Proxy Cache | =3.5.8 | |
| Squid Web Proxy Cache | =3.5.9 | |
| Squid Web Proxy Cache | =3.5.10 | |
| Squid Web Proxy Cache | =3.5.11 | |
| Squid Web Proxy Cache | =3.5.12 | |
| Squid Web Proxy Cache | =3.5.13 | |
| Squid Web Proxy Cache | =3.5.14 | |
| Squid Web Proxy Cache | =3.5.15 | |
| Squid Web Proxy Cache | =3.5.16 | |
| Squid Web Proxy Cache | =4.0.1 | |
| Squid Web Proxy Cache | =4.0.2 | |
| Squid Web Proxy Cache | =4.0.3 | |
| Squid Web Proxy Cache | =4.0.4 | |
| Squid Web Proxy Cache | =4.0.5 | |
| Squid Web Proxy Cache | =4.0.6 | |
| Squid Web Proxy Cache | =4.0.7 | |
| Squid Web Proxy Cache | =4.0.8 | |
| Oracle Linux | =6 | |
| Oracle Linux | =7 | |
| Ubuntu | =12.04 | |
| Ubuntu | =14.04 | |
| Ubuntu | =15.10 | |
| Ubuntu | =16.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html
- http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html
- http://www.debian.org/security/2016/dsa-3625
- http://www.openwall.com/lists/oss-security/2016/04/20/6
- http://www.openwall.com/lists/oss-security/2016/04/20/9
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
- http://www.securityfocus.com/bid/86788
- http://www.securityfocus.com/bid/91787
- http://www.securitytracker.com/id/1035647
- http://www.squid-cache.org/Advisories/SQUID-2016_6.txt
- http://www.ubuntu.com/usn/USN-2995-1
- https://access.redhat.com/errata/RHSA-2016:1138
- https://access.redhat.com/errata/RHSA-2016:1139
- https://access.redhat.com/errata/RHSA-2016:1140
- https://security.gentoo.org/glsa/201607-01
Frequently Asked Questions
What is the severity of CVE-2016-4053?
CVE-2016-4053 has been assigned a medium severity level due to the potential for information leakage.
How do I fix CVE-2016-4053?
To fix CVE-2016-4053, update Squid to version 3.5.17 or newer for 3.x series or 4.0.9 or newer for 4.x series.
What impact does CVE-2016-4053 have on affected systems?
CVE-2016-4053 can allow remote attackers to obtain sensitive stack layout information from affected Squid installations.
Which versions of Squid are affected by CVE-2016-4053?
CVE-2016-4053 affects Squid versions prior to 3.5.17 and 4.x prior to 4.0.9.
Was CVE-2016-4053 publicly disclosed?
Yes, CVE-2016-4053 was publicly disclosed as part of a security announcement affecting multiple systems.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/author
- agent/references
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/squid-cache
- canonical/squid web proxy cache
- version/squid web proxy cache/3.0
- version/squid web proxy cache/3.1
- version/squid web proxy cache/3.1.0.1
- version/squid web proxy cache/3.1.0.2
- version/squid web proxy cache/3.1.0.3
- version/squid web proxy cache/3.1.0.4
- version/squid web proxy cache/3.1.0.5
- version/squid web proxy cache/3.1.0.6
- version/squid web proxy cache/3.1.0.7
- version/squid web proxy cache/3.1.0.8
- version/squid web proxy cache/3.1.0.9
- version/squid web proxy cache/3.1.0.10
- version/squid web proxy cache/3.1.0.11
- version/squid web proxy cache/3.1.0.12
- version/squid web proxy cache/3.1.0.13
- version/squid web proxy cache/3.1.0.14
- version/squid web proxy cache/3.1.0.15
- version/squid web proxy cache/3.1.0.16
- version/squid web proxy cache/3.1.0.17
- version/squid web proxy cache/3.1.0.18
- version/squid web proxy cache/3.1.1
- version/squid web proxy cache/3.1.2
- version/squid web proxy cache/3.1.3
- version/squid web proxy cache/3.1.4
- version/squid web proxy cache/3.1.5
- version/squid web proxy cache/3.1.5.1
- version/squid web proxy cache/3.1.6
- version/squid web proxy cache/3.1.7
- version/squid web proxy cache/3.1.8
- version/squid web proxy cache/3.1.9
- version/squid web proxy cache/3.1.10
- version/squid web proxy cache/3.1.11
- version/squid web proxy cache/3.1.12
- version/squid web proxy cache/3.1.12.1
- version/squid web proxy cache/3.1.12.2
- version/squid web proxy cache/3.1.12.3
- version/squid web proxy cache/3.1.13
- version/squid web proxy cache/3.1.14
- version/squid web proxy cache/3.1.15
- version/squid web proxy cache/3.1.16
- version/squid web proxy cache/3.1.17
- version/squid web proxy cache/3.1.18
- version/squid web proxy cache/3.1.19
- version/squid web proxy cache/3.1.20
- version/squid web proxy cache/3.1.21
- version/squid web proxy cache/3.1.22
- version/squid web proxy cache/3.2.0.1
- version/squid web proxy cache/3.2.0.2
- version/squid web proxy cache/3.2.0.3
- version/squid web proxy cache/3.2.0.4
- version/squid web proxy cache/3.2.0.5
- version/squid web proxy cache/3.2.0.6
- version/squid web proxy cache/3.2.0.7
- version/squid web proxy cache/3.2.0.8
- version/squid web proxy cache/3.2.0.9
- version/squid web proxy cache/3.2.0.10
- version/squid web proxy cache/3.2.0.11
- version/squid web proxy cache/3.2.0.12
- version/squid web proxy cache/3.2.0.13
- version/squid web proxy cache/3.2.0.14
- version/squid web proxy cache/3.2.0.15
- version/squid web proxy cache/3.2.0.16
- version/squid web proxy cache/3.2.0.17
- version/squid web proxy cache/3.2.0.18
- version/squid web proxy cache/3.2.0.19
- version/squid web proxy cache/3.2.1
- version/squid web proxy cache/3.2.2
- version/squid web proxy cache/3.2.3
- version/squid web proxy cache/3.2.4
- version/squid web proxy cache/3.2.5
- version/squid web proxy cache/3.2.6
- version/squid web proxy cache/3.2.7
- version/squid web proxy cache/3.2.8
- version/squid web proxy cache/3.2.9
- version/squid web proxy cache/3.2.10
- version/squid web proxy cache/3.2.11
- version/squid web proxy cache/3.2.12
- version/squid web proxy cache/3.2.13
- version/squid web proxy cache/3.3.0
- version/squid web proxy cache/3.3.0.1
- version/squid web proxy cache/3.3.0.2
- version/squid web proxy cache/3.3.0.3
- version/squid web proxy cache/3.3.1
- version/squid web proxy cache/3.3.2
- version/squid web proxy cache/3.3.3
- version/squid web proxy cache/3.3.4
- version/squid web proxy cache/3.3.5
- version/squid web proxy cache/3.3.6
- version/squid web proxy cache/3.3.7
- version/squid web proxy cache/3.3.8
- version/squid web proxy cache/3.3.9
- version/squid web proxy cache/3.3.10
- version/squid web proxy cache/3.3.11
- version/squid web proxy cache/3.3.12
- version/squid web proxy cache/3.3.13
- version/squid web proxy cache/3.3.14
- version/squid web proxy cache/3.4.0.1
- version/squid web proxy cache/3.4.0.2
- version/squid web proxy cache/3.4.0.3
- version/squid web proxy cache/3.4.1
- version/squid web proxy cache/3.4.2
- version/squid web proxy cache/3.4.3
- version/squid web proxy cache/3.4.4
- version/squid web proxy cache/3.4.4.1
- version/squid web proxy cache/3.4.4.2
- version/squid web proxy cache/3.4.8
- version/squid web proxy cache/3.4.9
- version/squid web proxy cache/3.4.10
- version/squid web proxy cache/3.4.11
- version/squid web proxy cache/3.4.12
- version/squid web proxy cache/3.4.13
- version/squid web proxy cache/3.4.14
- version/squid web proxy cache/3.5.0.1
- version/squid web proxy cache/3.5.0.2
- version/squid web proxy cache/3.5.0.3
- version/squid web proxy cache/3.5.0.4
- version/squid web proxy cache/3.5.1
- version/squid web proxy cache/3.5.2
- version/squid web proxy cache/3.5.3
- version/squid web proxy cache/3.5.4
- version/squid web proxy cache/3.5.5
- version/squid web proxy cache/3.5.6
- version/squid web proxy cache/3.5.7
- version/squid web proxy cache/3.5.8
- version/squid web proxy cache/3.5.9
- version/squid web proxy cache/3.5.10
- version/squid web proxy cache/3.5.11
- version/squid web proxy cache/3.5.12
- version/squid web proxy cache/3.5.13
- version/squid web proxy cache/3.5.14
- version/squid web proxy cache/3.5.15
- version/squid web proxy cache/3.5.16
- version/squid web proxy cache/4.0.1
- version/squid web proxy cache/4.0.2
- version/squid web proxy cache/4.0.3
- version/squid web proxy cache/4.0.4
- version/squid web proxy cache/4.0.5
- version/squid web proxy cache/4.0.6
- version/squid web proxy cache/4.0.7
- version/squid web proxy cache/4.0.8
- vendor/oracle
- canonical/oracle linux
- version/oracle linux/6
- version/oracle linux/7
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/12.04
- version/ubuntu/14.04
- version/ubuntu/15.10
- version/ubuntu/16.04