CVE-2016-2390

The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintext HTTP message.

References

Affected packages

Git / github.com/squid-cache/squid

Affected ranges

Type

GIT

Repo

https://github.com/squid-cache/squid

Events

Introduced

Last affected

1988de5bff40bc85b8d0d95298fc4715c19f2d56

Last affected

78121f9a195344616290ecdd4f7f9dd521daaf1a

Last affected

ff87fda5fe2e205785b15ebdb243ad812effc981

Database specific

{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.5.13"
        },
        {
            "last_affected": "4.0.4"
        },
        {
            "last_affected": "4.0.5"
        }
    ],
    "source": "CPE_FIELD",
    "cpe": [
        "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:squid-cache:squid:4.0.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:squid-cache:squid:4.0.5:*:*:*:*:*:*:*"
    ]
}

Affected versions

Other

HISTORIC_RELEASES

SQUID_3_0_PRE1

SQUID_3_0_PRE2

SQUID_3_0_PRE3

SQUID_3_0_PRE4

SQUID_3_0_PRE5

SQUID_3_0_PRE6

SQUID_3_0_PRE7

SQUID_3_0_RC1

SQUID_3_5_0_1

SQUID_3_5_0_2

SQUID_3_5_0_3

SQUID_3_5_0_4

SQUID_3_5_1

SQUID_3_5_10

SQUID_3_5_11

SQUID_3_5_12

SQUID_3_5_13

SQUID_3_5_2

SQUID_3_5_3

SQUID_3_5_4

SQUID_3_5_5

SQUID_3_5_6

SQUID_3_5_7

SQUID_3_5_8

SQUID_3_5_9

SQUID_4_0_1

SQUID_4_0_2

SQUID_4_0_3

SQUID_4_0_4

SQUID_4_0_5

take00

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-2390.json"