CVE-2016-4052

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2016-4052
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-4052.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-4052
Downstream
Related
Published
2016-04-25T14:59:03.313Z
Modified
2025-11-14T04:41:10.717404Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses.

References

Affected packages

Git / github.com/squid-cache/squid

Affected ranges

Type
GIT
Repo
https://github.com/squid-cache/squid
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
010a096fd7a7b777b0829b9451041bd29e1c9ab7
Last affected
02da80202eba6065610edfec867e0df5f7ee24e3
Last affected
03b30ca2ccb07c86f90436cdf908aaa600a3d2d5
Last affected
04c6f6c989fb0083b3b10adfe2f438b6781c43bd
Last affected
082d319afdcea8063d66a4d62305a46f643e0ecf
Last affected
08bb741d3d3860c4cceaf8b975ae30a043c4cc0b
Last affected
0a86601658fe06bf7c2dd39dc742078b41100082
Last affected
0c8347ccf393a39e2f2b932af5617383355a9205
Last affected
1243ec712bf76c549ba7f48fcdc30d98ce550449
Last affected
1294bc0ba91589f22976aa613a9d187eb9a8b458
Last affected
146dff1641e1cafffc42f1e64585ef40279748ea
Last affected
16aeb23e632cbdb9fbacecf3e0810d15fa5be6ce
Last affected
1968c994fc58a4414ae9b7a749572637b570ed43
Last affected
1988de5bff40bc85b8d0d95298fc4715c19f2d56
Last affected
20635298cbb2c4174aef47bf28abca3fd41f29e9
Last affected
2379f8704e576bf973d6369db033f8c31ace79b9
Last affected
23d36dbdc71f7eb62bfa02ee64a57c1e1200ec20
Last affected
24c69e209196c89b964ac9ac24111a8e881caff2
Last affected
24c941823519e4a5fd50f847869633df59cb3c8a
Last affected
2552ca552397fb9d23f06d4f1211c505205aee95
Last affected
25becf82ca7fd514c1bf89e90507afec99b41f63
Last affected
27badc1d246bcb465276aae46e474f1b5b4c1a36
Last affected
296a5a06290b6f9eea36945c6c35c606a4302227
Last affected
2a255c860c579b7a25a2b537872e0dcce7983821
Last affected
2e56d9ec0224e36cfa30da316ed26e7dd0967d25
Last affected
2f6650dc3d4b16a34963212a0f412ad4f90c9dc7
Last affected
35fc2c85bf61d6e0b1466bcceaeb952f41f273f8
Last affected
360ef302a7a4f2a23b29105442c2bd94525ba862
Last affected
364504efcfb3e54d8f9cd5da2fda27141e19a52c
Last affected
3749964e79716534b3226d35e1f67072c5b11272
Last affected
3c8b5c1e8ee8b5b0dce5671331298add54884d45
Last affected
3e26877ad7d95be6d03eafa6c649ac5719a9b7b8
Last affected
3eec572903c26cd1bdc5f81bdf4040d72cf3e8cb
Last affected
404063c59bb4ffa6c5a005611c4375f82ddd423f
Last affected
40fc2c6d9dbafc52852ab7752a3b70997513d09b
Last affected
43414554f57678ebae84ab3ede007a42fec099d2
Last affected
47b0a53c8c18b171262ebb7825be13dcc2a95b0e
Last affected
4bc04e53dfa4c3e88866a320282247ded45981b3
Last affected
51542de4b7ec5b9f615064d6ec1f2db8f5dc46eb
Last affected
531519b20df4d09be74eab8b1f28fcb8324e195c
Last affected
587ca2b7953baf346198c97eb8e4b5ae613c2054
Last affected
5a1755ec4d32e77df4a6df656ecd36c3cf9ce474
Last affected
5f8b1ebe2c1074e3bef1ad4b1acdeddacf8d3182
Last affected
6016af25b74da90a8fd112dc9c077986bcdae24b
Last affected
617f74d77bbfc48df25606ea1846929ed6a38677
Last affected
651b12950fdc2c2a71c1115eeabb6e9eaf7f5756
Last affected
65418ee141d3b82e4fd951b3a204234940c75b74
Last affected
66bd07b5f597756ab11c8747568f5dacf301886a
Last affected
67d28ab2063f8e60af7287bee0214c009f170670
Last affected
681f2679de484873d5f6a69a326c088b6161dcc0
Last affected
69b6459b1fed89686d173367cb1088b230e857ab
Last affected
6a4ea9c96ddedea6b76ce4f0f58e19065a5ded39
Last affected
6a70bd5a2e51e8c5686b8d18a59ce285699d8a68
Last affected
6ab1e7863a3c51542b6686e59a9f1aec3d3a1e30
Last affected
6c4d7196d05c95c406bafce712c8768cc8dc3beb
Last affected
6c96b8428e9d7ef68381d0728140a868210108e2
Last affected
6cf3ab45966cec5eff37ee1cb7d073ba6ed41049
Last affected
6df20824764501aa044f228cf232ab9062f5b2e2
Last affected
6ec68eb9be41795e50f52f88236f5415db48193a
Last affected
733ce6a2620375881170aa52fe3474805f257580
Last affected
76249d3f79580a0fb63d3e91cf6826e297b87d6e
Last affected
7647f4f93651255bfcfb949fcee57cfc731df273
Last affected
78121f9a195344616290ecdd4f7f9dd521daaf1a
Last affected
78749a65bbba65cd9a8853cbb02bfe601eaec303
Last affected
7a6d23ae1fe70d8a7b7e69b4b8796c2b7178d038
Last affected
7ab566ae2ba925178dd0d11d7f54b419cc5649f5
Last affected
7b4d0c3d7446d4913510fd603fa93b8853eac2a0
Last affected
7f53f09fb9dc2d6ac4f49ceae514ad6488e2600e
Last affected
836d89d797525a355b611c32fdbde8a4bbe7bbeb
Last affected
83f1f03412750fdd98b5219ff5829cd4e319a1b3
Last affected
8816ba52ddc4db01bb25713629a00d94a63bf817
Last affected
88afacefb6e9f0f142711a89695ce778bf246903
Last affected
8c0b9db4ff4f717a4017dfe88e5aa7f28f1215a3
Last affected
8e52b29f21ff2386f81710f0d4b9f9be5d13888d
Last affected
8e97e5a6b3dd15d3bd821e45a8472b532c6e858f
Last affected
97f9388a0edced1b168f57afaa6fe54b135dccc9
Last affected
9f3d27fcb040743317ee1103fdafa3b1dbbef666
Last affected
a214cc234b1f283cec7dbae50ea063c9f94c68d7
Last affected
a4be9cebc528a8a0c3be80207dc8a1e4dca22b68
Last affected
ac98a7060f6e8fa803b3aedd39de3a28a0aa8b68
Last affected
ad9138909421de63e9e707b661c47c182353af5d
Last affected
ae554264dd1549228e1975381ebef202c90b3a57
Last affected
af550ae944efbe50221fa9080d0eb17b724a743e
Last affected
afab0d62db7bdab084b051a604dc553063c32d79
Last affected
b2b5b5c9a70a189e92a23ef9f77fe84748b25434
Last affected
b59f0c8802d10b86bffea3aaaa5ae135c087b179
Last affected
b6bc3157c337458cd6615fd2120fa5446f82d1c3
Last affected
b76510325f9d9f91e6f08e93c52e2ad9b276ec05
Last affected
b7a7e8e9b9c745c7b04760a83d4574269c575771
Last affected
ba3f001ccb3459f706b9df20bd57aef8b034c9b5
Last affected
ba687e7081c71dd75fd6d634ec428fa7a95d8e00
Last affected
bb64fbe2f0dbdd58cbd8c19125317e3f9a894812
Last affected
bd495cabb0f4ba8013d61151abe70739cda37de1
Last affected
bf3b112b28b5789f045d8e018c4760d310e4793c
Last affected
c4500670f0bd4a81a7f7326e3649045c94d81b88
Last affected
c4ecbb30535dbec6286394d57eeb344d29f0ec9b
Last affected
c77f389a5f9592bd75db8c38f892f20ffa2ce7d4
Last affected
c99c18e5227b44fab04116594eef2d27f500304e
Last affected
c9e6a7b0267a3e584887e844a8abecc256bc3ae7
Last affected
cb560aedeb583a00794273bc10d5f7d1e5ce81fa
Last affected
cdd2b85d95b47a2da7142d20523c8559c28b6eb6
Last affected
cf73f53b2dec9ad09a5ec0bb9c56693a405c5422
Last affected
d0c5f7632ab816ad9074dfce4839398b1bfd507f
Last affected
d2edfc21f126191c4ba7904f9b1ca9bcf242420f
Last affected
d407a9994916d494e0e2866ec640f5804dd45ab0
Last affected
d44bfdad9b76753c27deaa3e9902aec465505e02
Last affected
d66163d55648b4be88a8b6be0714a96db21d09ca
Last affected
d67e4e01e5c7ba25f6f338db7e25676d3d056547
Last affected
d6943a41c4c80e344a1b45ffca016cbdb6b459de
Last affected
d69a09280f949ccbde09bbd3323e705dde93c780
Last affected
d99a9e47ba552b46a7ee25bec81a81925ccf7707
Last affected
da76fd895865124c20b2fccfed8a377c7806adfa
Last affected
dad5203230fbbbd55ace819d3860be74eac2c04b
Last affected
dcd00840fc81f8f3dbff4deb1285561a5ee83632
Last affected
e1a069368123cdb1bcc4a741810e659e47e74087
Last affected
ea532ad2c107f5e7c411cf50da2398528f7d8197
Last affected
eb029f8b5ed4df5f533f71576d966c7f87bdd627
Last affected
ed419f2eeb6fa1993633e87444e37ff05b0678e5
Last affected
ed4ee52aa6f17203eccbf06fb42bed6113739831
Last affected
f156a03afa4fa390164a68fc4f8cabf8aa1ce327
Last affected
f188960023551b2e9cb2a9df245b92bfeef37056
Last affected
f1d764835fcbeefdd3c20d29f187d0d14f3ed6b3
Last affected
f3ed5e9ed6e060862ba73b7c1991b94bed7330f5
Last affected
f5430fb355860dc9405a97919e534777819dea31
Last affected
f6bc541ced45fd5dd7414aba533ef7f210313668
Last affected
f70ddc104739d2abe80d9cd80e4365737b90731b
Last affected
f8c5f533ae65a6798c629cf4f3fe84002710a21f
Last affected
f8fd344c591b9d6de2b44d9693be47c6b7989116
Last affected
fa511ad17a593a064e660728d7b5af1805e751c3
Last affected
faa83934a89a6a708cd823b69b3bee4fc59847f4
Last affected
fae31c564679618a68d81f2014fd19cd7a48ecca
Last affected
fb6ff7ef8fab0384a16878b826fd7eb0f92a8203
Last affected
fb8d617cdce0c34be0535a008bf071de251a8a35
Last affected
fbb42e9343bb46531abda92f0f8502d8d634bdfa
Last affected
fe18eb28a0f32d879d0b99d26a1b97c54ee993eb
Last affected
ff57826cea2f97c47cee95241adc7193f96b089d
Last affected
ff59ac0fba145467c8e362418e5f8ecd7c5a1770
Last affected
ff87fda5fe2e205785b15ebdb243ad812effc981

Affected versions

Other

BASIC_TPROXY4
HISTORIC_RELEASES
SQUID_3_0_PRE1
SQUID_3_0_PRE2
SQUID_3_0_PRE3
SQUID_3_0_PRE4
SQUID_3_0_PRE5
SQUID_3_0_PRE6
SQUID_3_0_PRE7
SQUID_3_0_RC1
SQUID_3_1_0_1
SQUID_3_1_0_10
SQUID_3_1_0_11
SQUID_3_1_0_12
SQUID_3_1_0_13
SQUID_3_1_0_14
SQUID_3_1_0_2
SQUID_3_1_0_3
SQUID_3_1_0_4
SQUID_3_1_0_5
SQUID_3_1_0_6
SQUID_3_1_0_7
SQUID_3_1_0_8
SQUID_3_1_0_9
SQUID_3_2_0_1
SQUID_3_3_0_1
SQUID_3_3_0_2
SQUID_3_3_0_3
SQUID_3_3_1
SQUID_3_3_2
SQUID_3_3_3
SQUID_3_3_4
SQUID_3_4_0_1
SQUID_3_4_0_2
SQUID_3_4_0_3
SQUID_3_4_1
SQUID_3_4_2
SQUID_3_4_3
SQUID_3_4_4
SQUID_3_5_0_1
SQUID_3_5_0_2
SQUID_3_5_0_3
SQUID_3_5_0_4
SQUID_3_5_1
SQUID_3_5_10
SQUID_3_5_11
SQUID_3_5_12
SQUID_3_5_13
SQUID_3_5_14
SQUID_3_5_15
SQUID_3_5_16
SQUID_3_5_2
SQUID_3_5_3
SQUID_3_5_4
SQUID_3_5_5
SQUID_3_5_6
SQUID_3_5_7
SQUID_3_5_8
SQUID_3_5_9
SQUID_4_0_1
for-libecap-v0p1
merge-candidate-3-v1
merge-candidate-3-v2
sourceformat-review-1
take00
take01
take02
take03
take04
take06
take07
take08
take09
take1
take2

BumpSslServerFirst.*

BumpSslServerFirst.take01
BumpSslServerFirst.take02
BumpSslServerFirst.take03
BumpSslServerFirst.take04
BumpSslServerFirst.take05
BumpSslServerFirst.take06
BumpSslServerFirst.take07
BumpSslServerFirst.take08
BumpSslServerFirst.take09
BumpSslServerFirst.take10

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-4052.json"