Page 8 of 72 results (0.007 seconds)

CVSS: 7.5EPSS: 95%CPEs: 143EXPL: 1

CVE-2016-2569 – squid: some code paths fail to check bounds in string object

https://notcve.org/view.php?id=CVE-2016-2569

27 Feb 2016 — Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header. Squid 3.x en versiones anteriores a 3.5.15 y 4.x en versiones anteriores a 4.0.7 no añade datos a objetos String adecuadamente, lo que permite a servidores remotos provocar una denegación de servicio (error de aserción y salida de demonio) a través de una cad... • https://github.com/amit-raut/CVE-2016-2569 • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •

CVSS: 7.5EPSS: 62%CPEs: 143EXPL: 0

CVE-2016-2571 – squid: wrong error handling for malformed HTTP responses

https://notcve.org/view.php?id=CVE-2016-2571

27 Feb 2016 — http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response. http.cc en Squid 3.x en versiones anteriores a 3.5.15 y 4.x en versiones anteriores a 4.0.7 procede con el almacenamiento de ciertos datos después de un fallo de respuesta de análisis, lo que permite a servidores HTTP remotos provocar una denegación de ser... • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html • CWE-20: Improper Input Validation CWE-228: Improper Handling of Syntactically Invalid Structure •