CVE-2018-1172

This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCheck(). A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition to users of the system. Was ZDI-CAN-6088.

Published : 2018-05-16 21:29 Updated : 2019-10-09 23:38

4.3
CVSS Score More info
Score 4.3 / 10
4.3
Vendor Product Version URI
Squid-cache Squid 3.5.27 cpe:/a:squid-cache:squid:3.5.27
  1. Squid-cache (1) Search CVE
    1. Squid (1) Search CVE
      1. 3.5.27

CWE

ID Name Description Links
CWE-476 NULL Pointer Dereference A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. CVE

History of changes

Date Event
2018-06-19 18:22
2018-05-16 21:29

New CVE