vulnerability

FreeBSD: squid -- remote DoS in HTTP response processing (Multiple CVEs)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:N/A:P)	Feb 24, 2016	Feb 25, 2016	Jul 28, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:P)

Published

Feb 24, 2016

Added

Feb 25, 2016

Modified

Jul 28, 2025

Description

http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.

Solution

freebsd-upgrade-package-squid

References

CVE-2016-2569
https://attackerkb.com/topics/CVE-2016-2569
CVE-2016-2570
https://attackerkb.com/topics/CVE-2016-2570
CVE-2016-2571
https://attackerkb.com/topics/CVE-2016-2571
URL-http://www.openwall.com/lists/oss-security/2016/02/24/12
URL-http://www.squid-cache.org/Advisories/SQUID-2016_2.txt

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today