Unrated severityNVD Advisory· Published Feb 9, 2018· Updated Aug 5, 2024

CVE-2018-1000027

Description

The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

The Squid Software Foundation/The Squid Software Foundation Squidllm-fuzzy
Range: <4.0.23
osv-coords8 versions
pkg:rpm/opensuse/squid&distro=openSUSE%20Tumbleweed pkg:rpm/suse/squid3&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4 pkg:rpm/suse/squid3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4 pkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2 pkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3 pkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2 pkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3
< 4.16-1.5+ 7 more
- (no CPE)range: < 4.16-1.5
- (no CPE)range: < 3.1.23-8.16.37.3.1
- (no CPE)range: < 3.1.23-8.16.37.3.1
- (no CPE)range: < 3.5.21-26.6.1
- (no CPE)range: < 3.5.21-26.6.1
- (no CPE)range: < 3.5.21-26.6.1
- (no CPE)range: < 3.5.21-26.6.1
- (no CPE)range: < 3.5.21-26.6.1

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

usn.ubuntu.com/3557-1/mitrevendor-advisoryx_refsource_UBUNTU
usn.ubuntu.com/4059-2/mitrevendor-advisoryx_refsource_UBUNTU
www.debian.org/security/2018/dsa-4122mitrevendor-advisoryx_refsource_DEBIAN
www.squid-cache.org/Advisories/SQUID-2018_2.txtmitrex_refsource_CONFIRM
www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_2.patchmitrex_refsource_CONFIRM
www.squid-cache.org/Versions/v4/changesets/SQUID-2018_2.patchmitrex_refsource_CONFIRM
github.com/squid-cache/squid/pull/129/filesmitrex_refsource_CONFIRM
lists.debian.org/debian-lts-announce/2018/02/msg00001.htmlmitremailing-listx_refsource_MLIST
lists.debian.org/debian-lts-announce/2018/02/msg00002.htmlmitremailing-listx_refsource_MLIST

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.011
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000