Medium severity5.9NVD Advisory· Published May 16, 2018· Updated Jun 17, 2026
CVE-2018-1172
CVE-2018-1172
Description
This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCheck(). A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition to users of the system. Was ZDI-CAN-6088.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7- Range: =3.5.27-20180318
- osv-coords5 versionspkg:rpm/opensuse/squid&distro=openSUSE%20Tumbleweedpkg:rpm/suse/squid3&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/squid3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3
< 4.16-1.5+ 4 more
- (no CPE)range: < 4.16-1.5
- (no CPE)range: < 3.1.23-8.16.37.6.1
- (no CPE)range: < 3.1.23-8.16.37.6.1
- (no CPE)range: < 3.5.21-26.9.1
- (no CPE)range: < 3.5.21-26.9.1
- Range: 3.5.27-20180318
Patches
Vulnerability mechanics
References
2- www.squid-cache.org/Advisories/SQUID-2018_3.txtnvdVendor Advisory
- zerodayinitiative.com/advisories/ZDI-18-309nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.