Home > Vulnerability Database > CVE-2016-4053

Mend.io Vulnerability Database

CVE-2016-4053

Date: April 25, 2016

Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization.

Language: C++

Severity Score

3.7

Related Resources (22)

Url: http://www.debian.org/security/2016/dsa-3625

Url: https://security-tracker.debian.org/tracker/CVE-2016-4053

Url: http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html

Url: https://access.redhat.com/security/cve/CVE-2016-4053

Url: https://access.redhat.com/errata/RHSA-2016:1140

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2016-4053

Url: http://www.openwall.com/lists/oss-security/2016/04/20/6

Url: http://www.securityfocus.com/bid/91787

Url: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2016-4053

Url: http://www.securitytracker.com/id/1035647

Url: http://www.openwall.com/lists/oss-security/2016/04/20/9

Url: http://www.squid-cache.org/Advisories/SQUID-2016_6.txt

Url: https://security.gentoo.org/glsa/201607-01

Url: http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html

Url: http://www.securityfocus.com/bid/86788

Url: http://www.ubuntu.com/usn/USN-2995-1

Url: http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html

Url: http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html

Url: https://access.redhat.com/errata/RHSA-2016:1138

Url: https://access.redhat.com/errata/RHSA-2016:1139

Url: https://www.mend.io/vulnerability-database/CVE-2016-4053

Severity Score

3.7

Weakness Type (CWE)

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-119

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2016-4053

Date: April 25, 2016

Language: C++

Severity Score

Related Resources (22)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?