mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-07 03:02:30 +00:00
879 B
879 B
CVE-2016-2570
Description
The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.
POC
Reference
- http://www.openwall.com/lists/oss-security/2016/02/26/2
- http://www.squid-cache.org/Advisories/SQUID-2016_2.txt
- https://usn.ubuntu.com/3557-1/
Github
No PoCs found on GitHub currently.