FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2016-2390

This CVE name corresponds to:

Entered Topic
2016-02-18 squid -- SSL/TLS processing remote DoS

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2016-2390 at cve.mitre.org

Details

Type Candidate
Name CVE-2016-2390
Phase Assigned(20160216)

Description

The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintext HTTP message.

References

Source Reference
MLIST [squid-announce] 20160216 Squid 3.5.14 is available
MLIST [squid-announce] 20160216 Squid 4.0.6 beta is available
CONFIRM http://bugs.squid-cache.org/show_bug.cgi?id=4437
CONFIRM http://www.squid-cache.org/Advisories/SQUID-2016_1.txt
SECTRACK 1035045

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.