Published: 27 February 2016
Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.
CVSS 3 base score: 7.5
Launchpad, Ubuntu, Debian
|Ubuntu 16.04 ESM (Xenial Xerus)||
|Ubuntu 14.04 ESM (Trusty Tahr)||
Does not exist
(trusty was ignored)
needs substantial backporting introduced a regression in Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816601 There are no current plans to fix this CVE in Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.