Stack-based buffer overflows in Squid 3.x and 4.x via crafted Edge Side Includes (ESI) responses

Stack-based buffer overflows in Squid 3.x and 4.x via crafted Edge Side Includes (ESI) responses

CVE-2016-4052 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses.

Learn more about our Cis Benchmark Audit For Server Software.