QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2018-1172

Back to search

CVE-2018-1172

Published: May 16, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCheck(). A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition to users of the system. Was ZDI-CAN-6088.

VendorProductVersions

The Squid Software Foundation

The Squid Software Foundation Squid

affected
3.5.27-20180318

Weaknesses (CWE)

CWE-476

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now