CVE-2018-1172

CVE-2018-1172

Vendor The Squid Software Foundation
Product The Squid Software Foundation Squid
Weakness CWE-476
Published May 16, 2018
Last update August 5, 2024

CVSS base score

What the vulnerability does

01Description

This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCheck(). A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition to users of the system. Was ZDI-CAN-6088.

Key dates

02Disclosure timeline

May 16, 2018 CVE published
August 5, 2024 Record updated