CVE ID | CVE-2018-1172 |
CVSS SCORE | 7.8, AV:N/AC:L/Au:N/C:N/I:N/A:C |
AFFECTED VENDORS |
The Squid Software Foundation |
AFFECTED PRODUCTS |
Squid |
VULNERABILITY DETAILS |
The specific flaw exists within ClientRequestContext::sslBumpAccessCheck(). A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition to users of the system. |
ADDITIONAL DETAILS |
The Squid Software Foundation has issued an update to correct this vulnerability. More details can be found at:
http://www.squid-cache.org/Advisories/SQUID-2018_3.txt |
DISCLOSURE TIMELINE |
|
CREDIT | Michael Marshall of Trend Micro |