CVE-2016-4053

Publication date 25 April 2016

Last updated 25 August 2025

Ubuntu priority

Low

Why this priority?

Cvss 3 Severity Score

3.7 · Low

Score breakdown

Description

Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization.

Read the notes from the security team

Status

Package Ubuntu Release Status
squid3 16.04 LTS xenial
Fixed 3.5.12-1ubuntu7.2
15.10 wily
Fixed 3.3.8-1ubuntu16.3
14.04 LTS trusty
Fixed 3.3.8-1ubuntu6.8
12.04 LTS precise
Fixed 3.1.19-1ubuntu3.12.04.7

Notes

mdeslaur

same patches as CVE-2016-4052

Severity score breakdown

CVSS version: CVSS v3.0

Base score 3.7 · Low

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

References

Related Ubuntu Security Notices (USN)

Other references

Access our resources on patching vulnerabilities