Alpine: multiple squid packages: security update to 3.5.27-r2

high Tenable Cloud Security Plugin ID 424518

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid
Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability.
The specific flaw exists within ClientRequestContext::sslBumpAccessCheck(). A crafted request can trigger
the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-
service condition to users of the system. Was ZDI-CAN-6088. (CVE-2018-1172)

- The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a
Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service
for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP
response payload containing valid but unusual ESI syntax.. This vulnerability appears to have been fixed
in 4.0.23 and later. (CVE-2018-1000024)

- The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL
Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in
Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server
responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to
have been fixed in 4.0.23 and later. (CVE-2018-1000027)

See Also

https://security.alpinelinux.org/vuln/CVE-2018-1000024

https://security.alpinelinux.org/vuln/CVE-2018-1000027

https://security.alpinelinux.org/vuln/CVE-2018-1172

Plugin Details

Severity: High

ID: 424518

Version: Revision 1.8

Type: Local

Published: 4/4/2025

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 3

Percentile: 23.18

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2018-1000027

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 1/23/2018

Reference Information

CVE: CVE-2018-1000024, CVE-2018-1000027, CVE-2018-1172