{"id":"CVE-2016-2390","details":"The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintext HTTP message.","modified":"2026-04-10T03:49:01.593061Z","published":"2016-04-19T21:59:07.957Z","related":["SUSE-SU-2016:2089-1"],"references":[{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"},{"type":"WEB","url":"http://www.securitytracker.com/id/1035045"},{"type":"WEB","url":"http://bugs.squid-cache.org/show_bug.cgi?id=4437"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"},{"type":"ADVISORY","url":"http://lists.squid-cache.org/pipermail/squid-announce/2016-February/000037.html"},{"type":"ADVISORY","url":"http://lists.squid-cache.org/pipermail/squid-announce/2016-February/000038.html"},{"type":"ADVISORY","url":"http://www.squid-cache.org/Advisories/SQUID-2016_1.txt"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/squid-cache/squid","events":[{"introduced":"0"},{"last_affected":"1988de5bff40bc85b8d0d95298fc4715c19f2d56"},{"introduced":"0"},{"last_affected":"78121f9a195344616290ecdd4f7f9dd521daaf1a"},{"introduced":"0"},{"last_affected":"ff87fda5fe2e205785b15ebdb243ad812effc981"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.5.13"},{"introduced":"0"},{"last_affected":"4.0.4"},{"introduced":"0"},{"last_affected":"4.0.5"}]}}],"versions":["HISTORIC_RELEASES","SQUID_3_0_PRE1","SQUID_3_0_PRE2","SQUID_3_0_PRE3","SQUID_3_0_PRE4","SQUID_3_0_PRE5","SQUID_3_0_PRE6","SQUID_3_0_PRE7","SQUID_3_0_RC1","SQUID_3_5_0_1","SQUID_3_5_0_2","SQUID_3_5_0_3","SQUID_3_5_0_4","SQUID_3_5_1","SQUID_3_5_10","SQUID_3_5_11","SQUID_3_5_12","SQUID_3_5_13","SQUID_3_5_2","SQUID_3_5_3","SQUID_3_5_4","SQUID_3_5_5","SQUID_3_5_6","SQUID_3_5_7","SQUID_3_5_8","SQUID_3_5_9","SQUID_4_0_1","SQUID_4_0_2","SQUID_4_0_3","SQUID_4_0_4","SQUID_4_0_5","take00"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-2390.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}