{
  "threat_severity" : "Moderate",
  "public_date" : "2016-04-20T00:00:00Z",
  "bugzilla" : {
    "description" : "squid: buffer overflow in cachemgr.cgi",
    "id" : "1329126",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1329126"
  },
  "cvss" : {
    "cvss_base_score" : "5.1",
    "cvss_scoring_vector" : "AV:N/AC:H/Au:N/C:P/I:P/A:P",
    "status" : "verified"
  },
  "cwe" : "CWE-122",
  "details" : [ "Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data.", "A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacker could possibly use this flaw to execute arbitrary code." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2016-05-31T00:00:00Z",
    "advisory" : "RHSA-2016:1138",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "squid-7:3.1.23-16.el6_8.4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2016-05-31T00:00:00Z",
    "advisory" : "RHSA-2016:1140",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "squid34-7:3.4.14-9.el6_8.3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2016-05-31T00:00:00Z",
    "advisory" : "RHSA-2016:1139",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "squid-7:3.3.8-26.el7_2.3"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Will not fix",
    "package_name" : "squid",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2016-4051\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-4051\nhttp://www.squid-cache.org/Advisories/SQUID-2016_5.txt" ],
  "name" : "CVE-2016-4051",
  "csaw" : false
}