CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25617 – Denial of Service in HTTP Header parser in squid proxy
https://notcve.org/view.php?id=CVE-2024-25617
14 Feb 2024 — Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to perform Denial of Service when sending oversized headers in HTTP messages. In versions of Squid prior to 6.5 this can be achieved if the request_header_max_size or reply_header_max_size settings are unchanged from the default. In Squ... • https://github.com/squid-cache/squid/commit/72a3bbd5e431597c3fdb56d752bc56b010ba3817 • CWE-182: Collapse of Data into Unsafe Value CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.6EPSS: 2%CPEs: 1EXPL: 0CVE-2023-49285 – Denial of Service in HTTP Message Processing in Squid
https://notcve.org/view.php?id=CVE-2023-49285
04 Dec 2023 — Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. • http://www.squid-cache.org/Versions/v5/SQUID-2023_7.patch • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 8.6EPSS: 3%CPEs: 1EXPL: 0CVE-2023-49286 – Denial of Service in Helper Process management
https://notcve.org/view.php?id=CVE-2023-49286
04 Dec 2023 — Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. • http://www.squid-cache.org/Versions/v6/SQUID-2023_8.patch • CWE-253: Incorrect Check of Function Return Value CWE-617: Reachable Assertion CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46728 – SQUID-2021:8 Denial of Service in Gopher gateway
https://notcve.org/view.php?id=CVE-2023-46728
06 Nov 2023 — Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. • https://github.com/squid-cache/squid/commit/6ea12e8fb590ac6959e9356a81aa3370576568c3 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 2%CPEs: 5EXPL: 0CVE-2023-5824 – Squid: dos against http and https
https://notcve.org/view.php?id=CVE-2023-5824
03 Nov 2023 — Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug. Squid es vulnerable a ataques de Denegación de Servicio contra clientes HTTP y HTTPS debido a un error en el manejo inadecuado de elementos estructurales. A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or... • https://access.redhat.com/errata/RHSA-2023:7465 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 6.5EPSS: 4%CPEs: 5EXPL: 0CVE-2021-33620 – squid: denial of service in HTTP response processing
https://notcve.org/view.php?id=CVE-2021-33620
28 May 2021 — Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server. Squid versiones anteriores a 4.15 y versiones 5.x anteriores a 5.0.6, permite a servidores remotos causar una denegación de servicio (afectando la disponibilidad para todos los clientes) por medio de una respuesta HTTP. El desencadenan... • http://seclists.org/fulldisclosure/2023/Oct/14 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 1CVE-2021-28652 – squid: denial of service issue in Cache Manager
https://notcve.org/view.php?id=CVE-2021-28652
26 May 2021 — An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unspecified short query string. This attack is limited to clients with Cache Manager API access privilege. Se detectó un problema en Squid versiones anteriores a 4.15 y versiones 5.x anteriores a 5.0.6. • http://seclists.org/fulldisclosure/2023/Oct/14 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.5EPSS: 2%CPEs: 7EXPL: 1CVE-2021-31808 – squid: integer overflow in HTTP Range header
https://notcve.org/view.php?id=CVE-2021-31808
26 May 2021 — An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy). A client sends an HTTP Range request to trigger this. Se detectó un problema en Squid versiones anteriores a 4.15 y versiones 5.x anteriores a 5.0.6. Debido a un bug de comprobación de entrada, es vulnerable a ataques de Denegación de Servicio (contra todos los clientes que usan el proxy). • http://seclists.org/fulldisclosure/2023/Oct/14 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 88%CPEs: 7EXPL: 1CVE-2021-31806 – squid: improper input validation in HTTP Range header
https://notcve.org/view.php?id=CVE-2021-31806
26 May 2021 — An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing. Se detectó un problema en Squid versiones anteriores a 4.15 y versiones 5.x anteriores a 5.0.6. Debido a un bug de administración de la memoria, es vulnerable a un ataque de Denegación de Servicio (contra todos los clientes que usan el proxy) por medio del procesamiento de peticiones HTT... • https://packetstorm.news/files/id/180526 • CWE-20: Improper Input Validation CWE-116: Improper Encoding or Escaping of Output •
CVSS: 7.5EPSS: 3%CPEs: 7EXPL: 1CVE-2021-28651 – squid: denial of service in URN processing
https://notcve.org/view.php?id=CVE-2021-28651
26 May 2021 — An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can easily trigger a large amount of memory consumption. Se detectó un problema en Squid versiones anteriores a 4.15 y versiones 5.x anteriores a 5.0.6. • http://seclists.org/fulldisclosure/2023/Oct/14 • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •