CVE-2010-0308 – squid: temporary DoS (assertion failure) triggered by truncated DNS packet (SQUID-2010:1)
https://notcve.org/view.php?id=CVE-2010-0308
lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header. lib/rfc1035.c en Squid 2.x, desde v3.0 hasta v3.0.STABLE22, y desde v3.1 hasta v3.1.0.15 permite a atacantes remotos producir una denegación de servicio (fallo de aserción) a través de un paquete DNS manipulado que unicamente contiene una cabecera. • http://events.ccc.de/congress/2009/Fahrplan/attachments/1483_26c3_ipv4_fuckups.pdf http://osvdb.org/62044 http://secunia.com/advisories/38451 http://secunia.com/advisories/38455 http://www.securityfocus.com/bid/37522 http://www.securitytracker.com/id?1023520 http://www.squid-cache.org/Advisories/SQUID-2010_1.txt http://www.squid-cache.org/Versions/v2/HEAD/changesets/12597.patch http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9163.patch http://www. • CWE-20: Improper Input Validation •
CVE-2008-1612 – squid: regression in SQUID-2007:2 / CVE-2007-6239
https://notcve.org/view.php?id=CVE-2008-1612
The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239. La función arrayShrink (lib/Array.c) en Squid 2.6.STABLE17 permite a atacantes provocar una denegación de servicio (terminación del proceso) a través de vectores desconocidos que provocan que un array se inicialice a 0 entradas, lo cual dispara un error de confirmación. NOTA: este problema se debe a un parche incompleto para CVE-2007-6239. • http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html http://marc.info/?l=squid-announce&m=120614453813157&w=2 http://secunia.com/advisories/27477 http://secunia.com/advisories/29813 http://secunia.com/advisories/30032 http://secunia.com/advisories/32109 http://secunia.com/advisories/34467 http://security.gentoo.org/glsa/glsa-200903-38.xml http://www.debian.org/security/2008/dsa-1646 http://www.mandriva.com/security/advisories?name=MDVSA-2008:134 http: • CWE-20: Improper Input Validation •
CVE-2007-6239 – squid: DoS in cache updates
https://notcve.org/view.php?id=CVE-2007-6239
The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects. La funcionalidad de "cache update reply processing" en Squid versiones 2.x anteriores a 2.6.STABLE17 y Squid versión 3.0, permite a atacantes remotos causar una denegación de servicio (bloqueo) por medio de vectores desconocidos relacionados con encabezados HTTP y una pérdida de memoria de Matriz durante las peticiones de objetos en caché. • http://bugs.gentoo.org/show_bug.cgi?id=201209 http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html http://secunia.com/advisories/27910 http://secunia.com/advisories/28091 http://secunia.com/advisories/28109 http://secunia.com/advisories/28350 http://secunia.com/advisories/28381 http://secunia.com/advisories/28403 http://secunia.com/advisories/28412 http://secunia.com/advisories/28814 http://secunia.com/advisories/34467 http://security.gentoo.org/glsa/ • CWE-20: Improper Input Validation •
CVE-2007-1560
https://notcve.org/view.php?id=CVE-2007-1560
The clientProcessRequest() function in src/client_side.c in Squid 2.6 before 2.6.STABLE12 allows remote attackers to cause a denial of service (daemon crash) via crafted TRACE requests that trigger an assertion error. La función clientProcessRequest() en el archivo src/client_side.c en Squid versiones 2.6 anteriores a 2.6.STABLE12, permite a atacantes remotos causar una denegación de servicio (bloqueo del demonio) por medio de peticiones TRACE creadas que desencadenan un error de aserción. • http://secunia.com/advisories/24611 http://secunia.com/advisories/24614 http://secunia.com/advisories/24625 http://secunia.com/advisories/24662 http://secunia.com/advisories/24911 http://security.gentoo.org/glsa/glsa-200703-27.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:068 http://www.novell.com/linux/security/advisories/2007_5_sr.html http://www.redhat.com/support/errata/RHSA-2007-0131.html http://www.securityfocus.com/bid/23085 http://www.securitytr •
CVE-2007-0248
https://notcve.org/view.php?id=CVE-2007-0248
The aclMatchExternal function in Squid before 2.6.STABLE7 allows remote attackers to cause a denial of service (crash) by causing an external_acl queue overload, which triggers an infinite loop. La función aclMatchExternal en Squid anterior a 2.6.STABLE7 permite a atacantes remotos provocar una denegación de servicio (caída) provocando una sobrecarga de la cola external_acl, lo cual provoca un bucle infinito. • http://secunia.com/advisories/23767 http://secunia.com/advisories/23805 http://secunia.com/advisories/23889 http://secunia.com/advisories/23921 http://secunia.com/advisories/23946 http://www.gentoo.org/security/en/glsa/glsa-200701-22.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:026 http://www.novell.com/linux/security/advisories/2007_12_squid.html http://www.securityfocus.com/bid/22203 http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-R •