CVSS: 4.0EPSS: 15%CPEs: 46EXPL: 0CVE-2010-0308 – squid: temporary DoS (assertion failure) triggered by truncated DNS packet (SQUID-2010:1)
https://notcve.org/view.php?id=CVE-2010-0308
lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header. lib/rfc1035.c en Squid 2.x, desde v3.0 hasta v3.0.STABLE22, y desde v3.1 hasta v3.1.0.15 permite a atacantes remotos producir una denegación de servicio (fallo de aserción) a través de un paquete DNS manipulado que unicamente contiene una cabecera. • http://events.ccc.de/congress/2009/Fahrplan/attachments/1483_26c3_ipv4_fuckups.pdf http://osvdb.org/62044 http://secunia.com/advisories/38451 http://secunia.com/advisories/38455 http://www.securityfocus.com/bid/37522 http://www.securitytracker.com/id?1023520 http://www.squid-cache.org/Advisories/SQUID-2010_1.txt http://www.squid-cache.org/Versions/v2/HEAD/changesets/12597.patch http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9163.patch http://www. • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2008-1612 – squid: regression in SQUID-2007:2 / CVE-2007-6239
https://notcve.org/view.php?id=CVE-2008-1612
The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239. La función arrayShrink (lib/Array.c) en Squid 2.6.STABLE17 permite a atacantes provocar una denegación de servicio (terminación del proceso) a través de vectores desconocidos que provocan que un array se inicialice a 0 entradas, lo cual dispara un error de confirmación. NOTA: este problema se debe a un parche incompleto para CVE-2007-6239. • http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html http://marc.info/?l=squid-announce&m=120614453813157&w=2 http://secunia.com/advisories/27477 http://secunia.com/advisories/29813 http://secunia.com/advisories/30032 http://secunia.com/advisories/32109 http://secunia.com/advisories/34467 http://security.gentoo.org/glsa/glsa-200903-38.xml http://www.debian.org/security/2008/dsa-1646 http://www.mandriva.com/security/advisories?name=MDVSA-2008:134 http:&# • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 94%CPEs: 11EXPL: 0CVE-2007-1560
https://notcve.org/view.php?id=CVE-2007-1560
The clientProcessRequest() function in src/client_side.c in Squid 2.6 before 2.6.STABLE12 allows remote attackers to cause a denial of service (daemon crash) via crafted TRACE requests that trigger an assertion error. La función clientProcessRequest() en el archivo src/client_side.c en Squid versiones 2.6 anteriores a 2.6.STABLE12, permite a atacantes remotos causar una denegación de servicio (bloqueo del demonio) por medio de peticiones TRACE creadas que desencadenan un error de aserción. • http://secunia.com/advisories/24611 http://secunia.com/advisories/24614 http://secunia.com/advisories/24625 http://secunia.com/advisories/24662 http://secunia.com/advisories/24911 http://security.gentoo.org/glsa/glsa-200703-27.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:068 http://www.novell.com/linux/security/advisories/2007_5_sr.html http://www.redhat.com/support/errata/RHSA-2007-0131.html http://www.securityfocus.com/bid/23085 http://www.securitytr •
CVSS: 5.0EPSS: 32%CPEs: 1EXPL: 0CVE-2007-0248
https://notcve.org/view.php?id=CVE-2007-0248
The aclMatchExternal function in Squid before 2.6.STABLE7 allows remote attackers to cause a denial of service (crash) by causing an external_acl queue overload, which triggers an infinite loop. La función aclMatchExternal en Squid anterior a 2.6.STABLE7 permite a atacantes remotos provocar una denegación de servicio (caída) provocando una sobrecarga de la cola external_acl, lo cual provoca un bucle infinito. • http://secunia.com/advisories/23767 http://secunia.com/advisories/23805 http://secunia.com/advisories/23889 http://secunia.com/advisories/23921 http://secunia.com/advisories/23946 http://www.gentoo.org/security/en/glsa/glsa-200701-22.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:026 http://www.novell.com/linux/security/advisories/2007_12_squid.html http://www.securityfocus.com/bid/22203 http://www.squid-cache.org/Versions/v2/2.6/squid-2.6.STABLE7-R •
CVSS: 5.0EPSS: 97%CPEs: 6EXPL: 1CVE-2007-0247 – Squid Proxy 2.5/2.6 - FTP URI Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-0247
squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a denial of service (core dump) via crafted FTP directory listing responses, possibly related to the (1) ftpListingFinish and (2) ftpHtmlifyListEntry functions. El archivo squid/src/ftp.c en Squid versiones anteriores a 2.6.STABLE7, permite a los servidores FTP remotos causar una denegación de servicio (volcado del núcleo) por medio de respuestas de enumeración de directorio FTP, posiblemente relacionadas con las funciones (1) ftpListingFinish y (2) ftpHtmlifyListEntry. • https://www.exploit-db.com/exploits/29473 http://fedoranews.org/cms/node/2442 http://osvdb.org/39839 http://secunia.com/advisories/23767 http://secunia.com/advisories/23805 http://secunia.com/advisories/23810 http://secunia.com/advisories/23837 http://secunia.com/advisories/23889 http://secunia.com/advisories/23921 http://secunia.com/advisories/23946 http://www.gentoo.org/security/en/glsa/glsa-200701-22.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007 • CWE-399: Resource Management Errors •