CVE-2016-2570 – squid: some code paths fail to check bounds in string object
https://notcve.org/view.php?id=CVE-2016-2570
The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h. El analizador de Edge Side Includes (ESI) en Squid 3.x en versiones anteriores a 3.5.15 y 4.x en versiones anteriores a 4.0.7 no comprueba los limites del buffer durante el análisis gramatical XML, lo que permite a servidores HTTP remotos provocar una denegación de servicio (fallo de aserción y salida de demonio) a través de un documento XML manipulado, relacionado con esi/CustomParser.cc y esi/CustomParser.h. Incorrect boundary checks were found in the way squid handled headers in HTTP responses, which could lead to an assertion failure. A malicious HTTP server could use this flaw to crash squid using a specially crafted HTTP response. • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html http://rhn.redhat.com/errata/RHSA-2016-2600.html http://www.openwall.com/lists/oss-security/2016/02/26/2 http://www.securitytracker.com/id/1035101 http://www.squid-cache.org/Advisories/SQUID-2016_2.txt http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3 • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVE-2016-2571 – squid: wrong error handling for malformed HTTP responses
https://notcve.org/view.php?id=CVE-2016-2571
http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response. http.cc en Squid 3.x en versiones anteriores a 3.5.15 y 4.x en versiones anteriores a 4.0.7 procede con el almacenamiento de ciertos datos después de un fallo de respuesta de análisis, lo que permite a servidores HTTP remotos provocar una denegación de servicio (fallo de aserción y salida de demonio) a través de una respuesta mal formada. It was found that squid did not properly handle errors when failing to parse an HTTP response, possibly leading to an assertion failure. A malicious HTTP server could use this flaw to crash squid using a specially crafted HTTP response. • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html http://rhn.redhat.com/errata/RHSA-2016-2600.html http://www.debian.org/security/2016/dsa-3522 http://www.openwall.com/lists/oss-security/2016/02/26/2 http://www.securitytracker.com/id/1035101 http://www.squid-cache.org/Advisories/SQUID-2016_2.txt http://www.s • CWE-20: Improper Input Validation CWE-228: Improper Handling of Syntactically Invalid Structure •
CVE-2015-5400
https://notcve.org/view.php?id=CVE-2015-5400
Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request. Vulnerabilidad en Squid en versiones anteriores a 3.5.6, no maneja adecuadamente las respuestas de pares del método CONNECT cuando se configura con cache_peer, lo que permite a atacantes remotos eludir las restricciones previstas y obtener acceso a un proxy backend a través de una solicitud CONNECT. • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183598.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html http://www.debian.org/security/2015/dsa-3327 http://www.openwall.com/lists/oss-security/2015/07/06/8 http://www.openwall.com/lists/oss-security/2015/07/09/12 http://www.openwall.com/lists • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-7141
https://notcve.org/view.php?id=CVE-2014-7141
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet. El módulo pinger en Squid 3.x anterior a 3.4.8 permite a atacantes remotos obtener información sensible o causar una denegación de servicio (lectura fuera de rango y caída) a través de un tipo manipulado en un paquete (1) ICMP o (2) ICMP6. • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html http://seclists.org/oss-sec/2014/q3/539 http://seclists.org/oss-sec/2014/q3/612 http://seclists.org/oss-sec/2014/q3/626 http://secunia.com/advisories/60242 http://ubuntu.com/usn/usn-2422-1 http://www.securityfocus.com/bid/69688 http://www.squid-cache.org/Advisories/SQUID-2014_4.txt https://bugzilla.novell.com/ • CWE-19: Data Processing Errors •
CVE-2014-7142
https://notcve.org/view.php?id=CVE-2014-7142
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size. El módulo pinger en Squid 3.x anterior a 3.4.8 permite a atacantes remotos obtener información sensible o causar una denegación de servicio (caída) a través de un tamaño de paquete (1) ICMP o (2) ICMP6 manipulado. • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html http://seclists.org/oss-sec/2014/q3/539 http://seclists.org/oss-sec/2014/q3/613 http://seclists.org/oss-sec/2014/q3/626 http://secunia.com/advisories/60242 http://ubuntu.com/usn/usn-2422-1 http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html http://www.securityfocus.com/bid/70022 http://www. • CWE-20: Improper Input Validation •