Page 15 of 74 results (0.008 seconds)

CVSS: 5.0EPSS: 9%CPEs: 29EXPL: 0

Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce "buffer limits and related bound checks," which allows remote attackers to cause a denial of service via (1) an incomplete request or (2) a request with a large header size, related to (a) HttpMsg.cc and (b) client_side.cc. Squid desde v3.0 hasta v3.0.STABLE16 desde v3.1 hasta v3.1.0.11 no cumple adecuadamente con "los limites de búfer y comprobaciones vinculadas," lo que permite a atacantes remotos producir una denegación de servicio a través de (1) una petición incompleta o (2) una petición con un tamaño largo de cabecera, relacionado con (a) HttpMsg.cc y (b) client_side.cc. • http://secunia.com/advisories/36007 http://www.mandriva.com/security/advisories?name=MDVSA-2009:161 http://www.mandriva.com/security/advisories?name=MDVSA-2009:178 http://www.securityfocus.com/bid/35812 http://www.securitytracker.com/id?1022607 http://www.squid-cache.org/Advisories/SQUID-2009_2.txt http://www.squid-cache.org/Versions/v3/3.1/changesets/b9654.patch http://www.vupen.com/english/advisories/2009/2013 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 94%CPEs: 22EXPL: 2

Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c. Squid versiones 2.7 hasta 2.7.STABLE5, versiones 3.0 hasta 3.0.STABLE12 y versiones 3.1 hasta 3.1.0.4, permiten a los atacantes remotos causar una denegación de servicio por medio de una petición HTTP con un número de versión no válido, lo que desencadena una aserción accesible en los archivos (1) HttpMsg.c y (2) HttpStatusLine.c. • https://www.exploit-db.com/exploits/8021 http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html http://secunia.com/advisories/33731 http://secunia.com/advisories/34467 http://security.gentoo.org/glsa/glsa-200903-38.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:034 http://www.securityfocus.com/archive/1/500653/100/0/threaded http://www.securityfocus.com/bid/33604 http://www.securitytracker.com/id?1021684 http://www.squid-cache.org/Advisorie • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 20%CPEs: 7EXPL: 0

Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recvfrom function call that uses an incorrect length parameter. • http://fedoranews.org/updates/FEDORA--.shtml http://marc.info/?l=bugtraq&m=110780531820947&w=2 http://secunia.com/advisories/14076 http://securitytracker.com/id?1013045 http://www.debian.org/security/2005/dsa-667 http://www.kb.cert.org/vuls/id/886006 http://www.mandriva.com/security/advisories?name=MDKSA-2005:034 http://www.novell.com/linux/security/advisories/2005_06_squid.html http://www.osvdb.org/13319 http://www.redhat.com/support/errata/RHSA-2005-060.ht • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 96%CPEs: 26EXPL: 0

The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923 http://fedoranews.org/updates/FEDORA--.shtml http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html http://marc.info/?l=bugtraq&m=109913064629327&w=2 http://secunia.com/advisories/30914 http://secunia.com/advisories/30967 http://www.gentoo.org/security/en/glsa/glsa-200410-15.xml http://www.idefense.com/application& • CWE-399: Resource Management Errors •