Page 18 of 128 results (0.006 seconds)

CVSS: 5.0EPSS: 94%CPEs: 33EXPL: 0

CVE-2010-0639

https://notcve.org/view.php?id=CVE-2010-0639

The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port. La función htcpHandleTstRequest en el archivo htcp.c en Squid versiones 2.x anterior a 2.6.STABLE24 y versión 2.7 anterior a 2.7.STABLE8, y en el archivo htcp.cc en versión 3.0 anterior a 3.0.STABLE24, permite que los atacantes remotos causen una denegación de servicio (desreferencia de puntero NULL y bloqueo del demonio) por medio de paquetes creados hacia el puerto HTCP. • http://bugs.squid-cache.org/show_bug.cgi?id=2858 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035961.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037159.html http://osvdb.org/62297 http://secunia.com/advisories/38812 http://www.securityfocus.com/bid/38212 http://www.securitytracker.com/id?1023587 http://www.squid-cache.org/Advisories/SQUID-2010_2.txt http://www.squid-cache.org/Versions/v2/2.7/changesets/12600.patch http: •

CVSS: 4.0EPSS: 15%CPEs: 46EXPL: 0

CVE-2010-0308 – squid: temporary DoS (assertion failure) triggered by truncated DNS packet (SQUID-2010:1)

https://notcve.org/view.php?id=CVE-2010-0308

lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header. lib/rfc1035.c en Squid 2.x, desde v3.0 hasta v3.0.STABLE22, y desde v3.1 hasta v3.1.0.15 permite a atacantes remotos producir una denegación de servicio (fallo de aserción) a través de un paquete DNS manipulado que unicamente contiene una cabecera. • http://events.ccc.de/congress/2009/Fahrplan/attachments/1483_26c3_ipv4_fuckups.pdf http://osvdb.org/62044 http://secunia.com/advisories/38451 http://secunia.com/advisories/38455 http://www.securityfocus.com/bid/37522 http://www.securitytracker.com/id?1023520 http://www.squid-cache.org/Advisories/SQUID-2010_1.txt http://www.squid-cache.org/Versions/v2/HEAD/changesets/12597.patch http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9163.patch http://www. • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 96%CPEs: 3EXPL: 0

CVE-2009-2855 – squid: DoS (100% CPU use) while processing certain external ACL helper HTTP headers

https://notcve.org/view.php?id=CVE-2009-2855

The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function. La función strListGetItem en src/HttpHeaderTools.c en Squid v2.7 a permite a los atacantes remotos causar una denegación de servicio a través de una cabecera auth manipulada con ciertos delimitadores coma que lanzan un bucle infinito de llamadas a la función strcspn. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534982 http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=31%3Bfilename=diff%3Batt=1%3Bbug=534982 http://www.openwall.com/lists/oss-security/2009/07/20/10 http://www.openwall.com/lists/oss-security/2009/08/03/3 http://www.openwall.com/lists/oss-security/2009/08/04/6 http://www.securityfocus.com/bid/36091 http://www.securitytracker.com/id?1022757 http://www.squid-cache.org/bugs/show_bug.cgi?id=2541 http:/&# • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 9%CPEs: 29EXPL: 0

CVE-2009-2621

https://notcve.org/view.php?id=CVE-2009-2621

Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce "buffer limits and related bound checks," which allows remote attackers to cause a denial of service via (1) an incomplete request or (2) a request with a large header size, related to (a) HttpMsg.cc and (b) client_side.cc. Squid desde v3.0 hasta v3.0.STABLE16 desde v3.1 hasta v3.1.0.11 no cumple adecuadamente con "los limites de búfer y comprobaciones vinculadas," lo que permite a atacantes remotos producir una denegación de servicio a través de (1) una petición incompleta o (2) una petición con un tamaño largo de cabecera, relacionado con (a) HttpMsg.cc y (b) client_side.cc. • http://secunia.com/advisories/36007 http://www.mandriva.com/security/advisories?name=MDVSA-2009:161 http://www.mandriva.com/security/advisories?name=MDVSA-2009:178 http://www.securityfocus.com/bid/35812 http://www.securitytracker.com/id?1022607 http://www.squid-cache.org/Advisories/SQUID-2009_2.txt http://www.squid-cache.org/Versions/v3/3.1/changesets/b9654.patch http://www.vupen.com/english/advisories/2009/2013 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 94%CPEs: 29EXPL: 0

CVE-2009-2622

https://notcve.org/view.php?id=CVE-2009-2622

Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) "missing or mismatched protocol identifier," (2) missing or negative status value," (3) "missing version," or (4) "missing or invalid status number," related to (a) HttpMsg.cc and (b) HttpReply.cc. Squid desde v3.0 hasta v3.0.STABLE16 y desde v3.1 hasta v3.1.0.11 permite a atacantes remotos producir una denegación de servicio a través de peticiones mal formadas que incluyen (1) "identificador de protocolo perdido o mal utilizado," (2) "valor de estatus perdido o negativo," (3) "versión perdida," o (4) "número de estatus perdido o inválido", relacionado con HttpMsg.cc y (b) HttpReply.cc. • http://secunia.com/advisories/36007 http://www.mandriva.com/security/advisories?name=MDVSA-2009:161 http://www.mandriva.com/security/advisories?name=MDVSA-2009:178 http://www.securityfocus.com/bid/35812 http://www.securitytracker.com/id?1022607 http://www.squid-cache.org/Advisories/SQUID-2009_2.txt http://www.squid-cache.org/Versions/v3/3.1/changesets/b9661.patch http://www.vupen.com/english/advisories/2009/2013 • CWE-20: Improper Input Validation •