Page 18 of 134 results (0.012 seconds)

CVSS: 5.0EPSS: 96%CPEs: 102EXPL: 0

Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials. Varias fugas de memoria en tools/cachemgr.cc en cachemgr.cgi en Squid v2.x y v3.x antes de v3.1.22, v3.2.x antes de v3.2.4 y v3.3.x antes de v3.3.0.2 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de (1) cabeceras Content-Length no válidas, (2) largas peticiones POST, o (3) credenciales de autenticación manipuladas. • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html http://lists.opensuse.org/opensuse-updates/2013-01/msg00052.html http://lists.opensuse.org/opensuse-updates/2013-01/msg00075.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00025.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00032.html http://openwall.com/lists/oss-security/2012/12/17/4 http://rhn.redhat.com/errata& • CWE-20: Improper Input Validation CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

Squid 3.1.9 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher is unable to provide a squid.conf file for a vulnerable system, and the observed behavior is consistent with a squid.conf file that was (perhaps inadvertently) designed to allow access based on a "req_header Host" acl regex that matches www.uol.com.br ** EN DISPUTA ** Squid v3.1.9 permite a atacantes remotos evitar la configuración de acceso para el método CONNECT, proporcionando un nombre de host arbitrario en la cabecera 'host HTTP'. NOTA: este problema no puede ser reproducible, porque el investigador es incapaz de proporcionar un archivo squid.conf de un sistema vulnerable, y el comportamiento observado es consistente con un archivo squid.conf que fue (tal vez sin darse cuenta), diseñado para permitir el acceso basado en una expresión regular de ACL "host req_header" que coincide con www.uol.com.br. • http://archives.neohapsis.com/archives/bugtraq/2012-04/0117.html http://archives.neohapsis.com/archives/bugtraq/2012-04/0131.html http://archives.neohapsis.com/archives/bugtraq/2012-04/0140.html http://archives.neohapsis.com/archives/bugtraq/2012-04/0146.html http://archives.neohapsis.com/archives/bugtraq/2012-04/0163.html http://archives.neohapsis.com/archives/bugtraq/2012-04/0165.html • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 93%CPEs: 87EXPL: 0

The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record. La función idnsGrokReply en Squid anterior a v3.1.16 no adecuada de memoria libre, permite a atacantes remotos provocar una denegación de servicio (daemon abortar) a través de una respuesta DNS que contiene un registro CNAME que hace referencia a otro registro CNAME y este contiene un registro vacío. • http://bugs.squid-cache.org/show_bug.cgi?id=3237#c12 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html http://secunia.com/advisories/46609 http://secunia.com/advisories/47459 http://www.mandriva.com/security/advisories?name=MDVSA-2011:193 http://www.openwall.com/lists/oss-security/2011/10/31/5 http://www.openwall.com/lists/oss-security/2011/11/01/3 http://www.redhat.com& • CWE-399: Resource Management Errors •

CVSS: 6.8EPSS: 94%CPEs: 71EXPL: 0

Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression. Desbordamiento de búfer en la v3.0 anterior a v3.0.STABLE26, v3.1 anterior a v3.1.15, y v3.2 anterior a v3.2.0.11 permite a servidores remotos Gopher provocar una denegación de servicio (corrupción de memoria y reinicio del demonio) o posiblemente tener un impacto no especificado a través de una respuesta demasiado larga. NOTA: Este problema existe debido a una regresión de CVE-2005-0094. • http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065534.html http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html http://openwall.com/lists/oss-security/2011/08/29/2 http://openwall.com/lists/oss-security/2011/08/30/4 http: •

CVSS: 5.0EPSS: 34%CPEs: 1EXPL: 0

dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not enabled, accesses an invalid socket during an IPv4 TCP DNS query, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors that trigger an IPv4 DNS response with the TC bit set. dns_internal.cc en Squid 3.1.6, cuando la resolución DNS IPv6 no está habilitada, accede a un socket inválido durante una petición DNS TCP IPv4, lo que permite a atacantes remotos provocar una denegación de servicio (por falta de confirmación y salida del demonio) mediante vectores que disparan una respuesta DNS IPv4 con el bit TC configurado. • http://bazaar.launchpad.net/~squid/squid/3.1/revision/10072 http://bugs.gentoo.org/show_bug.cgi?id=334263 http://bugs.squid-cache.org/show_bug.cgi?id=3009 http://bugs.squid-cache.org/show_bug.cgi?id=3021 http://marc.info/?l=squid-users&m=128263555724981&w=2 http://www.openwall.com/lists/oss-security/2010/08/24/6 http://www.openwall.com/lists/oss-security/2010/08/24/7 http://www.openwall.com/lists/oss-security/2010/08/25/2 http://www.o •