CVE-2011-3205 – squid: buffer overflow flaw in Squid's Gopher reply parser (SQUID-2011:3)
https://notcve.org/view.php?id=CVE-2011-3205
Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression. Desbordamiento de búfer en la v3.0 anterior a v3.0.STABLE26, v3.1 anterior a v3.1.15, y v3.2 anterior a v3.2.0.11 permite a servidores remotos Gopher provocar una denegación de servicio (corrupción de memoria y reinicio del demonio) o posiblemente tener un impacto no especificado a través de una respuesta demasiado larga. NOTA: Este problema existe debido a una regresión de CVE-2005-0094. • http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065534.html http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html http://openwall.com/lists/oss-security/2011/08/29/2 http://openwall.com/lists/oss-security/2011/08/30/4 http: •
CVE-2010-2951
https://notcve.org/view.php?id=CVE-2010-2951
dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not enabled, accesses an invalid socket during an IPv4 TCP DNS query, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors that trigger an IPv4 DNS response with the TC bit set. dns_internal.cc en Squid 3.1.6, cuando la resolución DNS IPv6 no está habilitada, accede a un socket inválido durante una petición DNS TCP IPv4, lo que permite a atacantes remotos provocar una denegación de servicio (por falta de confirmación y salida del demonio) mediante vectores que disparan una respuesta DNS IPv4 con el bit TC configurado. • http://bazaar.launchpad.net/~squid/squid/3.1/revision/10072 http://bugs.gentoo.org/show_bug.cgi?id=334263 http://bugs.squid-cache.org/show_bug.cgi?id=3009 http://bugs.squid-cache.org/show_bug.cgi?id=3021 http://marc.info/?l=squid-users&m=128263555724981&w=2 http://www.openwall.com/lists/oss-security/2010/08/24/6 http://www.openwall.com/lists/oss-security/2010/08/24/7 http://www.openwall.com/lists/oss-security/2010/08/25/2 http://www.o •
CVE-2010-3072 – Squid: Denial of service due internal error in string handling (SQUID-2010:3)
https://notcve.org/view.php?id=CVE-2010-3072
The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request. Las funciones de comparación de cadenas en String.cci en Squid v3.x anteriores a v3.1.8 y v3.2.x anteriores a v3.2.0.2 permite a atacantes remotos provocar una denegación de servicio (desreferenciación a puntero nulo y caída del demonio) a través de una petición manipulada. • http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047787.html http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047820.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html http://secunia.com/advisories/41298 http://secunia.com/advisories/41477 http://secunia.com/advisories/41534 http://www.debian.org/security/2010/dsa-2111 http://www.openwall.com/lists/oss-security/2010/09/05/2 http://www.openwall.com/lists/oss-se •
CVE-2010-0639
https://notcve.org/view.php?id=CVE-2010-0639
The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port. La función htcpHandleTstRequest en el archivo htcp.c en Squid versiones 2.x anterior a 2.6.STABLE24 y versión 2.7 anterior a 2.7.STABLE8, y en el archivo htcp.cc en versión 3.0 anterior a 3.0.STABLE24, permite que los atacantes remotos causen una denegación de servicio (desreferencia de puntero NULL y bloqueo del demonio) por medio de paquetes creados hacia el puerto HTCP. • http://bugs.squid-cache.org/show_bug.cgi?id=2858 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035961.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037159.html http://osvdb.org/62297 http://secunia.com/advisories/38812 http://www.securityfocus.com/bid/38212 http://www.securitytracker.com/id?1023587 http://www.squid-cache.org/Advisories/SQUID-2010_2.txt http://www.squid-cache.org/Versions/v2/2.7/changesets/12600.patch http: •
CVE-2010-0308 – squid: temporary DoS (assertion failure) triggered by truncated DNS packet (SQUID-2010:1)
https://notcve.org/view.php?id=CVE-2010-0308
lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header. lib/rfc1035.c en Squid 2.x, desde v3.0 hasta v3.0.STABLE22, y desde v3.1 hasta v3.1.0.15 permite a atacantes remotos producir una denegación de servicio (fallo de aserción) a través de un paquete DNS manipulado que unicamente contiene una cabecera. • http://events.ccc.de/congress/2009/Fahrplan/attachments/1483_26c3_ipv4_fuckups.pdf http://osvdb.org/62044 http://secunia.com/advisories/38451 http://secunia.com/advisories/38455 http://www.securityfocus.com/bid/37522 http://www.securitytracker.com/id?1023520 http://www.squid-cache.org/Advisories/SQUID-2010_1.txt http://www.squid-cache.org/Versions/v2/HEAD/changesets/12597.patch http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9163.patch http://www. • CWE-20: Improper Input Validation •