CVE-2009-2621
https://notcve.org/view.php?id=CVE-2009-2621
Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce "buffer limits and related bound checks," which allows remote attackers to cause a denial of service via (1) an incomplete request or (2) a request with a large header size, related to (a) HttpMsg.cc and (b) client_side.cc. Squid desde v3.0 hasta v3.0.STABLE16 desde v3.1 hasta v3.1.0.11 no cumple adecuadamente con "los limites de búfer y comprobaciones vinculadas," lo que permite a atacantes remotos producir una denegación de servicio a través de (1) una petición incompleta o (2) una petición con un tamaño largo de cabecera, relacionado con (a) HttpMsg.cc y (b) client_side.cc. • http://secunia.com/advisories/36007 http://www.mandriva.com/security/advisories?name=MDVSA-2009:161 http://www.mandriva.com/security/advisories?name=MDVSA-2009:178 http://www.securityfocus.com/bid/35812 http://www.securitytracker.com/id?1022607 http://www.squid-cache.org/Advisories/SQUID-2009_2.txt http://www.squid-cache.org/Versions/v3/3.1/changesets/b9654.patch http://www.vupen.com/english/advisories/2009/2013 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-2622
https://notcve.org/view.php?id=CVE-2009-2622
Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) "missing or mismatched protocol identifier," (2) missing or negative status value," (3) "missing version," or (4) "missing or invalid status number," related to (a) HttpMsg.cc and (b) HttpReply.cc. Squid desde v3.0 hasta v3.0.STABLE16 y desde v3.1 hasta v3.1.0.11 permite a atacantes remotos producir una denegación de servicio a través de peticiones mal formadas que incluyen (1) "identificador de protocolo perdido o mal utilizado," (2) "valor de estatus perdido o negativo," (3) "versión perdida," o (4) "número de estatus perdido o inválido", relacionado con HttpMsg.cc y (b) HttpReply.cc. • http://secunia.com/advisories/36007 http://www.mandriva.com/security/advisories?name=MDVSA-2009:161 http://www.mandriva.com/security/advisories?name=MDVSA-2009:178 http://www.securityfocus.com/bid/35812 http://www.securitytracker.com/id?1022607 http://www.squid-cache.org/Advisories/SQUID-2009_2.txt http://www.squid-cache.org/Versions/v3/3.1/changesets/b9661.patch http://www.vupen.com/english/advisories/2009/2013 • CWE-20: Improper Input Validation •
CVE-2009-0478 – Squid < 3.1 5 - HTTP Version Number Parsing Denial of Service
https://notcve.org/view.php?id=CVE-2009-0478
Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c. Squid versiones 2.7 hasta 2.7.STABLE5, versiones 3.0 hasta 3.0.STABLE12 y versiones 3.1 hasta 3.1.0.4, permiten a los atacantes remotos causar una denegación de servicio por medio de una petición HTTP con un número de versión no válido, lo que desencadena una aserción accesible en los archivos (1) HttpMsg.c y (2) HttpStatusLine.c. • https://www.exploit-db.com/exploits/8021 http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html http://secunia.com/advisories/33731 http://secunia.com/advisories/34467 http://security.gentoo.org/glsa/glsa-200903-38.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:034 http://www.securityfocus.com/archive/1/500653/100/0/threaded http://www.securityfocus.com/bid/33604 http://www.securitytracker.com/id?1021684 http://www.squid-cache.org/Advisorie • CWE-20: Improper Input Validation •
CVE-2004-0918 – Squid SNMP DoS
https://notcve.org/view.php?id=CVE-2004-0918
The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923 http://fedoranews.org/updates/FEDORA--.shtml http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html http://marc.info/?l=bugtraq&m=109913064629327&w=2 http://secunia.com/advisories/30914 http://secunia.com/advisories/30967 http://www.gentoo.org/security/en/glsa/glsa-200410-15.xml http://www.idefense.com/application& • CWE-399: Resource Management Errors •