CVSS: 8.6EPSS: 85%CPEs: 21EXPL: 0CVE-2023-46847 – Squid: denial of service in http digest authentication
https://notcve.org/view.php?id=CVE-2023-46847
03 Nov 2023 — Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication. Squid es vulnerable a una Denegación de Servicio, donde un atacante remoto puede realizar un ataque de desbordamiento de búfer escribiendo hasta 2 MB de datos arbitrarios en la memoria acumulada cuando Squid está configurado para aceptar la autenticación implícita HTTP. Joshua Rogers discov... • https://access.redhat.com/errata/RHSA-2023:6266 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.6EPSS: 37%CPEs: 5EXPL: 0CVE-2023-46848 – Squid: denial of service in ftp
https://notcve.org/view.php?id=CVE-2023-46848
03 Nov 2023 — Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input. Squid es vulnerable a la Denegación de Servicio, donde un atacante remoto puede realizar DoS enviando URL ftp:// en mensajes de solicitud HTTP o construyendo URL ftp:// a partir de una entrada nativa FTP. Joshua Rogers discovered that Squid incorrectly handled validating certain SSL certificates. A remote attacker could possibly ... • https://access.redhat.com/errata/RHSA-2023:6266 • CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 7.8EPSS: 8%CPEs: 5EXPL: 0CVE-2023-5824 – Squid: dos against http and https
https://notcve.org/view.php?id=CVE-2023-5824
03 Nov 2023 — Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug. Squid es vulnerable a ataques de Denegación de Servicio contra clientes HTTP y HTTPS debido a un error en el manejo inadecuado de elementos estructurales. A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or... • https://access.redhat.com/errata/RHSA-2023:7465 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 9.3EPSS: 27%CPEs: 19EXPL: 0CVE-2023-46846 – Squid: request/response smuggling in http/1.1 and icap
https://notcve.org/view.php?id=CVE-2023-46846
03 Nov 2023 — SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems. SQUID es vulnerable al contrabando de solicitudes HTTP, causado por la indulgencia de los decodificadores fragmentados, lo que permite a un atacante remoto realizar el contrabando de solicitudes/respuestas a través del firewall y los sistemas de seguridad frontales. Joshua Rogers discovered that Squid incorrectly handle... • https://access.redhat.com/errata/RHSA-2023:6266 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 8.6EPSS: 2%CPEs: 1EXPL: 0CVE-2023-46724 – SQUID-2023:4 Denial of Service in SSL Certificate validation
https://notcve.org/view.php?id=CVE-2023-46724
01 Nov 2023 — Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed ... • http://www.squid-cache.org/Versions/v5/SQUID-2023_4.patch • CWE-125: Out-of-bounds Read CWE-129: Improper Validation of Array Index CWE-295: Improper Certificate Validation CWE-786: Access of Memory Location Before Start of Buffer CWE-823: Use of Out-of-range Pointer Offset CWE-1285: Improper Validation of Specified Index, Position, or Offset in Input •
CVSS: 6.8EPSS: 1%CPEs: 2EXPL: 0CVE-2022-41317 – Ubuntu Security Notice USN-5641-1
https://notcve.org/view.php?id=CVE-2022-41317
27 Sep 2022 — An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7. Se descubrió un problema en Squid 4.9 a 4.17 y 5.0.6 a 5.6. Debido al manejo inconsistente de los URI internos, puede haber exposición de información confidencial sobre los clientes que usan el proxy a través de una solicitud HTTPS a una ... • http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_1.patch • CWE-697: Incorrect Comparison •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41318 – squid: buffer-over-read in SSPI and SMB authentication
https://notcve.org/view.php?id=CVE-2022-41318
27 Sep 2022 — A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a client. This is fixed in 5.7. Se descubrió una lectura excesiva del búfer en libntlmauth en Squid 2.5 a 5.6. • http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_2.patch • CWE-126: Buffer Over-read CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 3%CPEs: 6EXPL: 0CVE-2021-46784 – squid: DoS when processing gopher server responses
https://notcve.org/view.php?id=CVE-2021-46784
23 Jun 2022 — In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses. En Squid versiones 3.x hasta 3.5.28, versiones 4.x hasta 4.17 y versiones 5.x anteriores a 5.6, debido a una administración inapropiada del búfer, puede producirse una denegación de servicio cuando son procesadas respuestas largas del servidor Gopher A vulnerability was found in squid (Web proxy cache server). This issue occurs due ... • http://www.openwall.com/lists/oss-security/2023/10/13/1 • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 0CVE-2021-41611
https://notcve.org/view.php?id=CVE-2021-41611
18 Oct 2021 — An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem allows a remote server to obtain security trust well improperly. This indication of trust may be passed along to clients, allowing access to unsafe or hijacked services. Se ha detectado un problema en Squid versiones 5.0.6 hasta 5.1.x anteriores a 5.2. • http://www.openwall.com/lists/oss-security/2021/12/23/2 • CWE-295: Improper Certificate Validation •
CVSS: 6.5EPSS: 6%CPEs: 5EXPL: 0CVE-2021-33620 – squid: denial of service in HTTP response processing
https://notcve.org/view.php?id=CVE-2021-33620
28 May 2021 — Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server. Squid versiones anteriores a 4.15 y versiones 5.x anteriores a 5.0.6, permite a servidores remotos causar una denegación de servicio (afectando la disponibilidad para todos los clientes) por medio de una respuesta HTTP. El desencadenan... • http://seclists.org/fulldisclosure/2023/Oct/14 • CWE-20: Improper Input Validation •