Page 2 of 92 results (0.019 seconds)

CVSS: 8.6EPSS: 0%CPEs: 13EXPL: 0

Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to perform Denial of Service attack by sending a large X-Forwarded-For header when the follow_x_forwarded_for feature is configured. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. • http://www.squid-cache.org/Versions/v5/SQUID-2023_10.patch http://www.squid-cache.org/Versions/v6/SQUID-2023_10.patch https://github.com/squid-cache/squid/security/advisories/GHSA-wgq4-4cfg-c4x3 https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC https:&#x • CWE-674: Uncontrolled Recursion •

CVSS: 8.6EPSS: 1%CPEs: 1EXPL: 0

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. • http://www.squid-cache.org/Versions/v5/SQUID-2023_7.patch http://www.squid-cache.org/Versions/v6/SQUID-2023_7.patch https://github.com/squid-cache/squid/commit/77b3fb4df0f126784d5fd4967c28ed40eb8d521b https://github.com/squid-cache/squid/commit/deee944f9a12c9fd399ce52f3e2526bb573a9470 https://github.com/squid-cache/squid/security/advisories/GHSA-8w9r-p88v-mmx9 https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •

CVSS: 8.6EPSS: 1%CPEs: 1EXPL: 0

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. • http://www.squid-cache.org/Versions/v6/SQUID-2023_8.patch https://github.com/squid-cache/squid/commit/6014c6648a2a54a4ecb7f952ea1163e0798f9264 https://github.com/squid-cache/squid/security/advisories/GHSA-xggx-9329-3c27 https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC • CWE-253: Incorrect Check of Function Return Value CWE-617: Reachable Assertion CWE-754: Improper Check for Unusual or Exceptional Conditions •

CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with "collapsed_forwarding on" are vulnerable. Configurations with "collapsed_forwarding off" or without a "collapsed_forwarding" directive are not vulnerable. This bug is fixed by Squid version 6.0.1. • https://github.com/squid-cache/squid/security/advisories/GHSA-rj5h-46j6-q2g5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC https://security.netapp.com/advisory/ntap-20240119-0006 https://access.redhat.com/security/cve/CVE-2023-49288 https://bugzilla.redhat.com/show_bug.cgi?id=2252918 • CWE-416: Use After Free •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. • https://github.com/squid-cache/squid/commit/6ea12e8fb590ac6959e9356a81aa3370576568c3 https://github.com/squid-cache/squid/security/advisories/GHSA-cg5h-v6vc-w33f https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC https://security.netapp.com/advisory/ntap-20231214-0006 https://access.redhat.com/security/cve/CVE-2023-46728 https://bugzilla.r • CWE-476: NULL Pointer Dereference •