Page 2 of 14 results (0.005 seconds)

CVSS: 8.6EPSS: 0%CPEs: 13EXPL: 0

Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to perform Denial of Service attack by sending a large X-Forwarded-For header when the follow_x_forwarded_for feature is configured. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. • http://www.squid-cache.org/Versions/v5/SQUID-2023_10.patch http://www.squid-cache.org/Versions/v6/SQUID-2023_10.patch https://github.com/squid-cache/squid/security/advisories/GHSA-wgq4-4cfg-c4x3 https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC https:&#x • CWE-674: Uncontrolled Recursion •

CVSS: 8.6EPSS: 1%CPEs: 1EXPL: 0

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. • http://www.squid-cache.org/Versions/v5/SQUID-2023_7.patch http://www.squid-cache.org/Versions/v6/SQUID-2023_7.patch https://github.com/squid-cache/squid/commit/77b3fb4df0f126784d5fd4967c28ed40eb8d521b https://github.com/squid-cache/squid/commit/deee944f9a12c9fd399ce52f3e2526bb573a9470 https://github.com/squid-cache/squid/security/advisories/GHSA-8w9r-p88v-mmx9 https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •

CVSS: 8.6EPSS: 1%CPEs: 1EXPL: 0

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. • http://www.squid-cache.org/Versions/v6/SQUID-2023_8.patch https://github.com/squid-cache/squid/commit/6014c6648a2a54a4ecb7f952ea1163e0798f9264 https://github.com/squid-cache/squid/security/advisories/GHSA-xggx-9329-3c27 https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC • CWE-253: Incorrect Check of Function Return Value CWE-617: Reachable Assertion CWE-754: Improper Check for Unusual or Exceptional Conditions •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. • https://github.com/squid-cache/squid/commit/6ea12e8fb590ac6959e9356a81aa3370576568c3 https://github.com/squid-cache/squid/security/advisories/GHSA-cg5h-v6vc-w33f https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC https://security.netapp.com/advisory/ntap-20231214-0006 https://access.redhat.com/security/cve/CVE-2023-46728 https://bugzilla.r • CWE-476: NULL Pointer Dereference •

CVSS: 8.6EPSS: 3%CPEs: 21EXPL: 0

Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication. Squid es vulnerable a una Denegación de Servicio, donde un atacante remoto puede realizar un ataque de desbordamiento de búfer escribiendo hasta 2 MB de datos arbitrarios en la memoria acumulada cuando Squid está configurado para aceptar la autenticación implícita HTTP. • https://access.redhat.com/errata/RHSA-2023:6266 https://access.redhat.com/errata/RHSA-2023:6267 https://access.redhat.com/errata/RHSA-2023:6268 https://access.redhat.com/errata/RHSA-2023:6748 https://access.redhat.com/errata/RHSA-2023:6801 https://access.redhat.com/errata/RHSA-2023:6803 https://access.redhat.com/errata/RHSA-2023:6804 https://access.redhat.com/errata/RHSA-2023:6805 https://access.redhat.com/errata/RHSA-2023:6810 https://access.redhat.com/errata/RHSA • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •