Page 2 of 64 results (0.015 seconds)

CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0

A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a client. This is fixed in 5.7. Se descubrió una lectura excesiva del búfer en libntlmauth en Squid 2.5 a 5.6. • http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_2.patch http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_2.patch https://github.com/squid-cache/squid/security/advisories/GHSA-394c-rr7q-6g78 https://www.openwall.com/lists/oss-security/2022/09/23/2 https://access.redhat.com/security/cve/CVE-2022-41318 https://bugzilla.redhat.com/show_bug.cgi?id=2129771 • CWE-126: Buffer Over-read CWE-190: Integer Overflow or Wraparound •

CVSS: 6.5EPSS: 14%CPEs: 5EXPL: 0

Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server. Squid versiones anteriores a 4.15 y versiones 5.x anteriores a 5.0.6, permite a servidores remotos causar una denegación de servicio (afectando la disponibilidad para todos los clientes) por medio de una respuesta HTTP. El desencadenante del problema es un encabezado que puede esperarse que se presente en el tráfico HTTP sin ninguna intención maliciosa por parte del servidor An input validation flaw was found in Squid. This issue could allow a remote server to perform a denial of service against all clients using the proxy when delivering HTTP response messages. • http://seclists.org/fulldisclosure/2023/Oct/14 http://www.openwall.com/lists/oss-security/2023/10/11/3 http://www.squid-cache.org/Versions/v4/changesets/squid-4-1e05a85bd28c22c9ca5d3ac9f5e86d6269ec0a8c.patch http://www.squid-cache.org/Versions/v5/changesets/squid-5-8af775ed98bfd610f9ce762fe177e01b2675588c.patch https://github.com/squid-cache/squid/security/advisories/GHSA-572g-rvwr-6c7f https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html https://lists.fedoraproject.org/archives/list/package-a • CWE-20: Improper Input Validation •

CVSS: 6.5EPSS: 91%CPEs: 7EXPL: 0

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing. Se detectó un problema en Squid versiones anteriores a 4.15 y versiones 5.x anteriores a 5.0.6. Debido a un bug de administración de la memoria, es vulnerable a un ataque de Denegación de Servicio (contra todos los clientes que usan el proxy) por medio del procesamiento de peticiones HTTP Range An incorrect input validation flaw was found in Squid, where it is vulnerable to a denial of service attack against all clients using the proxy. The highest threat from this vulnerability is to system availability. • http://seclists.org/fulldisclosure/2023/Oct/14 http://www.openwall.com/lists/oss-security/2023/10/11/3 http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF https://lists.fedoraproject.org/archive • CWE-20: Improper Input Validation CWE-116: Improper Encoding or Escaping of Output •

CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 1

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unspecified short query string. This attack is limited to clients with Cache Manager API access privilege. Se detectó un problema en Squid versiones anteriores a 4.15 y versiones 5.x anteriores a 5.0.6. • http://seclists.org/fulldisclosure/2023/Oct/14 http://www.openwall.com/lists/oss-security/2023/10/11/3 https://bugs.squid-cache.org/show_bug.cgi?id=5106 https://github.com/squid-cache/squid/security/advisories/GHSA-m47m-9hvw-7447 https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraprojec • CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 1

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy). A client sends an HTTP Range request to trigger this. Se detectó un problema en Squid versiones anteriores a 4.15 y versiones 5.x anteriores a 5.0.6. Debido a un bug de comprobación de entrada, es vulnerable a ataques de Denegación de Servicio (contra todos los clientes que usan el proxy). • http://seclists.org/fulldisclosure/2023/Oct/14 http://www.openwall.com/lists/oss-security/2023/10/11/3 http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF https://lists.fedoraproject.org/archive • CWE-190: Integer Overflow or Wraparound •