CVE-2009-2855 – squid: DoS (100% CPU use) while processing certain external ACL helper HTTP headers
https://notcve.org/view.php?id=CVE-2009-2855
The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function. La función strListGetItem en src/HttpHeaderTools.c en Squid v2.7 a permite a los atacantes remotos causar una denegación de servicio a través de una cabecera auth manipulada con ciertos delimitadores coma que lanzan un bucle infinito de llamadas a la función strcspn. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534982 http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=31%3Bfilename=diff%3Batt=1%3Bbug=534982 http://www.openwall.com/lists/oss-security/2009/07/20/10 http://www.openwall.com/lists/oss-security/2009/08/03/3 http://www.openwall.com/lists/oss-security/2009/08/04/6 http://www.securityfocus.com/bid/36091 http://www.securitytracker.com/id?1022757 http://www.squid-cache.org/bugs/show_bug.cgi?id=2541 http:/ • CWE-20: Improper Input Validation •
CVE-2009-2621
https://notcve.org/view.php?id=CVE-2009-2621
Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce "buffer limits and related bound checks," which allows remote attackers to cause a denial of service via (1) an incomplete request or (2) a request with a large header size, related to (a) HttpMsg.cc and (b) client_side.cc. Squid desde v3.0 hasta v3.0.STABLE16 desde v3.1 hasta v3.1.0.11 no cumple adecuadamente con "los limites de búfer y comprobaciones vinculadas," lo que permite a atacantes remotos producir una denegación de servicio a través de (1) una petición incompleta o (2) una petición con un tamaño largo de cabecera, relacionado con (a) HttpMsg.cc y (b) client_side.cc. • http://secunia.com/advisories/36007 http://www.mandriva.com/security/advisories?name=MDVSA-2009:161 http://www.mandriva.com/security/advisories?name=MDVSA-2009:178 http://www.securityfocus.com/bid/35812 http://www.securitytracker.com/id?1022607 http://www.squid-cache.org/Advisories/SQUID-2009_2.txt http://www.squid-cache.org/Versions/v3/3.1/changesets/b9654.patch http://www.vupen.com/english/advisories/2009/2013 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-2622
https://notcve.org/view.php?id=CVE-2009-2622
Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) "missing or mismatched protocol identifier," (2) missing or negative status value," (3) "missing version," or (4) "missing or invalid status number," related to (a) HttpMsg.cc and (b) HttpReply.cc. Squid desde v3.0 hasta v3.0.STABLE16 y desde v3.1 hasta v3.1.0.11 permite a atacantes remotos producir una denegación de servicio a través de peticiones mal formadas que incluyen (1) "identificador de protocolo perdido o mal utilizado," (2) "valor de estatus perdido o negativo," (3) "versión perdida," o (4) "número de estatus perdido o inválido", relacionado con HttpMsg.cc y (b) HttpReply.cc. • http://secunia.com/advisories/36007 http://www.mandriva.com/security/advisories?name=MDVSA-2009:161 http://www.mandriva.com/security/advisories?name=MDVSA-2009:178 http://www.securityfocus.com/bid/35812 http://www.securitytracker.com/id?1022607 http://www.squid-cache.org/Advisories/SQUID-2009_2.txt http://www.squid-cache.org/Versions/v3/3.1/changesets/b9661.patch http://www.vupen.com/english/advisories/2009/2013 • CWE-20: Improper Input Validation •
CVE-2009-0478 – Squid < 3.1 5 - HTTP Version Number Parsing Denial of Service
https://notcve.org/view.php?id=CVE-2009-0478
Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c. Squid versiones 2.7 hasta 2.7.STABLE5, versiones 3.0 hasta 3.0.STABLE12 y versiones 3.1 hasta 3.1.0.4, permiten a los atacantes remotos causar una denegación de servicio por medio de una petición HTTP con un número de versión no válido, lo que desencadena una aserción accesible en los archivos (1) HttpMsg.c y (2) HttpStatusLine.c. • https://www.exploit-db.com/exploits/8021 http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html http://secunia.com/advisories/33731 http://secunia.com/advisories/34467 http://security.gentoo.org/glsa/glsa-200903-38.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:034 http://www.securityfocus.com/archive/1/500653/100/0/threaded http://www.securityfocus.com/bid/33604 http://www.securitytracker.com/id?1021684 http://www.squid-cache.org/Advisorie • CWE-20: Improper Input Validation •
CVE-2008-1612 – squid: regression in SQUID-2007:2 / CVE-2007-6239
https://notcve.org/view.php?id=CVE-2008-1612
The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239. La función arrayShrink (lib/Array.c) en Squid 2.6.STABLE17 permite a atacantes provocar una denegación de servicio (terminación del proceso) a través de vectores desconocidos que provocan que un array se inicialice a 0 entradas, lo cual dispara un error de confirmación. NOTA: este problema se debe a un parche incompleto para CVE-2007-6239. • http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html http://marc.info/?l=squid-announce&m=120614453813157&w=2 http://secunia.com/advisories/27477 http://secunia.com/advisories/29813 http://secunia.com/advisories/30032 http://secunia.com/advisories/32109 http://secunia.com/advisories/34467 http://security.gentoo.org/glsa/glsa-200903-38.xml http://www.debian.org/security/2008/dsa-1646 http://www.mandriva.com/security/advisories?name=MDVSA-2008:134 http: • CWE-20: Improper Input Validation •