CVSS: 9.6EPSS: 0%CPEs: 12EXPL: 0CVE-2020-15810 – squid: HTTP Request Smuggling could result in cache poisoning
https://notcve.org/view.php?id=CVE-2020-15810
27 Aug 2020 — An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source. When configured for relaxed header parsing (the default), Squid relays headers containing whitespace characters to upstream servers. • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 8.6EPSS: 2%CPEs: 12EXPL: 0CVE-2020-24606 – squid: Improper input validation could result in a DoS
https://notcve.org/view.php?id=CVE-2020-24606
24 Aug 2020 — Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF. Squid versiones anteriores a 4.13 y versiones 5.x anteriores a 5.0.4, permite que un peer de confianza lleve a cabo una Denegación de Servicio mediante el... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html • CWE-20: Improper Input Validation CWE-667: Improper Locking •
CVSS: 7.7EPSS: 0%CPEs: 5EXPL: 0CVE-2020-14058 – squid: DoS in TLS handshake
https://notcve.org/view.php?id=CVE-2020-14058
30 Jun 2020 — An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a TLS connection to an attacker-controlled server for HTTPS. This occurs because unrecognized error values are mapped to NULL, but later code expects that each error value is mapped to a valid error string. Se detectó un problema en Squid versiones anteriores a 4.12 y versiones 5.x anteriores ... • http://www.squid-cache.org/Advisories/SQUID-2020_6.txt • CWE-676: Use of Potentially Dangerous Function •
CVSS: 9.9EPSS: 1%CPEs: 14EXPL: 0CVE-2020-15049 – squid: Request smuggling and poisoning attack against the HTTP cache
https://notcve.org/view.php?id=CVE-2020-15049
30 Jun 2020 — An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an uncommon shell whitespace character prefix to the length field-value. Se detectó un problema en el archivo http/ContentLengthInterpreter.cc en Squid versiones anteriores a 4.12 y versiones 5.x anteriores a 5.0.3. Un ataque de Trafico No Autoriza... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 9.8EPSS: 6%CPEs: 13EXPL: 0CVE-2020-11945 – squid: improper access restriction upon Digest Authentication nonce replay could lead to remote code execution
https://notcve.org/view.php?id=CVE-2020-11945
23 Apr 2020 — An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials). Se detectó un problema en Squid versiones anteriores a 5.0.2. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html • CWE-190: Integer Overflow or Wraparound CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 7%CPEs: 10EXPL: 0CVE-2019-12519 – squid: improper check for new member in ESIExpression::Evaluate allows for stack buffer overflow
https://notcve.org/view.php?id=CVE-2019-12519
15 Apr 2020 — An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won't overflow. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2019-12520 – squid: Improper input validation in request allows for proxy manipulation
https://notcve.org/view.php?id=CVE-2019-12520
15 Apr 2020 — An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers the request. The absolute URL can include the decoded UserInfo (username and password) for certain protocols. • http://www.squid-cache.org/Versions/v4 • CWE-20: Improper Input Validation •
CVSS: 4.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12522
https://notcve.org/view.php?id=CVE-2019-12522
15 Apr 2020 — An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This makes it trivial for an attacker who has compromised the child process to escalate their privileges back to root. Se detectó un problema en Squid versiones hasta 4.7. • https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12522.txt • CWE-269: Improper Privilege Management •
CVSS: 5.9EPSS: 7%CPEs: 10EXPL: 0CVE-2019-12521 – squid: Off-by-one error in addStackElement allows for heap buffer overflow and crash
https://notcve.org/view.php?id=CVE-2019-12521
15 Apr 2020 — An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while processing. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html • CWE-122: Heap-based Buffer Overflow CWE-193: Off-by-one Error CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-12524 – squid: Improper access restriction in url_regex may lead to security bypass
https://notcve.org/view.php?id=CVE-2019-12524
15 Apr 2020 — An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is implemented via url_regex. The handler for url_regex rules URL decodes an incoming request. • https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12524.txt • CWE-20: Improper Input Validation CWE-306: Missing Authentication for Critical Function •