Page 3 of 73 results (0.005 seconds)

CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0

Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. • http://www.squid-cache.org/Versions/v5/SQUID-2023_4.patch http://www.squid-cache.org/Versions/v6/SQUID-2023_4.patch https://github.com/squid-cache/squid/commit/b70f864940225dfe69f9f653f948e787f99c3810 https://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC https: • CWE-125: Out-of-bounds Read CWE-129: Improper Validation of Array Index CWE-295: Improper Certificate Validation CWE-786: Access of Memory Location Before Start of Buffer CWE-823: Use of Out-of-range Pointer Offset CWE-1285: Improper Validation of Specified Index, Position, or Offset in Input •

CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0

A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a client. This is fixed in 5.7. Se descubrió una lectura excesiva del búfer en libntlmauth en Squid 2.5 a 5.6. • http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_2.patch http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_2.patch https://github.com/squid-cache/squid/security/advisories/GHSA-394c-rr7q-6g78 https://www.openwall.com/lists/oss-security/2022/09/23/2 https://access.redhat.com/security/cve/CVE-2022-41318 https://bugzilla.redhat.com/show_bug.cgi?id=2129771 • CWE-126: Buffer Over-read CWE-190: Integer Overflow or Wraparound •

CVSS: 7.5EPSS: 3%CPEs: 6EXPL: 0

In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses. En Squid versiones 3.x hasta 3.5.28, versiones 4.x hasta 4.17 y versiones 5.x anteriores a 5.6, debido a una administración inapropiada del búfer, puede producirse una denegación de servicio cuando son procesadas respuestas largas del servidor Gopher A vulnerability was found in squid (Web proxy cache server). This issue occurs due to improper buffer management while processing Gopher server responses. This flaw leads to a remote denial of service or a crash if it receives specially crafted network traffic, either by mistake or a malicious actor. • http://www.openwall.com/lists/oss-security/2023/10/13/1 http://www.openwall.com/lists/oss-security/2023/10/13/10 http://www.openwall.com/lists/oss-security/2023/10/21/1 http://www.squid-cache.org/Versions/v4/changesets/SQUID-2021_7.patch http://www.squid-cache.org/Versions/v5/changesets/SQUID-2021_7.patch https://github.com/squid-cache/squid/commit/5e2ea2b13bd98f53e29964ca26bb0d602a8a12b9 https://github.com/squid-cache/squid/security/advisories/GHSA-f5cp-6rh3-284w https:/&# • CWE-617: Reachable Assertion •

CVSS: 6.5EPSS: 14%CPEs: 5EXPL: 0

Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server. Squid versiones anteriores a 4.15 y versiones 5.x anteriores a 5.0.6, permite a servidores remotos causar una denegación de servicio (afectando la disponibilidad para todos los clientes) por medio de una respuesta HTTP. El desencadenante del problema es un encabezado que puede esperarse que se presente en el tráfico HTTP sin ninguna intención maliciosa por parte del servidor An input validation flaw was found in Squid. This issue could allow a remote server to perform a denial of service against all clients using the proxy when delivering HTTP response messages. • http://seclists.org/fulldisclosure/2023/Oct/14 http://www.openwall.com/lists/oss-security/2023/10/11/3 http://www.squid-cache.org/Versions/v4/changesets/squid-4-1e05a85bd28c22c9ca5d3ac9f5e86d6269ec0a8c.patch http://www.squid-cache.org/Versions/v5/changesets/squid-5-8af775ed98bfd610f9ce762fe177e01b2675588c.patch https://github.com/squid-cache/squid/security/advisories/GHSA-572g-rvwr-6c7f https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html https://lists.fedoraproject.org/archives/list/package-a • CWE-20: Improper Input Validation •

CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 1

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unspecified short query string. This attack is limited to clients with Cache Manager API access privilege. Se detectó un problema en Squid versiones anteriores a 4.15 y versiones 5.x anteriores a 5.0.6. • http://seclists.org/fulldisclosure/2023/Oct/14 http://www.openwall.com/lists/oss-security/2023/10/11/3 https://bugs.squid-cache.org/show_bug.cgi?id=5106 https://github.com/squid-cache/squid/security/advisories/GHSA-m47m-9hvw-7447 https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraprojec • CWE-401: Missing Release of Memory after Effective Lifetime •