Page 4 of 74 results (0.005 seconds)

CVSS: 6.5EPSS: 3%CPEs: 28EXPL: 0

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent. Se ha detectado un problema en Squid versiones anteriores a 4.15 y en versiones 5.x anteriores a 5.0.6. Un problema de desbordamiento de enteros permite a un servidor remoto conseguir una Denegación de Servicio cuando se entrega respuestas a peticiones de rango HTTP. • http://seclists.org/fulldisclosure/2023/Oct/14 http://www.openwall.com/lists/oss-security/2023/10/11/3 http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF https://lists.fedoraproject.org/archive • CWE-190: Integer Overflow or Wraparound CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 1

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can easily trigger a large amount of memory consumption. Se detectó un problema en Squid versiones anteriores a 4.15 y versiones 5.x anteriores a 5.0.6. • http://seclists.org/fulldisclosure/2023/Oct/14 http://www.openwall.com/lists/oss-security/2023/10/11/3 https://bugs.squid-cache.org/show_bug.cgi?id=5104 https://github.com/squid-cache/squid/security/advisories/GHSA-ch36-9jhx-phm4 https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraprojec • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •

CVSS: 6.5EPSS: 91%CPEs: 7EXPL: 0

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing. Se detectó un problema en Squid versiones anteriores a 4.15 y versiones 5.x anteriores a 5.0.6. Debido a un bug de administración de la memoria, es vulnerable a un ataque de Denegación de Servicio (contra todos los clientes que usan el proxy) por medio del procesamiento de peticiones HTTP Range An incorrect input validation flaw was found in Squid, where it is vulnerable to a denial of service attack against all clients using the proxy. The highest threat from this vulnerability is to system availability. • http://seclists.org/fulldisclosure/2023/Oct/14 http://www.openwall.com/lists/oss-security/2023/10/11/3 http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF https://lists.fedoraproject.org/archive • CWE-20: Improper Input Validation CWE-116: Improper Encoding or Escaping of Output •

CVSS: 8.6EPSS: 0%CPEs: 7EXPL: 0

An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings. Se detectó un problema en Squid versiones hasta 4.13 y versiones 5.x hasta 5.0.4. Debido a una comprobación inapropiada de la entrada, permite a un cliente confiable llevar a cabo un Trafico No Autorizado de Peticiones HTTP y acceder a servicios que de otro modo estarían prohibidos por los controles de seguridad. • http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_11.patch http://www.squid-cache.org/Versions/v5/changesets/SQUID-2020_11.patch https://github.com/squid-cache/squid/security/advisories/GHSA-jvf6-h9gj-pmj6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJMDRVV677AJL4BZAOLCT5LMFCGBZTC2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FBXFWKIGXPERDVQXG556LLPUOCMQGERC https://lists.fedoraproject.org/archives/list/package-announc • CWE-20: Improper Input Validation CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •

CVSS: 5.3EPSS: 5%CPEs: 6EXPL: 0

Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody. Squid versiones hasta 4.14 y 5.xa 5.0.5, en algunas configuraciones, permite la divulgación de información debido a una lectura fuera de límites en los datos del protocolo WCCP. Esto puede ser aprovechado como parte de una cadena para la ejecución remota de código como nobody A flaw was found in squid. An out-of-bounds read in the WCCP protocol can be leveraged as part of a chain for remote code execution leading to an information disclosure. • http://www.openwall.com/lists/oss-security/2021/10/04/1 http://www.squid-cache.org/Versions https://github.com/squid-cache/squid/security/advisories/GHSA-rgf3-9v3p-qp82 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66 https://security.gentoo.org/glsa/202105-14 https://www.debian.org/security/2022/dsa-5171 https • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •