CVSS: 7.5EPSS: 93%CPEs: 102EXPL: 0CVE-2012-5643 – squid: cachemgr.cgi memory usage DoS and memory leaks
https://notcve.org/view.php?id=CVE-2012-5643
20 Dec 2012 — Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials. Varias fugas de memoria en tools/cachemgr.cc en cachemgr.cgi en Squid v2.x y v3.x antes de v3.1.22, v3.2.x antes de v3.2.4 y v3.3.x antes de v3.3.0.2 permite a atacantes remotos provocar una d... • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html • CWE-20: Improper Input Validation CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 93%CPEs: 87EXPL: 0CVE-2011-4096 – squid: Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record
https://notcve.org/view.php?id=CVE-2011-4096
17 Nov 2011 — The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record. La función idnsGrokReply en Squid anterior a v3.1.16 no adecuada de memoria libre, permite a atacantes remotos provocar una denegación de servicio (daemon abortar) a través de una respuesta DNS que contiene un registro CNAME que hace referencia ... • http://bugs.squid-cache.org/show_bug.cgi?id=3237#c12 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 91%CPEs: 33EXPL: 0CVE-2010-0639
https://notcve.org/view.php?id=CVE-2010-0639
15 Feb 2010 — The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port. La función htcpHandleTstRequest en el archivo htcp.c en Squid versiones 2.x anterior a 2.6.STABLE24 y versión 2.7 anterior a 2.7.STABLE8, y en el archivo htcp.cc en versión 3.0 anterior a 3.0.STABLE24, permite que los atacantes remo... • http://bugs.squid-cache.org/show_bug.cgi?id=2858 •
CVSS: 7.5EPSS: 4%CPEs: 46EXPL: 0CVE-2010-0308 – squid: temporary DoS (assertion failure) triggered by truncated DNS packet (SQUID-2010:1)
https://notcve.org/view.php?id=CVE-2010-0308
03 Feb 2010 — lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header. lib/rfc1035.c en Squid 2.x, desde v3.0 hasta v3.0.STABLE22, y desde v3.1 hasta v3.1.0.15 permite a atacantes remotos producir una denegación de servicio (fallo de aserción) a través de un paquete DNS manipulado que unicamente contiene una cabecera. • http://events.ccc.de/congress/2009/Fahrplan/attachments/1483_26c3_ipv4_fuckups.pdf • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 7%CPEs: 45EXPL: 0CVE-2005-3258
https://notcve.org/view.php?id=CVE-2005-3258
20 Oct 2005 — The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and earlier allows remote FTP servers to cause a denial of service (segmentation fault) via certain "odd" responses. • http://secunia.com/advisories/17271 •
CVSS: 7.5EPSS: 95%CPEs: 2EXPL: 0CVE-2005-2917
https://notcve.org/view.php?id=CVE-2005-2917
30 Sep 2005 — Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart). • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt •
CVSS: 7.5EPSS: 10%CPEs: 42EXPL: 0CVE-2005-2794
https://notcve.org/view.php?id=CVE-2005-2794
07 Sep 2005 — store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (crash) via certain aborted requests that trigger an assert error related to STORE_PENDING. • http://fedoranews.org/updates/FEDORA--.shtml •
CVSS: 7.5EPSS: 27%CPEs: 61EXPL: 0CVE-2005-2796
https://notcve.org/view.php?id=CVE-2005-2796
07 Sep 2005 — The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (segmentation fault) via certain crafted requests. • http://fedoranews.org/updates/FEDORA--.shtml •
CVSS: 7.5EPSS: 25%CPEs: 1EXPL: 0CVE-2005-1519
https://notcve.org/view.php?id=CVE-2005-1519
11 May 2005 — Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered and the environment does not prevent IP spoofing, allows remote attackers to spoof DNS lookups. • http://fedoranews.org/updates/FEDORA--.shtml •
CVSS: 9.1EPSS: 0%CPEs: 9EXPL: 0CVE-2005-1345
https://notcve.org/view.php?id=CVE-2005-1345
28 Apr 2005 — Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it identifies missing or invalid ACLs in the http_access configuration, which could lead to less restrictive ACLs than intended by the administrator. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000948 •