CVSS: 8.6EPSS: 1%CPEs: 12EXPL: 0CVE-2020-24606 – squid: Improper input validation could result in a DoS
https://notcve.org/view.php?id=CVE-2020-24606
Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF. Squid versiones anteriores a 4.13 y versiones 5.x anteriores a 5.0.4, permite que un peer de confianza lleve a cabo una Denegación de Servicio mediante el consumo de todos los ciclos de la CPU disponibles durante el manejo de un mensaje de respuesta de Cache Digest diseñado. Esto solo ocurre cuando cache_peer es usado con la funcionalidad cache digest. • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_9.patch https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2 https://lists.fedoraproje • CWE-20: Improper Input Validation CWE-667: Improper Locking •
CVSS: 7.7EPSS: 0%CPEs: 5EXPL: 0CVE-2020-14058 – squid: DoS in TLS handshake
https://notcve.org/view.php?id=CVE-2020-14058
An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a TLS connection to an attacker-controlled server for HTTPS. This occurs because unrecognized error values are mapped to NULL, but later code expects that each error value is mapped to a valid error string. Se detectó un problema en Squid versiones anteriores a 4.12 y versiones 5.x anteriores a 5.0.3. Debido al uso de una función potencialmente peligrosa, Squid y el asistente de comprobación de certificados predeterminado son vulnerables a una Denegación de Servicio al abrir una conexión TLS en un servidor controlado por el atacante por HTTPS. • http://www.squid-cache.org/Advisories/SQUID-2020_6.txt http://www.squid-cache.org/Versions/v4/changesets/squid-4-93f5fda134a2a010b84ffedbe833d670e63ba4be.patch http://www.squid-cache.org/Versions/v5/changesets/squid-5-c6d1a4f6a2cbebceebc8a3fcd8f539ceb7b7f723.patch https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3RG5FGSTCAYVIJPJHIY3MRZ7NFT6HDO7 https://security.netapp.com/advisory/ntap-20210312-0001 https://access.redhat.com/security/cve/CVE-2020-14058 https://bugzilla.redhat.com/show • CWE-676: Use of Potentially Dangerous Function •
CVSS: 9.9EPSS: 1%CPEs: 14EXPL: 0CVE-2020-15049 – squid: Request smuggling and poisoning attack against the HTTP cache
https://notcve.org/view.php?id=CVE-2020-15049
An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an uncommon shell whitespace character prefix to the length field-value. Se detectó un problema en el archivo http/ContentLengthInterpreter.cc en Squid versiones anteriores a 4.12 y versiones 5.x anteriores a 5.0.3. Un ataque de Trafico No Autorizado de Peticiones y Envenenamiento puede tener éxito contra la memoria caché HTTP. • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html http://www.squid-cache.org/Versions/v4/changesets/squid-4-ea12a34d338b962707d5078d6d1fc7c6eb119a22.patch http://www.squid-cache.org/Versions/v5/changesets/squid-5-485c9a7bb1bba88754e07ad0094647ea57a6eb8d.patch https://github.com/squid-cache/squid/security/advisories/GHSA-qf3v-rc95-96j5 https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html https://lists.fedor • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 9.8EPSS: 13%CPEs: 13EXPL: 0CVE-2020-11945 – squid: improper access restriction upon Digest Authentication nonce replay could lead to remote code execution
https://notcve.org/view.php?id=CVE-2020-11945
An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials). Se detectó un problema en Squid versiones anteriores a 5.0.2. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html http://master.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch http://www.openwall.com/lists/oss-security/2020/04/23/2 http://www.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch https://bugzilla.suse.com/show_bug.cgi?id=1170313 https://github.com/squid-cache/squid/commit/eeebf0f37a72a2de08348e85ae34b02c34e9a811 https://github.com/squid-cache/squid/pull/585 • CWE-190: Integer Overflow or Wraparound CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 1%CPEs: 10EXPL: 0CVE-2019-12519 – squid: improper check for new member in ESIExpression::Evaluate allows for stack buffer overflow
https://notcve.org/view.php?id=CVE-2019-12519
An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won't overflow. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html http://www.openwall.com/lists/oss-security/2020/04/23/1 https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12519.txt https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html https://security.gentoo.org/glsa/202005-05 https://security.netapp.com/advisory/ntap-20210205-0006 https://usn.ubuntu.com/4356-1 https://www.debian.org/security/2020/dsa-4682 https://a • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •