Page 6 of 57 results (0.011 seconds)

CVSS: 7.5EPSS: 91%CPEs: 9EXPL: 0

An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy. Se detectó un problema en Squid versiones anteriores a 4.10. Debido a una administración del búfer incorrecta, un cliente remoto puede causar un desbordamiento del búfer en una instancia de Squid que actúa como un proxy inverso. A flaw was found in squid. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html http://www.squid-cache.org/Advisories/SQUID-2020_1.txt http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch http://www.squid-cache.org/Versions&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-131: Incorrect Calculation of Buffer Size CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0

An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters. Se detectó un problema en Squid versiones anteriores a 4.10. Debido a una comprobación de entrada incorrecta, puede interpretar las peticiones HTTP diseñadas de manera no prevista para acceder a recursos del servidor prohibidos por parte de los filtros de seguridad anteriores. A flaw was found in squid. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html http://www.squid-cache.org/Advisories/SQUID-2020_1.txt http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch http://www.squid-cache.org/Versions&# • CWE-20: Improper Input Validation CWE-668: Exposure of Resource to Wrong Sphere •

CVSS: 7.4EPSS: 0%CPEs: 17EXPL: 0

An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be delivered to. Se descubrió un problema en Squid versiones 2.x, 3.x y versiones 4.x hasta 4.8 cuando la configuración append_domain es usada (porque los caracteres añadidos no interactúan apropiadamente con las restricciones de longitud del nombre de host). Debido a un procesamiento incorrecto del mensaje, puede redireccionar inapropiadamente el tráfico a los orígenes a los que no debe ser enviado. • http://www.squid-cache.org/Advisories/SQUID-2019_9.txt http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-e5f1813a674848dde570f7920873e1071f96e0b4.patch http://www.squid-cache.org/Versions/v4/changesets/squid-4-36492033ea4097821a4f7ff3ddcb971fbd1e8ba0.patch https://bugzilla.suse.com/show_bug.cgi?id=1156328 https://github.com/squid-cache/squid/pull/427 https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html h • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.5EPSS: 19%CPEs: 18EXPL: 0

An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks. Se descubrió un problema en Squid versiones 2.x, 3.x y versiones 4.x hasta 4.8. • http://www.squid-cache.org/Advisories/SQUID-2019_11.txt http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch https://bugzilla.suse.com/show_bug.cgi?id=1156324 https://github.com/squid-cache/squid/pull/491 https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW5367 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.9EPSS: 1%CPEs: 22EXPL: 0

An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checking its table. The length is then used to start decoding the string. There are no checks to ensure that the length it calculates isn't greater than the input buffer. This leads to adjacent memory being decoded as well. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html http://www.squid-cache.org/Versions/v4/changesets http://www.squid-cache.org/Versions/v4/changesets/squid-4-dd46b5417809647f561d8a5e0e74c3aacd235258.patch https://github.com/squid-cache/squid/commits/v4 https://lists.debian.org/debian-lts-announce/2019/07/msg00018.html https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html https://lists • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •