CVSS: 7.5EPSS: 62%CPEs: 143EXPL: 0CVE-2016-2571 – squid: wrong error handling for malformed HTTP responses
https://notcve.org/view.php?id=CVE-2016-2571
27 Feb 2016 — http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response. http.cc en Squid 3.x en versiones anteriores a 3.5.15 y 4.x en versiones anteriores a 4.0.7 procede con el almacenamiento de ciertos datos después de un fallo de respuesta de análisis, lo que permite a servidores HTTP remotos provocar una denegación de ser... • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html • CWE-20: Improper Input Validation CWE-228: Improper Handling of Syntactically Invalid Structure •
CVSS: 9.1EPSS: 2%CPEs: 4EXPL: 4CVE-2015-5400 – Debian Security Advisory 3327-1
https://notcve.org/view.php?id=CVE-2015-5400
04 Aug 2015 — Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request. Vulnerabilidad en Squid en versiones anteriores a 3.5.6, no maneja adecuadamente las respuestas de pares del método CONNECT cuando se configura con cache_peer, lo que permite a atacantes remotos eludir las restricciones previstas y obtener acceso a un proxy backend a través de una sol... • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183598.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0881
https://notcve.org/view.php?id=CVE-2015-0881
20 Feb 2015 — CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response. Una vulnerabilidad de inyección CRLF en Squid anterior a versión 3.1.1, permite a los atacantes remotos inyectar encabezados HTTP arbitrarios y conducir ataques de división de respuesta HTTP por medio de un encabezado diseñado en una respuesta. • http://jvn.jp/en/jp/JVN64455813/index.html •
CVSS: 7.5EPSS: 11%CPEs: 181EXPL: 0CVE-2014-6270 – Gentoo Linux Security Advisory 201607-01
https://notcve.org/view.php?id=CVE-2014-6270
12 Sep 2014 — Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow. Error de superación de límite (off-by-one) en la función snmpHandleUdp en snmp_core.cc en Squid 2.x y 3.x, cuando un puerto SNMP está configurado, permite a atacantes remotos causar una denegación de servicio (caída) o po... • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 94%CPEs: 88EXPL: 0CVE-2014-3609 – squid: assertion failure in Range header processing (SQUID-2014:2)
https://notcve.org/view.php?id=CVE-2014-3609
28 Aug 2014 — HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted "Range headers with unidentifiable byte-range values." HttpHdrRange.cc en Squid 3.x anterior a 3.3.12 y 3.4.x anterior a 3.4.6 permite a atacantes remotos causar una denegación de servicio (caída) a través de una solicitud con ' cabeceras de rango con valores de rango de bytes no identificables' manipuladas. A flaw was found in the way Squid handled malfor... • http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00025.html • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 18%CPEs: 87EXPL: 0CVE-2014-0128 – squid: denial of service when using SSL-Bump
https://notcve.org/view.php?id=CVE-2014-0128
14 Apr 2014 — Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management. Squid 3.1 anterior a 3.3.12 y 3.4 anterior a 3.4.4, cuando SSL-Bump está habilitado, permite a atacantes remotos causar una denegación de servicio (fallo de aserción) a través de una solicitud de rango manipulada, relacionado con gestión de estado. Due to incorrect state management, Squid before 3.3.12 is vu... • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 3%CPEs: 63EXPL: 0CVE-2013-0189 – Gentoo Linux Security Advisory 201309-22
https://notcve.org/view.php?id=CVE-2013-0189
08 Feb 2013 — cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect order of arguments or incorrect comparison. cachemgr.cgi en Squid v3.1.x, v3.2.x y posiblemente, v3.1.22, v3.2.4 y otras versiones, permite a atacantes remotos provocar una denegación de servicio (consumo de recursos) a través de una s... • http://bazaar.launchpad.net/~squid/squid/3.2/revision/11743 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 93%CPEs: 102EXPL: 0CVE-2012-5643 – squid: cachemgr.cgi memory usage DoS and memory leaks
https://notcve.org/view.php?id=CVE-2012-5643
20 Dec 2012 — Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials. Varias fugas de memoria en tools/cachemgr.cc en cachemgr.cgi en Squid v2.x y v3.x antes de v3.1.22, v3.2.x antes de v3.2.4 y v3.3.x antes de v3.3.0.2 permite a atacantes remotos provocar una d... • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html • CWE-20: Improper Input Validation CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 93%CPEs: 87EXPL: 0CVE-2011-4096 – squid: Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record
https://notcve.org/view.php?id=CVE-2011-4096
17 Nov 2011 — The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record. La función idnsGrokReply en Squid anterior a v3.1.16 no adecuada de memoria libre, permite a atacantes remotos provocar una denegación de servicio (daemon abortar) a través de una respuesta DNS que contiene un registro CNAME que hace referencia ... • http://bugs.squid-cache.org/show_bug.cgi?id=3237#c12 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 95%CPEs: 71EXPL: 0CVE-2011-3205 – squid: buffer overflow flaw in Squid's Gopher reply parser (SQUID-2011:3)
https://notcve.org/view.php?id=CVE-2011-3205
06 Sep 2011 — Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression. Desbordamiento de búfer en la v3.0 anterior a v3.0.STABLE26, v3.1 anterior a v3.1.15, y v3.2 anterior a v3.2.0.11 per... • http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065534.html •