CVSS: 5.9EPSS: 37%CPEs: 3EXPL: 0CVE-2016-2390
https://notcve.org/view.php?id=CVE-2016-2390
19 Apr 2016 — The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintext HTTP message. El método FwdState::connectedToPeer en FwdState.cc en Squid en versiones anteriores a 3.5.14 y 4.0.x en versiones anteriores a 4.0.6 no maneja correctamente los errores de apretones de manos SSL cuando se construye c... • http://bugs.squid-cache.org/show_bug.cgi?id=4437 • CWE-20: Improper Input Validation •
CVSS: 8.2EPSS: 76%CPEs: 12EXPL: 0CVE-2016-3947 – Gentoo Linux Security Advisory 201607-01
https://notcve.org/view.php?id=CVE-2016-3947
07 Apr 2016 — Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 packet. Desbordamiento de buffer basado en memoria dinámica en la función Icmp6::Recv en icmp/Icmp6.cc en la utilidad pinger en Squid en versiones anteriores a 3.5.16 y 4.x en versiones anteriores a 4.0.8 permite a s... • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 58%CPEs: 158EXPL: 0CVE-2016-3948 – squid: denial of service issue in HTTP response processing
https://notcve.org/view.php?id=CVE-2016-3948
07 Apr 2016 — Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers. Squid 3.x en versiones anteriores a 3.5.16 y 4.x en versiones anteriores a 4.0.8 no realiza adecuadamente la comprobación de límites, lo que permite a atacantes remotos provocar una denegación de servicio a través de una respuesta HTTP manipulada, relacionada con cabeceras Vary. An incorrect boundary check was found ... • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 74%CPEs: 143EXPL: 1CVE-2016-2569 – squid: some code paths fail to check bounds in string object
https://notcve.org/view.php?id=CVE-2016-2569
27 Feb 2016 — Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header. Squid 3.x en versiones anteriores a 3.5.15 y 4.x en versiones anteriores a 4.0.7 no añade datos a objetos String adecuadamente, lo que permite a servidores remotos provocar una denegación de servicio (error de aserción y salida de demonio) a través de una cad... • https://github.com/amit-raut/CVE-2016-2569 • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 10%CPEs: 143EXPL: 0CVE-2016-2570 – squid: some code paths fail to check bounds in string object
https://notcve.org/view.php?id=CVE-2016-2570
27 Feb 2016 — The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h. El analizador de Edge Side Includes (ESI) en Squid 3.x en versiones anteriores a 3.5.15 y 4.x en versiones anteriores a 4.0.7 no comprueba los limites del buffer durante el análisis gramatical XML, ... • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 24%CPEs: 143EXPL: 0CVE-2016-2571 – squid: wrong error handling for malformed HTTP responses
https://notcve.org/view.php?id=CVE-2016-2571
27 Feb 2016 — http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response. http.cc en Squid 3.x en versiones anteriores a 3.5.15 y 4.x en versiones anteriores a 4.0.7 procede con el almacenamiento de ciertos datos después de un fallo de respuesta de análisis, lo que permite a servidores HTTP remotos provocar una denegación de ser... • http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html • CWE-20: Improper Input Validation CWE-228: Improper Handling of Syntactically Invalid Structure •