CVE-2010-0308 – squid: temporary DoS (assertion failure) triggered by truncated DNS packet (SQUID-2010:1)
https://notcve.org/view.php?id=CVE-2010-0308
lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header. lib/rfc1035.c en Squid 2.x, desde v3.0 hasta v3.0.STABLE22, y desde v3.1 hasta v3.1.0.15 permite a atacantes remotos producir una denegación de servicio (fallo de aserción) a través de un paquete DNS manipulado que unicamente contiene una cabecera. • http://events.ccc.de/congress/2009/Fahrplan/attachments/1483_26c3_ipv4_fuckups.pdf http://osvdb.org/62044 http://secunia.com/advisories/38451 http://secunia.com/advisories/38455 http://www.securityfocus.com/bid/37522 http://www.securitytracker.com/id?1023520 http://www.squid-cache.org/Advisories/SQUID-2010_1.txt http://www.squid-cache.org/Versions/v2/HEAD/changesets/12597.patch http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9163.patch http://www. • CWE-20: Improper Input Validation •
CVE-2007-6239 – squid: DoS in cache updates
https://notcve.org/view.php?id=CVE-2007-6239
The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects. La funcionalidad de "cache update reply processing" en Squid versiones 2.x anteriores a 2.6.STABLE17 y Squid versión 3.0, permite a atacantes remotos causar una denegación de servicio (bloqueo) por medio de vectores desconocidos relacionados con encabezados HTTP y una pérdida de memoria de Matriz durante las peticiones de objetos en caché. • http://bugs.gentoo.org/show_bug.cgi?id=201209 http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html http://secunia.com/advisories/27910 http://secunia.com/advisories/28091 http://secunia.com/advisories/28109 http://secunia.com/advisories/28350 http://secunia.com/advisories/28381 http://secunia.com/advisories/28403 http://secunia.com/advisories/28412 http://secunia.com/advisories/28814 http://secunia.com/advisories/34467 http://security.gentoo.org/glsa/ • CWE-20: Improper Input Validation •
CVE-2005-3258
https://notcve.org/view.php?id=CVE-2005-3258
The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and earlier allows remote FTP servers to cause a denial of service (segmentation fault) via certain "odd" responses. • http://secunia.com/advisories/17271 http://secunia.com/advisories/17287 http://secunia.com/advisories/17338 http://secunia.com/advisories/17407 http://secunia.com/advisories/17513 http://secunia.com/advisories/17626 http://secunia.com/advisories/17645 http://securitytracker.com/id?1015085 http://www.novell.com/linux/security/advisories/2005_27_sr.html http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE11-rfc1738_do_escape http://www.vupen.com/english/ •
CVE-2005-2917
https://notcve.org/view.php?id=CVE-2005-2917
Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart). • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U http://fedoranews.org/updates/FEDORA--.shtml http://secunia.com/advisories/16992 http://secunia.com/advisories/17015 http://secunia.com/advisories/17050 http://secunia.com/advisories/17177 http://secunia.com/advisories/19161 http://secunia.com/advisories/19532 http://securitytracker.com/id?1014920 http://www.debian.org/security/ •
CVE-2005-2796
https://notcve.org/view.php?id=CVE-2005-2796
The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (segmentation fault) via certain crafted requests. • http://fedoranews.org/updates/FEDORA--.shtml http://secunia.com/advisories/16977 http://secunia.com/advisories/17027 http://securitytracker.com/id?1014846 http://www.debian.org/security/2005/dsa-809 http://www.gentoo.org/security/en/glsa/glsa-200509-06.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:162 http://www.novell.com/linux/security/advisories/2005_21_sr.html http://www.novell.com/linux/security/advisories/2005_53_squid.html http://www.redhat •