CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45802 – Squid Denial of Service
https://notcve.org/view.php?id=CVE-2024-45802
28 Oct 2024 — Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the default build configuration of Squid version 6.10. A flaw was found in Squid. Due to input validation and resource management issues, a denial of se... • https://github.com/squid-cache/squid/security/advisories/GHSA-f975-v7qw-q7hj • CWE-20: Improper Input Validation •
CVSS: 6.3EPSS: 4%CPEs: 4EXPL: 0CVE-2024-37894 – Squid vulnerable to heap corruption in ESI assign
https://notcve.org/view.php?id=CVE-2024-37894
25 Jun 2024 — Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack. Squid es un proxy de almacenamiento en caché para la Web que admite HTTP, HTTPS, FTP y más. Debido a un error de escritura fuera de los límites al asignar variables ESI, Squid es susceptible a un error de corrupción de memoria. • https://github.com/squid-cache/squid/commit/f411fe7d75197852f0e5ee85027a06d58dd8df4c.patch • CWE-787: Out-of-bounds Write •
CVSS: 8.6EPSS: 21%CPEs: 1EXPL: 0CVE-2024-25111 – SQUID-2024:1 Denial of Service in HTTP Chunked Decoding
https://notcve.org/view.php?id=CVE-2024-25111
06 Mar 2024 — Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending a crafted, chunked, encoded HTTP Message. This bug is fixed in Squid version 6.8. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. • http://www.squid-cache.org/Versions/v6/SQUID-2024_1.patch • CWE-674: Uncontrolled Recursion •
CVSS: 8.6EPSS: 11%CPEs: 1EXPL: 0CVE-2024-25617 – Denial of Service in HTTP Header parser in squid proxy
https://notcve.org/view.php?id=CVE-2024-25617
14 Feb 2024 — Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to perform Denial of Service when sending oversized headers in HTTP messages. In versions of Squid prior to 6.5 this can be achieved if the request_header_max_size or reply_header_max_size settings are unchanged from the default. In Squ... • https://github.com/squid-cache/squid/commit/72a3bbd5e431597c3fdb56d752bc56b010ba3817 • CWE-182: Collapse of Data into Unsafe Value CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.8EPSS: 80%CPEs: 2EXPL: 1CVE-2024-23638 – SQUID-2023:11 Denial of Service in Cache Manager
https://notcve.org/view.php?id=CVE-2024-23638
23 Jan 2024 — Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client Manager reports. Squid older than 5.0.5 have not been tested and should be assumed to be vulnerable. All Squid-5.x up to and including 5.9 are vulnerable. • http://www.squid-cache.org/Versions/v5/SQUID-2023_11.patch • CWE-672: Operation on a Resource after Expiration or Release CWE-825: Expired Pointer Dereference •
CVSS: 8.6EPSS: 34%CPEs: 13EXPL: 0CVE-2023-50269 – SQUID-2023:10 Denial of Service in HTTP Request parsing
https://notcve.org/view.php?id=CVE-2023-50269
14 Dec 2023 — Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to perform Denial of Service attack by sending a large X-Forwarded-For header when the follow_x_forwarded_for feature is configured. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for ... • http://www.squid-cache.org/Versions/v5/SQUID-2023_10.patch • CWE-674: Uncontrolled Recursion •
CVSS: 8.6EPSS: 67%CPEs: 1EXPL: 0CVE-2023-49285 – Denial of Service in HTTP Message Processing in Squid
https://notcve.org/view.php?id=CVE-2023-49285
04 Dec 2023 — Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. • http://www.squid-cache.org/Versions/v5/SQUID-2023_7.patch • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 8.6EPSS: 28%CPEs: 1EXPL: 0CVE-2023-49286 – Denial of Service in Helper Process management
https://notcve.org/view.php?id=CVE-2023-49286
04 Dec 2023 — Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. • http://www.squid-cache.org/Versions/v6/SQUID-2023_8.patch • CWE-253: Incorrect Check of Function Return Value CWE-617: Reachable Assertion CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 8.6EPSS: 5%CPEs: 1EXPL: 0CVE-2023-49288 – Denial of Service in HTTP Collapsed Forwarding in Squid
https://notcve.org/view.php?id=CVE-2023-49288
04 Dec 2023 — Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with "collapsed_forwarding on" are vulnerable. Configurations with "collapsed_forwarding off" or without a "collapsed_forwarding" directive are not vulnerable. This bug is fixed by Squid version 6.0.1. • https://github.com/squid-cache/squid/security/advisories/GHSA-rj5h-46j6-q2g5 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 8%CPEs: 1EXPL: 0CVE-2023-46728 – SQUID-2021:8 Denial of Service in Gopher gateway
https://notcve.org/view.php?id=CVE-2023-46728
06 Nov 2023 — Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. • https://github.com/squid-cache/squid/commit/6ea12e8fb590ac6959e9356a81aa3370576568c3 • CWE-476: NULL Pointer Dereference •