Filtered by vendor Squid-cache
Subscribe
Total
100 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-6270 | 2 Oracle, Squid-cache | 2 Solaris, Squid | 2024-11-21 | 6.8 MEDIUM | N/A |
Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow. | |||||
CVE-2014-3609 | 1 Squid-cache | 1 Squid | 2024-11-21 | 5.0 MEDIUM | N/A |
HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted "Range headers with unidentifiable byte-range values." | |||||
CVE-2014-0128 | 2 Opensuse, Squid-cache | 2 Opensuse, Squid | 2024-11-21 | 5.0 MEDIUM | N/A |
Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management. | |||||
CVE-2013-4123 | 2 Opensuse, Squid-cache | 2 Opensuse, Squid | 2024-11-21 | 5.0 MEDIUM | N/A |
client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header. | |||||
CVE-2013-4115 | 2 Opensuse, Squid-cache | 2 Opensuse, Squid | 2024-11-21 | 7.5 HIGH | N/A |
Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server termination) via a long name in a DNS lookup request. | |||||
CVE-2013-1839 | 1 Squid-cache | 1 Squid | 2024-11-21 | 7.8 HIGH | N/A |
The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x before 3.2.9 and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a "," character in an Accept-Language header. | |||||
CVE-2013-0189 | 2 Canonical, Squid-cache | 2 Ubuntu Linux, Squid | 2024-11-21 | 5.0 MEDIUM | N/A |
cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect order of arguments or incorrect comparison. | |||||
CVE-2012-5643 | 1 Squid-cache | 1 Squid | 2024-11-21 | 5.0 MEDIUM | N/A |
Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials. | |||||
CVE-2012-2213 | 1 Squid-cache | 1 Squid | 2024-11-21 | 5.0 MEDIUM | N/A |
** DISPUTED ** Squid 3.1.9 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher is unable to provide a squid.conf file for a vulnerable system, and the observed behavior is consistent with a squid.conf file that was (perhaps inadvertently) designed to allow access based on a "req_header Host" acl regex that matches www.uol.com.br. | |||||
CVE-2011-4096 | 1 Squid-cache | 1 Squid | 2024-11-21 | 5.0 MEDIUM | N/A |
The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record. | |||||
CVE-2011-3205 | 1 Squid-cache | 1 Squid | 2024-11-21 | 6.8 MEDIUM | N/A |
Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression. | |||||
CVE-2010-3072 | 1 Squid-cache | 1 Squid | 2024-11-21 | 5.0 MEDIUM | N/A |
The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request. | |||||
CVE-2010-2951 | 1 Squid-cache | 1 Squid | 2024-11-21 | 5.0 MEDIUM | N/A |
dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not enabled, accesses an invalid socket during an IPv4 TCP DNS query, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors that trigger an IPv4 DNS response with the TC bit set. | |||||
CVE-2010-0639 | 1 Squid-cache | 1 Squid | 2024-11-21 | 5.0 MEDIUM | N/A |
The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port. | |||||
CVE-2010-0308 | 1 Squid-cache | 1 Squid | 2024-11-21 | 4.0 MEDIUM | N/A |
lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header. | |||||
CVE-2009-2855 | 1 Squid-cache | 1 Squid | 2024-11-21 | 5.0 MEDIUM | N/A |
The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function. | |||||
CVE-2009-2622 | 1 Squid-cache | 1 Squid | 2024-11-21 | 5.0 MEDIUM | N/A |
Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) "missing or mismatched protocol identifier," (2) missing or negative status value," (3) "missing version," or (4) "missing or invalid status number," related to (a) HttpMsg.cc and (b) HttpReply.cc. | |||||
CVE-2009-2621 | 1 Squid-cache | 1 Squid | 2024-11-21 | 5.0 MEDIUM | N/A |
Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce "buffer limits and related bound checks," which allows remote attackers to cause a denial of service via (1) an incomplete request or (2) a request with a large header size, related to (a) HttpMsg.cc and (b) client_side.cc. | |||||
CVE-2005-0211 | 2 Debian, Squid-cache | 2 Debian Linux, Squid | 2024-11-20 | 7.5 HIGH | N/A |
Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recvfrom function call that uses an incorrect length parameter. | |||||
CVE-2024-45802 | 1 Squid-cache | 1 Squid | 2024-11-05 | N/A | 7.5 HIGH |
Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the default build configuration of Squid version 6.10. |