Filtered by vendor Squid-cache
Subscribe
Total
106 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-62168 | 1 Squid-cache | 1 Squid | 2025-11-05 | N/A | 10.0 CRITICAL |
| Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to authenticate. This potentially allows a remote client to identify security tokens or credentials used internally by a web application using Squid for backend load balancing. These attacks do not require Squid to be configured with HTTP authentication. The vulnerability is fixed in version 7.2. As a workaround, disable debug information in administrator mailto links generated by Squid by configuring squid.conf with email_err_data off. | |||||
| CVE-2025-54574 | 1 Squid-cache | 1 Squid | 2025-11-05 | N/A | 9.3 CRITICAL |
| Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URN due to incorrect buffer management. This has been fixed in version 6.4. To work around this issue, disable URN access permissions. | |||||
| CVE-2019-18860 | 1 Squid-cache | 1 Squid | 2025-11-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi. | |||||
| CVE-2024-45802 | 1 Squid-cache | 1 Squid | 2025-11-03 | N/A | 7.5 HIGH |
| Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the default build configuration of Squid version 6.10. | |||||
| CVE-2024-37894 | 1 Squid-cache | 1 Squid | 2025-11-03 | N/A | 6.3 MEDIUM |
| Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack. | |||||
| CVE-2024-25111 | 3 Fedoraproject, Netapp, Squid-cache | 3 Fedora, Bluexp, Squid | 2025-11-03 | N/A | 8.6 HIGH |
| Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending a crafted, chunked, encoded HTTP Message. This bug is fixed in Squid version 6.8. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. There is no workaround for this issue. | |||||
| CVE-2023-5824 | 2 Redhat, Squid-cache | 2 Enterprise Linux, Squid | 2025-11-03 | N/A | 7.5 HIGH |
| A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk cache, resulting in a denial of service. | |||||
| CVE-2023-46728 | 1 Squid-cache | 1 Squid | 2025-11-03 | N/A | 7.5 HIGH |
| Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests. | |||||
| CVE-2025-59362 | 1 Squid-cache | 1 Squid | 2025-10-07 | N/A | 4.0 MEDIUM |
| Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs. This occurs in asn_build_objid in lib/snmplib/asn1.c. | |||||
| CVE-2024-25617 | 2 Netapp, Squid-cache | 2 Bluexp, Squid | 2025-06-25 | N/A | 5.3 MEDIUM |
| Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to perform Denial of Service when sending oversized headers in HTTP messages. In versions of Squid prior to 6.5 this can be achieved if the request_header_max_size or reply_header_max_size settings are unchanged from the default. In Squid version 6.5 and later, the default setting of these parameters is safe. Squid will emit a critical warning in cache.log if the administrator is setting these parameters to unsafe values. Squid will not at this time prevent these settings from being changed to unsafe values. Users are advised to upgrade to version 6.5. There are no known workarounds for this vulnerability. This issue is also tracked as SQUID-2024:2 | |||||
| CVE-2016-10003 | 1 Squid-cache | 1 Squid | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients. | |||||
| CVE-2016-10002 | 2 Debian, Squid-cache | 2 Debian Linux, Squid | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information. | |||||
| CVE-2022-41318 | 1 Squid-cache | 1 Squid | 2025-04-14 | N/A | 8.6 HIGH |
| A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a client. This is fixed in 5.7. | |||||
| CVE-2022-41317 | 1 Squid-cache | 1 Squid | 2025-04-14 | N/A | 6.5 MEDIUM |
| An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7. | |||||
| CVE-2014-3609 | 1 Squid-cache | 1 Squid | 2025-04-12 | 5.0 MEDIUM | N/A |
| HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted "Range headers with unidentifiable byte-range values." | |||||
| CVE-2016-4054 | 3 Canonical, Oracle, Squid-cache | 3 Ubuntu Linux, Linux, Squid | 2025-04-12 | 6.8 MEDIUM | 8.1 HIGH |
| Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses. | |||||
| CVE-2015-0881 | 1 Squid-cache | 1 Squid | 2025-04-12 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response. | |||||
| CVE-2016-4051 | 3 Canonical, Oracle, Squid-cache | 3 Ubuntu Linux, Linux, Squid | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data. | |||||
| CVE-2016-3947 | 2 Canonical, Squid-cache | 2 Ubuntu Linux, Squid | 2025-04-12 | 7.5 HIGH | 8.2 HIGH |
| Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 packet. | |||||
| CVE-2016-2569 | 1 Squid-cache | 1 Squid | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header. | |||||