squid-cache: Squid Buffer Overflow

A heap-based buffer overflow flaw was found in the Squid caching proxy. When processing the Uniform Resource Name URNs, specific conditions can lead to remote code execution...

CVE-2023-50269

CVE-2023-50269 affects Squid, a web proxy/cache. The vulnerability is an Uncontrolled Recursion leading to a Denial of Service when a remote client sends a large X-Forwarded-For header with follow_x_forwarded_for enabled. Impact is DoS on HTTP request parsing; no confidentiality/integrity impact ...

SUSE SLES15 / openSUSE 15 Security Update : squid (SUSE-SU-2023:4698-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4698-1 advisory. - Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is...

SUSE SLES12 Security Update : squid (SUSE-SU-2023:4724-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4724-1 advisory. - Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a...

squid-cache: Squid Buffer Overflow

A heap-based buffer overflow flaw was found in the Squid caching proxy. When processing the Uniform Resource Name URNs, specific conditions can lead to remote code execution...

CVE-2023-49285

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds fo...

CVE-2023-49286

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There a...

Design/Logic Flaw

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with...

Design/Logic Flaw

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There a...

CVE-2023-49286

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There a...

CVE-2023-49285 Denial of Service in HTTP Message Processing in Squid

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds fo...

CVE-2023-49285

Summary: CVE-2023-49285 affects Squid, a web caching proxy. A buffer overread in HTTP Message processing can lead to Denial of Service. Public details describe this as fixed in Squid version 6.5 ; upgrade is advised. The primary sources note no user interaction and network-based attack potential,...

CVE-2023-49288

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with...

Important: squid

Issue Overview: Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using --with-openssl are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a...

CVE-2023-46728

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid. This issue may lead to a remote denial ...

Fedora 39 : python-flask (2023-ebc3be7db1)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-ebc3be7db1 advisory. Automatic update for python-flask-2.2.5-1.fc39. Changelog Tue May 9 2023 Frantisek Zatloukal - 2.2.5-1 - Update to 2.2.5 fixes RHBZ2196644 Tenable has...

CVE-2023-46728

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggeri...

CVE-2023-46728

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggeri...

Null pointer dereference

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggeri...

CVE-2023-46728

CVE-2023-46728 affects the Squid proxy where a NULL pointer dereference in Squid’s Gopher gateway can cause a Denial of Service. The issue arises because the obsolete Gopher protocol was always available/enabled in older Squid versions; upstream has removed Gopher support in version 6.0.1, and se...