Astra Linux - уязвимость в squid

In versions 4.14 and 5.x through 5.0.5, in some configurations, the Squid vulnerability allows information disclosure due to an out-of-bounds read in the WCCP protocol data. This vulnerability can be exploited as part of a chain for remote code execution, as there is no one to stop such attacks...

Linux Distros Unpatched Vulnerability : CVE-2021-28116

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can...

Medium: squid

Issue Overview: Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody. CVE-2021-28116 An issue was discovered in Squid...

SUSE CVE-2005-0095

The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service crash via malformed WCCP messages with source addresses that are spoofed to reference Squid's home router and invalid WCCPISEEYOU cache numbers...

squid: out-of-bounds read in WCCP protocol data may lead to information disclosure

A flaw was found in squid. An out-of-bounds read in the WCCP protocol can be leveraged as part of a chain for remote code execution leading to an information disclosure. The highest threat from this vulnerability is to data confidentiality...

OESA-2022-1618 squid security update

Squid is a high-performance proxy caching server. It handles all requests in a single, non-blocking, I/O-driven process and keeps meta data and implements negative caching of failed requests. Security Fixes: Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information...

USN-5104-1 squid, squid3 vulnerability

Lyu discovered that Squid incorrectly handled WCCP protocol data. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly obtain sensitive information...

DEBIAN-CVE-2021-28116

Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody...

DEBIAN-CVE-2015-6249

The dissectwccp2r1addresstableinfo function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.7 does not prevent the conflicting use of a table for both IPv4 and IPv6 addresses, which allows remote attackers to cause a denial of service application crash via a...

DEBIAN-CVE-2015-4651

The dissectwccp2r1addresstableinfo function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.6 does not properly determine whether enough memory is available for storing IP address strings, which allows remote attackers to cause a denial of service applicatio...

DEBIAN-CVE-2015-0560

The dissectwccp2r1addresstableinfo function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not initialize certain data structures, which allows remote attackers to cause a denial of service application crash via a crafted...

UBUNTU-CVE-2015-0560

The dissectwccp2r1addresstableinfo function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not initialize certain data structures, which allows remote attackers to cause a denial of service application crash via a crafted...

Wireshark WCCP Parser Remote Denial of Service Vulnerability (CNVD-2015-00207)

Wireshark is an open source network protocol analysis tool. A remote denial of service vulnerability exists in the Wireshark WCCP parser, which can be exploited by an attacker to crash an affected application and deny service to legitimate users...

security flaw

The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service crash via malformed WCCP messages with source addresses that are spoofed to reference Squid's home router and invalid WCCPISEEYOU cache numbers...