10 matches found
CLSA-2026-1777446517 squid: Fix of 3 CVEs
CVE-2019-12521: fix ESI parser off-by-one heap overflow by enforcing a stack-depth limit and throwing on overflow - CVE-2019-12524 already addressed by the CVE-2019-12520 backport same fix upstream; see Squid advisory SQUID-2019:4...
EUVD-2016-3644
Malware in sbrugna...
Squid Denial of Service Vulnerability (CNVD-2016-01441)
Squid full name Squid Cache is a suite of proxy server and web caching server software. The software provides features such as caching the World Wide Web, filtering traffic, and proxying the Internet. A security vulnerability exists in the Edge Side Includes ESI parser in Squid versions 3.x prior...
Squid Multiple DoS Vulnerabilities (SQUID-2016:2) - Windows
Squid is prone to multiple denial of service DoS vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2016-2570
The Edge Side Includes ESI parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service assertion failure and daemon exit via a crafted XML document, related to esi/CustomParser.cc and...
Design/Logic Flaw
The Edge Side Includes ESI parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service assertion failure and daemon exit via a crafted XML document, related to esi/CustomParser.cc and...
CVE-2016-2570
CVE-2016-2570 affects Squid 3.x before 3.5.15 and 4.x before 4.0.7. The Edge Side Includes (ESI) parser does not check buffer limits during XML parsing, allowing remote HTTP servers to trigger a denial of service (assertion failure and daemon exit) with a crafted XML document (esi/CustomParser.cc...
CVE-2016-2570
The Edge Side Includes ESI parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service assertion failure and daemon exit via a crafted XML document, related to esi/CustomParser.cc and...
CVE-2016-2570
The Edge Side Includes ESI parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service assertion failure and daemon exit via a crafted XML document, related to esi/CustomParser.cc and...
CVE-2016-2570
The Edge Side Includes ESI parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service assertion failure and daemon exit via a crafted XML document, related to esi/CustomParser.cc and...