CVE-2025-32907

A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a fu...

CVE-2025-32907

CVE-2025-32907 concerns the libsoup HTTP range handling, enabling a resource consumption attack where a malicious client can request the same range multiple times in a single HTTP request, causing the server to allocate large memory. The primary affected component is libsoup, with multiple adviso...

CVE-2025-32907 Libsoup: denial of service in server when client requests a large amount of overlapping ranges with range header

A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a fu...

Amazon Linux 2 : squid (ALASSQUID4-2023-004)

The version of squid installed on the remote host is prior to 4.15-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2SQUID4-2023-004 advisory. Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an...

GHSA-VJ2M-9F5J-MPR5 Vapor vulnerable to denial of service in HTTP Range Request of FileMiddleware

Vapor is an HTTP web framework for Swift and middleware is a logic chain between the client and a Vapor route handler. FileMiddleware enables the serving of assets from the Public folder of a project to the client. Vapor before 4.60.3 is vulnerable to denial of service due to an integer overflow...

Vapor vulnerable to denial of service in HTTP Range Request of FileMiddleware

Vapor is an HTTP web framework for Swift and middleware is a logic chain between the client and a Vapor route handler. FileMiddleware enables the serving of assets from the Public folder of a project to the client. Vapor before 4.60.3 is vulnerable to denial of service due to an integer overflow...

Amazon Linux AMI : squid (ALAS-2023-1687)

The version of squid installed on the remote host is prior to 3.5.20-17.44. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1687 advisory. An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of...

Amazon Linux 2 : squid (ALAS-2023-1950)

The version of squid installed on the remote host is prior to 3.5.20-17. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1950 advisory. An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of...

Oracle Linux 8 : squid:4 (ELSA-2021-4292)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-4292 advisory. libecap squid 7:4.15-1 - new version 4.15 - Resolves: 1964384 - squid:4 rebase to 4.15 7:4.11-5 - Resolves: 1944261 - CVE-2020-25097 squid:4/squid:...

EulerOS 2.0 SP3 : squid (EulerOS-SA-2021-2618)

According to the versions of the squid packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving ...

EulerOS 2.0 SP5 : squid (EulerOS-SA-2021-2519)

According to the versions of the squid package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a...

Huawei EulerOS: Security Advisory for squid (EulerOS-SA-2021-2433)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP2 : squid (EulerOS-SA-2021-2433)

According to the versions of the squid packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default...

EulerOS 2.0 SP8 : squid (EulerOS-SA-2021-2317)

According to the versions of the squid package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack agains...

Debian DLA-2685-1 : squid3 security update

Several vulnerabilities were discovered in Squid, a proxy caching server. CVE-2021-28651 Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology tha...

CVE-2021-31807

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious...

Ubuntu 18.04 LTS / 20.04 LTS : Squid vulnerabilities (USN-4981-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4981-1 advisory. Joshua Rogers discovered that Squid incorrectly handled requests with the urn: scheme. A remote attacker could possibly use this issue to cau...

CVE-2021-31808

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of Service attack against all clients using the proxy. A client sends an HTTP Range request to trigger this...

Input validation

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of Service attack against all clients using the proxy. A client sends an HTTP Range request to trigger this...

CVE-2021-31806

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack against all clients using the proxy via HTTP Range request processing...