Amazon Linux AMI : squid, squid-migration-script (ALAS-2023-1677)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1677 advisory. In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses. CVE-2021-46784 A...

AlmaLinux 8 : squid:4 (5526) (ALSA-2022:5526)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:5526 advisory. squid: DoS when processing gopher server responses CVE-2021-46784 Tenable has extracted the preceding description block directly from the AlmaLinux security...

CVE-2019-18678

An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. The resulting Response messages corrupt caches between a client and Squid with attacker-controlle...

CVE-2019-18678

An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. The resulting Response messages corrupt caches between a client and Squid with attacker-controlle...

CVE-2019-18678

An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. The resulting Response messages corrupt caches between a client and Squid with attacker-controlle...

Squid Proxy Cache Security Update Advisory (SQUID-2018:2) - Linux

Squid is vulnerable to denial of service attack when processing ESI responses. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Design/Logic Flaw

clientsiderequest.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service crash via crafted Edge Side Includes ESI responses...

Double free

Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service crash via a crafted Edge Side Includes ESI response...

UBUNTU-CVE-2016-4556

Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service crash via a crafted Edge Side Includes ESI response...

CVE-2016-4051

Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data...

Buffer overflow

Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data...

CVE-2016-4051

Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data...

Design/Logic Flaw

The Edge Side Includes ESI parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service assertion failure and daemon exit via a crafted XML document, related to esi/CustomParser.cc and...

Design/Logic Flaw

http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service assertion failure and daemon exit via a malformed response...

Squid 3.x < 3.5.6 Multiple Vulnerabilities

Binary data 8951.prm...

Squid 3.x < 3.2.9 / 3.3.x < 3.3.3 DoS

Binary data 8635.prm...

CVE-2014-7141

The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service out-of-bounds read and crash via a crafted type in an 1 ICMP or 2 ICMP6 packet...

Design/Logic Flaw

The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service crash via a crafted 1 ICMP or 2 ICMP6 packet size...

Out-of-bounds

The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service out-of-bounds read and crash via a crafted type in an 1 ICMP or 2 ICMP6 packet...

CVE-2014-7142

The CVE-2014-7142 issue is within Squid 3.x pinger ICMP/ICMPv6 processing. A remote attacker can craft ICMP/ICMPv6 packets to cause information disclosure or a denial of service (crash). Public references show this as part of multiple ICMP-related problems in Squid’s pinger handling. Affected pro...