Squid Denial of Service Vulnerability (CNVD-2024-08086)

Squid is a suite of proxy server and web caching server software. The software provides features such as caching the World Wide Web, filtering traffic, and proxying the Internet. A denial of service vulnerability exists in Squid versions prior to 6.6, which stems from an outdated pointer referenc...

CVE-2016-2390

The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service application crash via a plaintext HTTP message...

CVE-2016-3948

Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers...

CVE-2016-2571

http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service assertion failure and daemon exit via a malformed response...

CVE-2014-6270

Off-by-one error in the snmpHandleUdp function in snmpcore.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow...

CVE-2005-0241

The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling "oversized" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size...