109 matches found
CVE-2018-19131
CVE-2018-19131 affects Squid prior to 4.4, enabling cross-site scripting via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors. Connected advisories confirm the issue and provide fixes: Amazon Linux 2 ALAS2-2023-2310 lists updated squid packages (e.g., squid-...
CVE-2023-49286
CVE-2023-49286 affects Squid; root cause is an Incorrect Check of Function Return Value in Helper Process management, enabling Denial of Service against the helper processes. Multiple trusted advisories confirm the fix in Squid version 6.5 and urge upgrading. Debian/ALM/AXA advisories show update...
CVE-2023-50269
CVE-2023-50269 affects Squid, a web proxy/cache. The vulnerability is an Uncontrolled Recursion leading to a Denial of Service when a remote client sends a large X-Forwarded-For header with follow_x_forwarded_for enabled. Impact is DoS on HTTP request parsing; no confidentiality/integrity impact ...
CVE-2016-4054
CVE-2016-4054: A remote code execution vulnerability in Squid related to processing Edge Side Includes (ESI) responses. The issue appears in Squid 3.x (pre-3.5.17) and 4.x (pre-4.0.9) per the initial entry; connected advisories confirm ESI-related buffer/validation flaws and exposures when Squid ...
CVE-2016-10003
CVE-2016-10003 affects Squid HTTP Proxy 3.5.0.1–3.5.22 and 4.0.1–4.0.16, where the Collapsed Forwarding feature can incorrectly deliver private responses to multiple clients due to incorrect HTTP header comparison. Connected documents confirm affected versions and describe the vulnerability class...
CVE-2023-46848
CVE-2023-46848 affects Squid, where a remote attacker can cause a Denial of Service by sending ftp:// URLs in HTTP requests or deriving ftp:// URLs from FTP input. The vulnerability stems from HTTP request parsing of FTP-related URLs, with impact described as Availability (A) impact; CVSS scores ...
CVE-2023-49288
CVE-2023-49288 affects Squid: any 3.5–5.9 with collapsed_forwarding on is vulnerable to a Use-After-Free leading to DoS via collapsed forwarding. The fixed version is Squid 6.0.1; if upgrading isn’t possible, remove all collapsed_forwarding lines from squid.conf. Other connected sources confirm m...
CVE-2024-25617
CVE-2024-25617 affects Squid, an open source web proxy/cache. The issue is a DoS in HTTP header parsing caused by a Collapse of Data into Unsafe Value, triggered by oversized headers. The vulnerability is exploitable via normal HTTP headers and is applicable to Squid versions prior to 6.5, where ...
CVE-2023-49285
Summary: CVE-2023-49285 affects Squid, a web caching proxy. A buffer overread in HTTP Message processing can lead to Denial of Service. Public details describe this as fixed in Squid version 6.5 ; upgrade is advised. The primary sources note no user interaction and network-based attack potential,...
CVE-2013-4123
CVE-2013-4123 affects Squid: client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote denial of service via a crafted port number in a HTTP Host header. Connected advisories reference patches and updates across multiple distros (openSUSE, Fedora, Solaris patch upda...
CVE-2023-46724
CVE-2023-46724 : Squid exposes a Denial of Service via improper validation of certificate indices during TLS handshakes when built with OpenSSL. A remote server can disrupt HTTPS/SSL-Bump traffic by presenting a crafted server certificate in the chain. Affected: Squid versions 3.3.0.1–5.9 and 6.0...
CVE-2011-3205
CVE-2011-3205 affects Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11. Description: a buffer overflow in gopherToHTML (gopher.cc) enables a remote Gopher server to trigger memory corruption and daemon restart (DoS) via a long line in a response; it is a regression tied t...
CVE-2013-4115
CVE-2013-4115 : Buffer overflow in the idnsALookup function of Squid’s DNS lookup (dns_internal.cc) affects Squid 3.2–3.2.11 and 3.3–3.3.6, enabling a remote attacker to trigger memory corruption and cause a denial of service via a long DNS name. Connected advisories confirm affected products and...
CVE-2024-23638
CVE-2024-23638 affects Squid web proxy: an expired pointer reference bug causes DoS during Cache Manager error-page handling. Vulnerable: all Squid-5.x up to 5.9 and all Squid-6.x up to 6.5; fixed in 6.6. Workarounds include denying Cache Manager access with http_access deny manager. Affected pla...
CVE-2016-4554
CVE-2016-4554 affects Squid and is a header smuggling flaw in mime_get_header_field() that can bypass same-origin protections and enable cache poisoning when Squid acts as a reverse/interception proxy. Connected advisories describe concurrent issues (CVE-2016-4051/4052/4053/4054) in ESI processin...
CVE-2016-4051
Squid’s vulnerability CVE-2016-4051 is a buffer overflow in cachemgr.cgi that could allow remote attackers to cause a DoS or execute arbitrary code. Affected products include Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9, via remotely supplied data sent to the CGI interface. Public advisorie...
CVE-2018-1172
CVE-2018-1172 affects The Squid Software Foundation’s Squid proxy (notably versions around 3.5.27-20180318). The flaw is in ClientRequestContext::sslBumpAccessCheck; a crafted request can dereference a null pointer, enabling remote attackers to cause a denial-of-service with no authentication req...
CVE-2024-37894
CVE-2024-37894 affects Squid, a web proxy cache. The vulnerability is an out-of-bounds write when assigning ESI variables, causing memory corruption and potentially Denial of Service. Connected advisories confirm the issue across multiple distributions and provide fixes: Debian DSA-5751-1 and DLA...
CVE-2020-14059
Squid 5.x prior to 5.0.3 is affected by CVE-2020-14059 due to an incorrect synchronization in the SMP cache, causing a Denial of Service via Ipc::Mem::PageStack::pop ABA during memory page/slot management. Affected component is the memory/page management list, with exploitation leading to a crash...
CVE-2011-4096
CVE-2011-4096 affects Squid proxies (notably Squid 3.1.x up to before 3.1.16). The root cause is a mis-free of memory in idnsGrokReply, enabling a remote attacker to trigger a denial of service (daemon abort) via a DNS reply containing a CNAME that references another CNAME containing an empty A r...
CVE-2015-5400
CVE-2015-5400 affects Squid proxy: Squid versions prior to 3.5.6 fail to properly handle CONNECT method peer responses when configured with cache_peer, allowing remote attackers to bypass access restrictions and access a backend proxy via a CONNECT request. The issue’s root cause is improper hand...
CVE-2016-4556
Squid 3.x before 3.5.18 and 4.x before 4.0.10 is vulnerable to a double-free in Esi.cc (related to processing Edge Side Includes) which can allow remote servers to trigger a Denial of Service (crash). The issue is confirmed across multiple advisories (e.g., Debian DSA-3625-1, CentOS/RH advisories...
CVE-2024-45802
CVE-2024-45802 affects Squid; Debian security update DLA-4083-1 notes the fix disables ESI to mitigate a Denial of Service due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs. Other advisories (CloudLinux, ...
CVE-2009-2621
CVE-2009-2621 affects Squid: versions 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 are vulnerable to DoS due to improper enforcement of buffer limits and related bound checks, enabling remote denial of service via incomplete requests or requests with large headers (affecting HttpMsg.cc and c...
CVE-2016-4052
CVE-2016-4052 is a Squid vulnerability where buffer overflows occur while processing ESI responses, enabling a remote attacker to cause a DoS or potentially execute arbitrary code. Affected releases include Squid 3.x before 3.5.17 and 4.x before 4.0.9. Connected advisories confirm multiple mitiga...
CVE-2016-4053
CVE-2016-4053 in Squid allowed public information disclosure of the server stack layout when processing ESI responses. The issue is documented across multiple advisories (Debian, Red Hat/CentOS, Fedora, Amazon ALAS) with fixes in various branches: Debians fixed squid3 3.1.20-2.2+deb7u5; Jessie/St...
CVE-2013-1839
The CVE-2013-1839 issue affects Squid 3.2.x (pre-3.2.9) and 3.3.x (pre-3.3.3), where strHdrAcptLangGetItem in errorpage.cc can be triggered by a comma in Accept-Language, causing an infinite loop and high CPU usage (DoS). Impact is denial of service. Remediation: upgrade to fixed versions (3.2.9 ...
CVE-2021-41611
CVE-2021-41611 affects Squid 5.0.6 through 5.1.x before 5.2. During origin/peer certificate validation, Squid may misclassify certain certificates as trusted, potentially allowing a remote server to extend trust to clients and enable access to unsafe or hijacked services. The vulnerability’s CVSS...
CVE-2012-5643
The CVE-2012-5643 entry describes memory leaks in cachemgr.cgi of Squid 2.x/3.x (pre-3.1.22, pre-3.2.4, pre-3.3.0.2) enabling remote DoS via invalid Content-Length headers, long POSTs, or crafted credentials. Connected advisories confirm this causes memory consumption and potential DoS, with mult...
CVE-2016-4555
CVE-2016-4555 affects Squid 3.x (before 3.5.18) and 4.x (before 4.0.10); DoS/crash via crafted Edge Side Includes (ESI) responses due to incorrect pointer handling and ref-counting. Connected advisories indicate fixes in Squid 3.4.8-6+deb8u3 and 3.5.19-1 (Debian), CentOS/RHSA advisories, and Fedo...
CVE-2014-6270
CVE-2014-6270: In Squid 2.x and 3.x, an off-by-one error in the SNMP subsystem (snmpHandleUdp in snmp_core.cc) when an SNMP port is configured can be triggered by a crafted UDP SNMP request, leading to a heap-based buffer overflow and potentially remote denial of service or arbitrary code executi...
CVE-2016-2569
CVE-2016-2569 affects Squid (3.x before 3.5.15 and 4.x before 4.0.7). The issue is an incorrect boundary check when appending data to a String object for HTTP headers (notably the Vary header) in responses, which can cause an assertion failure and crash the daemon via a crafted header. Multiple c...
CVE-2016-2571
CVE-2016-2571 is a vulnerability in Squid where http.cc proceeds with storing data after a response-parsing failure, enabling remote HTTP servers to cause a denial of service via a malformed response. Affected: Squid 3.x before 3.5.15 and 4.x before 4.0.7. Mitigation: upgrade to 3.5.15+/4.0.7+ or...
CVE-2014-3609
CVE-2014-3609 affects Squid 3.x prior to 3.3.12 and 3.4.x prior to 3.4.6, where crafted Range headers with unidentifiable byte-range values can cause a denial of service (crash/memory issues). Affected products include Squid releases listed in the initial vuln description; remediation/updates are...
CVE-2016-3948
CVE-2016-3948 affects Squid 3.x before 3.5.16 and 4.x before 4.0.8, where insufficient bounds checking on HTTP Vary headers allows remote attackers to cause a denial of service via a crafted HTTP response. Related advisories show fixes in newer Squid releases (e.g., 3.5.20 and 4.x series updates)...
CVE-2016-4553
CVE-2016-4553 affects Squid, where the HTTP request handling fails to ignore the Host header for absolute URIs in the request line. This allows remote attackers to perform cache-poisoning. Affected versions are Squid < 3.5.18 and 4.x
CVE-2016-3947
CVE-2016-3947 is a heap-based buffer overflow in Squid's pinger ICMPv6 processing (Icmp6::Recv) that affects Squid 3.5.x before 3.5.16 and 4.x before 4.0.8. Exploitation can cause denial of service (performance degradation or transition failures) or write sensitive data to logs via ICMPv6 packets...
CVE-2016-2570
CVE-2016-2570 affects Squid 3.x before 3.5.15 and 4.x before 4.0.7. The Edge Side Includes (ESI) parser does not check buffer limits during XML parsing, allowing remote HTTP servers to trigger a denial of service (assertion failure and daemon exit) with a crafted XML document (esi/CustomParser.cc...
CVE-2009-2855
CVE-2009-2855 affects Squid (notably Squid 2.7) via the strListGetItem function in src/HttpHeaderTools.c, where a crafted auth header containing certain comma delimiters can trigger an infinite loop in strcspn and cause a denial of service. Connected advisories (e.g., MiracleLinux AXSA:2010-169, ...
CVE-2014-0128
CVE-2014-0128 affects Squid up to versions 3.3.12 (and 3.4.4) when SSL-Bump is enabled. An attacker can cause a denial of service (assertion failure) via a crafted range request, due to state-management issues. Safe remediation per connected advisories is to upgrade Squid to a fixed release (e.g....
CVE-2013-0189
Squid vulnerability CVE-2013-0189 affects cachemgr.cgi in Squid 3.1.x and 3.2.x (potentially 3.1.22, 3.2.4, and other versions). The issue stems from an incomplete fix for CVE-2012-5643, possibly due to an incorrect order of arguments or incorrect comparison, allowing remote attackers to cause a ...
CVE-2015-3455
Squid 3.x is affected when configured with client-first SSL-bump: it does not properly validate the domain/hostname in X.509 certificates, allowing man-in-the-middle attackers to spoof SSL servers with a valid certificate. Affected versions are Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4....
CVE-2014-7142
The CVE-2014-7142 issue is within Squid 3.x pinger ICMP/ICMPv6 processing. A remote attacker can craft ICMP/ICMPv6 packets to cause information disclosure or a denial of service (crash). Public references show this as part of multiple ICMP-related problems in Squid’s pinger handling. Affected pro...
CVE-2015-0881
The CVE-2015-0881 entry concerns Squid (proxy/cache server) with a vulnerability in its HTTP response handling. The issue is a CRLF injection in Squid before 3.1.1 that lets a remote attacker craft headers in a response and perform HTTP response splitting. Affected version range is Squid 0.x/1.x/...
CVE-2010-0639
CVE-2010-0639 affects Squid where the function htcpHandleTstRequest in htcp.c (and htcp.cc for 3.0) can be triggered by crafting HTCP packets to the HTCP port, causing a NULL pointer dereference and a daemon crash (DoS). It affects Squid 2.x prior to 2.6.STABLE24 and 2.7 prior to 2.7.STABLE8, and...
CVE-2014-7141
CVE-2014-7141 is a vulnerability in the Squid 3.x pinger ICMP processing that can allow a remote attacker to obtain sensitive information or cause a denial of service via a crafted ICMP/ICMPv6 packet, resulting in an out-of-bounds read and crash. The OpenVAS entries and multiple vendor advisories...
CVE-2016-2390
CVE-2016-2390 affects Squid up to 3.5.14 and 4.0.x up to 4.0.6 where FwdState::connectedToPeer mishandles SSL handshake errors when built with --with-openssl, enabling remote DoS via a plaintext HTTP message. Remediation is to upgrade to Squid 3.5.14+ and 4.0.6+ (or apply vendor-specific security...
CVE-2010-0308
CVE-2010-0308 affects Squid legacy releases: lib/rfc1035.c in Squid 2.x, 3.0–3.0.STABLE22, and 3.1–3.1.0.15 is vulnerable to a remote denial-of-service via a crafted DNS packet containing only a header. The vulnerability is triggered by processing such DNS headers, causing an assertion failure in...
CVE-2016-2572
CVE-2016-2572 affects Squid with http.cc in 4.x before 4.0.7. Root cause: after a response-parsing failure, Squid relies on the HTTP status code, enabling remote HTTP servers to trigger a denial of service (assertion failure and daemon exit) via a malformed response. Public advisories (e.g., Mira...
CVE-2009-2622
CVE-2009-2622 affects Squid 3.0–3.0.STABLE16 and 3.1–3.1.0.11, enabling remote DoS via malformed HTTP requests (issues in HttpMsg.cc and HttpReply.cc). The vulnerability is confirmed by multiple advisories (GLSA 201110-24, openSUSE/openVAS entries) and is listed among other related CVEs (e.g., CV...