Lucene search
K
Squid-cacheSquid

109 matches found

cve
cve
added 2018/11/09 11:0 a.m.225 views

CVE-2018-19131

CVE-2018-19131 affects Squid prior to 4.4, enabling cross-site scripting via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors. Connected advisories confirm the issue and provide fixes: Amazon Linux 2 ALAS2-2023-2310 lists updated squid packages (e.g., squid-...

6.1CVSS5.9AI score0.03333EPSS
cve
cve
added 2023/12/04 10:53 p.m.216 views

CVE-2023-49286

CVE-2023-49286 affects Squid; root cause is an Incorrect Check of Function Return Value in Helper Process management, enabling Denial of Service against the helper processes. Multiple trusted advisories confirm the fix in Squid version 6.5 and urge upgrading. Debian/ALM/AXA advisories show update...

8.6CVSS7.8AI score0.10352EPSS
cve
cve
added 2023/12/14 5:9 p.m.216 views

CVE-2023-50269

CVE-2023-50269 affects Squid, a web proxy/cache. The vulnerability is an Uncontrolled Recursion leading to a Denial of Service when a remote client sends a large X-Forwarded-For header with follow_x_forwarded_for enabled. Impact is DoS on HTTP request parsing; no confidentiality/integrity impact ...

8.6CVSS7.8AI score0.57627EPSS
cve
cve
added 2016/04/25 2:0 p.m.215 views

CVE-2016-4054

CVE-2016-4054: A remote code execution vulnerability in Squid related to processing Edge Side Includes (ESI) responses. The issue appears in Squid 3.x (pre-3.5.17) and 4.x (pre-4.0.9) per the initial entry; connected advisories confirm ESI-related buffer/validation flaws and exposures when Squid ...

8.1CVSS8.7AI score0.77559EPSS
cve
cve
added 2017/01/27 5:0 p.m.214 views

CVE-2016-10003

CVE-2016-10003 affects Squid HTTP Proxy 3.5.0.1–3.5.22 and 4.0.1–4.0.16, where the Collapsed Forwarding feature can incorrectly deliver private responses to multiple clients due to incorrect HTTP header comparison. Connected documents confirm affected versions and describe the vulnerability class...

7.5CVSS7.4AI score0.04772EPSS
cve
cve
added 2023/11/03 7:58 a.m.208 views

CVE-2023-46848

CVE-2023-46848 affects Squid, where a remote attacker can cause a Denial of Service by sending ftp:// URLs in HTTP requests or deriving ftp:// URLs from FTP input. The vulnerability stems from HTTP request parsing of FTP-related URLs, with impact described as Availability (A) impact; CVSS scores ...

8.6CVSS8.2AI score0.10221EPSS
cve
cve
added 2023/12/04 10:49 p.m.205 views

CVE-2023-49288

CVE-2023-49288 affects Squid: any 3.5–5.9 with collapsed_forwarding on is vulnerable to a Use-After-Free leading to DoS via collapsed forwarding. The fixed version is Squid 6.0.1; if upgrading isn’t possible, remove all collapsed_forwarding lines from squid.conf. Other connected sources confirm m...

8.6CVSS7.8AI score0.04777EPSS
cve
cve
added 2024/02/14 8:55 p.m.204 views

CVE-2024-25617

CVE-2024-25617 affects Squid, an open source web proxy/cache. The issue is a DoS in HTTP header parsing caused by a Collapse of Data into Unsafe Value, triggered by oversized headers. The vulnerability is exploitable via normal HTTP headers and is applicable to Squid versions prior to 6.5, where ...

7.5CVSS6.5AI score0.88864EPSS
cve
cve
added 2023/12/04 10:56 p.m.197 views

CVE-2023-49285

Summary: CVE-2023-49285 affects Squid, a web caching proxy. A buffer overread in HTTP Message processing can lead to Denial of Service. Public details describe this as fixed in Squid version 6.5 ; upgrade is advised. The primary sources note no user interaction and network-based attack potential,...

8.6CVSS7.8AI score0.88818EPSS
cve
cve
added 2013/09/16 7:0 p.m.194 views

CVE-2013-4123

CVE-2013-4123 affects Squid: client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote denial of service via a crafted port number in a HTTP Host header. Connected advisories reference patches and updates across multiple distros (openSUSE, Fedora, Solaris patch upda...

5CVSS6.3AI score0.80451EPSS
cve
cve
added 2023/11/01 7:9 p.m.193 views

CVE-2023-46724

CVE-2023-46724 : Squid exposes a Denial of Service via improper validation of certificate indices during TLS handshakes when built with OpenSSL. A remote server can disrupt HTTPS/SSL-Bump traffic by presenting a crafted server certificate in the chain. Affected: Squid versions 3.3.0.1–5.9 and 6.0...

8.6CVSS8AI score0.04012EPSS
cve
cve
added 2011/09/06 3:0 p.m.182 views

CVE-2011-3205

CVE-2011-3205 affects Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11. Description: a buffer overflow in gopherToHTML (gopher.cc) enables a remote Gopher server to trigger memory corruption and daemon restart (DoS) via a long line in a response; it is a regression tied t...

6.8CVSS9.1AI score0.27454EPSS
cve
cve
added 2013/08/09 10:0 p.m.177 views

CVE-2013-4115

CVE-2013-4115 : Buffer overflow in the idnsALookup function of Squid’s DNS lookup (dns_internal.cc) affects Squid 3.2–3.2.11 and 3.3–3.3.6, enabling a remote attacker to trigger memory corruption and cause a denial of service via a long DNS name. Connected advisories confirm affected products and...

7.5CVSS8.4AI score0.43261EPSS
cve
cve
added 2024/01/23 11:23 p.m.177 views

CVE-2024-23638

CVE-2024-23638 affects Squid web proxy: an expired pointer reference bug causes DoS during Cache Manager error-page handling. Vulnerable: all Squid-5.x up to 5.9 and all Squid-6.x up to 6.5; fixed in 6.6. Workarounds include denying Cache Manager access with http_access deny manager. Affected pla...

6.5CVSS6.7AI score0.6005EPSS
cve
cve
added 2016/05/10 7:0 p.m.169 views

CVE-2016-4554

CVE-2016-4554 affects Squid and is a header smuggling flaw in mime_get_header_field() that can bypass same-origin protections and enable cache poisoning when Squid acts as a reverse/interception proxy. Connected advisories describe concurrent issues (CVE-2016-4051/4052/4053/4054) in ESI processin...

8.6CVSS8.2AI score0.38893EPSS
cve
cve
added 2016/04/25 2:0 p.m.166 views

CVE-2016-4051

Squid’s vulnerability CVE-2016-4051 is a buffer overflow in cachemgr.cgi that could allow remote attackers to cause a DoS or execute arbitrary code. Affected products include Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9, via remotely supplied data sent to the CGI interface. Public advisorie...

8.8CVSS8.8AI score0.16893EPSS
cve
cve
added 2018/05/16 9:0 p.m.165 views

CVE-2018-1172

CVE-2018-1172 affects The Squid Software Foundation’s Squid proxy (notably versions around 3.5.27-20180318). The flaw is in ClientRequestContext::sslBumpAccessCheck; a crafted request can dereference a null pointer, enabling remote attackers to cause a denial-of-service with no authentication req...

5.9CVSS5.7AI score0.08942EPSS
cve
cve
added 2024/06/25 7:39 p.m.164 views

CVE-2024-37894

CVE-2024-37894 affects Squid, a web proxy cache. The vulnerability is an out-of-bounds write when assigning ESI variables, causing memory corruption and potentially Denial of Service. Connected advisories confirm the issue across multiple distributions and provide fixes: Debian DSA-5751-1 and DLA...

6.3CVSS6.5AI score0.06255EPSS
cve
cve
added 2020/06/30 6:23 p.m.162 views

CVE-2020-14059

Squid 5.x prior to 5.0.3 is affected by CVE-2020-14059 due to an incorrect synchronization in the SMP cache, causing a Denial of Service via Ipc::Mem::PageStack::pop ABA during memory page/slot management. Affected component is the memory/page management list, with exploitation leading to a crash...

6.5CVSS6.4AI score0.04408EPSS
cve
cve
added 2011/11/17 7:0 p.m.160 views

CVE-2011-4096

CVE-2011-4096 affects Squid proxies (notably Squid 3.1.x up to before 3.1.16). The root cause is a mis-free of memory in idnsGrokReply, enabling a remote attacker to trigger a denial of service (daemon abort) via a DNS reply containing a CNAME that references another CNAME containing an empty A r...

5CVSS8.1AI score0.37186EPSS
cve
cve
added 2015/09/28 8:0 p.m.159 views

CVE-2015-5400

CVE-2015-5400 affects Squid proxy: Squid versions prior to 3.5.6 fail to properly handle CONNECT method peer responses when configured with cache_peer, allowing remote attackers to bypass access restrictions and access a backend proxy via a CONNECT request. The issue’s root cause is improper hand...

6.8CVSS6.9AI score0.16525EPSS
cve
cve
added 2016/05/10 7:0 p.m.159 views

CVE-2016-4556

Squid 3.x before 3.5.18 and 4.x before 4.0.10 is vulnerable to a double-free in Esi.cc (related to processing Edge Side Includes) which can allow remote servers to trigger a Denial of Service (crash). The issue is confirmed across multiple advisories (e.g., Debian DSA-3625-1, CentOS/RH advisories...

7.5CVSS7.5AI score0.23112EPSS
cve
cve
added 2024/10/28 2:36 p.m.159 views

CVE-2024-45802

CVE-2024-45802 affects Squid; Debian security update DLA-4083-1 notes the fix disables ESI to mitigate a Denial of Service due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs. Other advisories (CloudLinux, ...

7.5CVSS7.2AI score0.45289EPSS
cve
cve
added 2009/07/28 5:0 p.m.153 views

CVE-2009-2621

CVE-2009-2621 affects Squid: versions 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 are vulnerable to DoS due to improper enforcement of buffer limits and related bound checks, enabling remote denial of service via incomplete requests or requests with large headers (affecting HttpMsg.cc and c...

5CVSS6.4AI score0.23049EPSS
cve
cve
added 2016/04/25 2:0 p.m.153 views

CVE-2016-4052

CVE-2016-4052 is a Squid vulnerability where buffer overflows occur while processing ESI responses, enabling a remote attacker to cause a DoS or potentially execute arbitrary code. Affected releases include Squid 3.x before 3.5.17 and 4.x before 4.0.9. Connected advisories confirm multiple mitiga...

8.1CVSS8.5AI score0.12867EPSS
cve
cve
added 2016/04/25 2:0 p.m.148 views

CVE-2016-4053

CVE-2016-4053 in Squid allowed public information disclosure of the server stack layout when processing ESI responses. The issue is documented across multiple advisories (Debian, Red Hat/CentOS, Fedora, Amazon ALAS) with fixes in various branches: Debians fixed squid3 3.1.20-2.2+deb7u5; Jessie/St...

4.3CVSS5.8AI score0.14359EPSS
cve
cve
added 2013/09/30 8:0 p.m.145 views

CVE-2013-1839

The CVE-2013-1839 issue affects Squid 3.2.x (pre-3.2.9) and 3.3.x (pre-3.3.3), where strHdrAcptLangGetItem in errorpage.cc can be triggered by a comma in Accept-Language, causing an infinite loop and high CPU usage (DoS). Impact is denial of service. Remediation: upgrade to fixed versions (3.2.9 ...

7.8CVSS6.3AI score0.18307EPSS
cve
cve
added 2021/10/18 8:56 a.m.129 views

CVE-2021-41611

CVE-2021-41611 affects Squid 5.0.6 through 5.1.x before 5.2. During origin/peer certificate validation, Squid may misclassify certain certificates as trusted, potentially allowing a remote server to extend trust to clients and enable access to unsafe or hijacked services. The vulnerability’s CVSS...

7.5CVSS7.2AI score0.02854EPSS
cve
cve
added 2012/12/20 11:0 a.m.128 views

CVE-2012-5643

The CVE-2012-5643 entry describes memory leaks in cachemgr.cgi of Squid 2.x/3.x (pre-3.1.22, pre-3.2.4, pre-3.3.0.2) enabling remote DoS via invalid Content-Length headers, long POSTs, or crafted credentials. Connected advisories confirm this causes memory consumption and potential DoS, with mult...

5CVSS8.3AI score0.23005EPSS
cve
cve
added 2016/05/10 7:0 p.m.128 views

CVE-2016-4555

CVE-2016-4555 affects Squid 3.x (before 3.5.18) and 4.x (before 4.0.10); DoS/crash via crafted Edge Side Includes (ESI) responses due to incorrect pointer handling and ref-counting. Connected advisories indicate fixes in Squid 3.4.8-6+deb8u3 and 3.5.19-1 (Debian), CentOS/RHSA advisories, and Fedo...

7.5CVSS7.5AI score0.5392EPSS
cve
cve
added 2014/09/12 2:0 p.m.126 views

CVE-2014-6270

CVE-2014-6270: In Squid 2.x and 3.x, an off-by-one error in the SNMP subsystem (snmpHandleUdp in snmp_core.cc) when an SNMP port is configured can be triggered by a crafted UDP SNMP request, leading to a heap-based buffer overflow and potentially remote denial of service or arbitrary code executi...

6.8CVSS8.4AI score0.23317EPSS
cve
cve
added 2016/02/27 2:0 a.m.116 views

CVE-2016-2569

CVE-2016-2569 affects Squid (3.x before 3.5.15 and 4.x before 4.0.7). The issue is an incorrect boundary check when appending data to a String object for HTTP headers (notably the Vary header) in responses, which can cause an assertion failure and crash the daemon via a crafted header. Multiple c...

7.5CVSS7.1AI score0.31187EPSS
cve
cve
added 2016/02/27 2:0 a.m.111 views

CVE-2016-2571

CVE-2016-2571 is a vulnerability in Squid where http.cc proceeds with storing data after a response-parsing failure, enabling remote HTTP servers to cause a denial of service via a malformed response. Affected: Squid 3.x before 3.5.15 and 4.x before 4.0.7. Mitigation: upgrade to 3.5.15+/4.0.7+ or...

7.5CVSS7.2AI score0.09288EPSS
cve
cve
added 2014/09/11 6:0 p.m.106 views

CVE-2014-3609

CVE-2014-3609 affects Squid 3.x prior to 3.3.12 and 3.4.x prior to 3.4.6, where crafted Range headers with unidentifiable byte-range values can cause a denial of service (crash/memory issues). Affected products include Squid releases listed in the initial vuln description; remediation/updates are...

5CVSS6.2AI score0.5622EPSS
cve
cve
added 2016/04/07 6:0 p.m.105 views

CVE-2016-3948

CVE-2016-3948 affects Squid 3.x before 3.5.16 and 4.x before 4.0.8, where insufficient bounds checking on HTTP Vary headers allows remote attackers to cause a denial of service via a crafted HTTP response. Related advisories show fixes in newer Squid releases (e.g., 3.5.20 and 4.x series updates)...

7.5CVSS7.2AI score0.35265EPSS
cve
cve
added 2016/05/10 7:0 p.m.104 views

CVE-2016-4553

CVE-2016-4553 affects Squid, where the HTTP request handling fails to ignore the Host header for absolute URIs in the request line. This allows remote attackers to perform cache-poisoning. Affected versions are Squid < 3.5.18 and 4.x

8.6CVSS8.2AI score0.79969EPSS
cve
cve
added 2016/04/07 6:0 p.m.101 views

CVE-2016-3947

CVE-2016-3947 is a heap-based buffer overflow in Squid's pinger ICMPv6 processing (Icmp6::Recv) that affects Squid 3.5.x before 3.5.16 and 4.x before 4.0.8. Exploitation can cause denial of service (performance degradation or transition failures) or write sensitive data to logs via ICMPv6 packets...

8.2CVSS8.1AI score0.1462EPSS
cve
cve
added 2016/02/27 2:0 a.m.98 views

CVE-2016-2570

CVE-2016-2570 affects Squid 3.x before 3.5.15 and 4.x before 4.0.7. The Edge Side Includes (ESI) parser does not check buffer limits during XML parsing, allowing remote HTTP servers to trigger a denial of service (assertion failure and daemon exit) with a crafted XML document (esi/CustomParser.cc...

7.5CVSS7.2AI score0.08953EPSS
cve
cve
added 2009/08/18 8:41 p.m.97 views

CVE-2009-2855

CVE-2009-2855 affects Squid (notably Squid 2.7) via the strListGetItem function in src/HttpHeaderTools.c, where a crafted auth header containing certain comma delimiters can trigger an infinite loop in strcspn and cause a denial of service. Connected advisories (e.g., MiracleLinux AXSA:2010-169, ...

5CVSS6.2AI score0.36732EPSS
cve
cve
added 2014/04/14 3:0 p.m.97 views

CVE-2014-0128

CVE-2014-0128 affects Squid up to versions 3.3.12 (and 3.4.4) when SSL-Bump is enabled. An attacker can cause a denial of service (assertion failure) via a crafted range request, due to state-management issues. Safe remediation per connected advisories is to upgrade Squid to a fixed release (e.g....

5CVSS8AI score0.32862EPSS
cve
cve
added 2013/02/08 8:0 p.m.96 views

CVE-2013-0189

Squid vulnerability CVE-2013-0189 affects cachemgr.cgi in Squid 3.1.x and 3.2.x (potentially 3.1.22, 3.2.4, and other versions). The issue stems from an incomplete fix for CVE-2012-5643, possibly due to an incorrect order of arguments or incorrect comparison, allowing remote attackers to cause a ...

5CVSS6.4AI score0.23026EPSS
cve
cve
added 2015/05/18 3:0 p.m.94 views

CVE-2015-3455

Squid 3.x is affected when configured with client-first SSL-bump: it does not properly validate the domain/hostname in X.509 certificates, allowing man-in-the-middle attackers to spoof SSL servers with a valid certificate. Affected versions are Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4....

2.6CVSS7.2AI score0.11402EPSS
cve
cve
added 2014/11/26 3:0 p.m.92 views

CVE-2014-7142

The CVE-2014-7142 issue is within Squid 3.x pinger ICMP/ICMPv6 processing. A remote attacker can craft ICMP/ICMPv6 packets to cause information disclosure or a denial of service (crash). Public references show this as part of multiple ICMP-related problems in Squid’s pinger handling. Affected pro...

6.4CVSS8.1AI score0.24932EPSS
cve
cve
added 2015/02/20 11:0 a.m.91 views

CVE-2015-0881

The CVE-2015-0881 entry concerns Squid (proxy/cache server) with a vulnerability in its HTTP response handling. The issue is a CRLF injection in Squid before 3.1.1 that lets a remote attacker craft headers in a response and perform HTTP response splitting. Affected version range is Squid 0.x/1.x/...

4.3CVSS7AI score0.04507EPSS
cve
cve
added 2010/02/15 6:0 p.m.90 views

CVE-2010-0639

CVE-2010-0639 affects Squid where the function htcpHandleTstRequest in htcp.c (and htcp.cc for 3.0) can be triggered by crafting HTCP packets to the HTCP port, causing a NULL pointer dereference and a daemon crash (DoS). It affects Squid 2.x prior to 2.6.STABLE24 and 2.7 prior to 2.7.STABLE8, and...

5CVSS6.3AI score0.30558EPSS
cve
cve
added 2014/11/26 3:0 p.m.90 views

CVE-2014-7141

CVE-2014-7141 is a vulnerability in the Squid 3.x pinger ICMP processing that can allow a remote attacker to obtain sensitive information or cause a denial of service via a crafted ICMP/ICMPv6 packet, resulting in an out-of-bounds read and crash. The OpenVAS entries and multiple vendor advisories...

6.4CVSS8.1AI score0.76064EPSS
cve
cve
added 2016/04/19 9:0 p.m.90 views

CVE-2016-2390

CVE-2016-2390 affects Squid up to 3.5.14 and 4.0.x up to 4.0.6 where FwdState::connectedToPeer mishandles SSL handshake errors when built with --with-openssl, enabling remote DoS via a plaintext HTTP message. Remediation is to upgrade to Squid 3.5.14+ and 4.0.6+ (or apply vendor-specific security...

5.9CVSS5.6AI score0.2555EPSS
cve
cve
added 2010/02/03 6:0 p.m.85 views

CVE-2010-0308

CVE-2010-0308 affects Squid legacy releases: lib/rfc1035.c in Squid 2.x, 3.0–3.0.STABLE22, and 3.1–3.1.0.15 is vulnerable to a remote denial-of-service via a crafted DNS packet containing only a header. The vulnerability is triggered by processing such DNS headers, causing an assertion failure in...

4CVSS6.1AI score0.22858EPSS
cve
cve
added 2016/02/27 2:0 a.m.81 views

CVE-2016-2572

CVE-2016-2572 affects Squid with http.cc in 4.x before 4.0.7. Root cause: after a response-parsing failure, Squid relies on the HTTP status code, enabling remote HTTP servers to trigger a denial of service (assertion failure and daemon exit) via a malformed response. Public advisories (e.g., Mira...

7.5CVSS7.3AI score0.10154EPSS
cve
cve
added 2009/07/28 5:0 p.m.80 views

CVE-2009-2622

CVE-2009-2622 affects Squid 3.0–3.0.STABLE16 and 3.1–3.1.0.11, enabling remote DoS via malformed HTTP requests (issues in HttpMsg.cc and HttpReply.cc). The vulnerability is confirmed by multiple advisories (GLSA 201110-24, openSUSE/openVAS entries) and is listed among other related CVEs (e.g., CV...

5CVSS6.4AI score0.56908EPSS
Total number of security vulnerabilities109