Squid@3.0 Security Vulnerabilities and Issues — Squid@3.0 CVE List

Lucene search

Squid-cacheSquid3.0

18 matches found

CVE•added 2016/04/25 2:59 p.m.•183 views

CVE-2016-4054

Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses.

8.1CVSS8.7AI score0.77003EPSS

CVE•added 2011/11/17 7:55 p.m.•141 views

CVE-2011-4096

The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record.

5CVSS8.1AI score0.6249EPSS

CVE•added 2009/07/28 5:30 p.m.•138 views

CVE-2009-2621

Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce "buffer limits and related bound checks," which allows remote attackers to cause a denial of service via (1) an incomplete request or (2) a request with a large header size, related to (a) HttpMsg.cc and (b) client_si...

5CVSS6.4AI score0.23562EPSS

CVE•added 2016/04/25 2:59 p.m.•138 views

CVE-2016-4051

Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data.

8.8CVSS8.8AI score0.05513EPSS

CVE•added 2016/04/25 2:59 p.m.•126 views

CVE-2016-4052

Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses.

8.1CVSS8.5AI score0.13625EPSS

CVE•added 2016/05/10 7:59 p.m.•111 views

CVE-2016-4556

Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response.

7.5CVSS7.5AI score0.56857EPSS

CVE•added 2016/04/25 2:59 p.m.•108 views

CVE-2016-4053

Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization.

4.3CVSS5.8AI score0.09506EPSS

CVE•added 2016/05/10 7:59 p.m.•105 views

CVE-2016-4555

client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses.

7.5CVSS7.5AI score0.68924EPSS

CVE•added 2012/12/20 12:2 p.m.•100 views

CVE-2012-5643

Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authent...

5CVSS8.3AI score0.39326EPSS

CVE•added 2014/09/12 2:55 p.m.•97 views

CVE-2014-6270

Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow.

6.8CVSS8.4AI score0.19915EPSS

CVE•added 2016/02/27 5:59 a.m.•90 views

CVE-2016-2571

http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.

7.5CVSS7.2AI score0.22992EPSS

CVE•added 2016/02/27 5:59 a.m.•86 views

CVE-2016-2569

Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.

7.5CVSS7.1AI score0.74153EPSS

CVE•added 2016/04/07 6:59 p.m.•85 views

CVE-2016-3948

Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers.

7.5CVSS7.2AI score0.59748EPSS

CVE•added 2010/02/15 6:30 p.m.•72 views

CVE-2010-0639

The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port.

5CVSS6.3AI score0.56162EPSS

CVE•added 2016/02/27 5:59 a.m.•71 views

CVE-2016-2570

The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/C...

7.5CVSS7.2AI score0.09233EPSS

CVE•added 2009/07/28 5:30 p.m.•67 views

CVE-2009-2622

Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) "missing or mismatched protocol identifier," (2) missing or negative status value," (3) "missing version," or (4) "missing or invalid status number," rel...

5CVSS6.4AI score0.26189EPSS

CVE•added 2010/02/03 6:30 p.m.•67 views

CVE-2010-0308

lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header.

4CVSS6.1AI score0.19076EPSS

CVE•added 2010/09/20 9:0 p.m.•49 views

CVE-2010-3072

The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.

5CVSS6.2AI score0.79499EPSS