Squid@5.0 Security Vulnerabilities and Issues — Squid@5.0 CVE List

Lucene search

Squid-cacheSquid5.0

8 matches found

CVE•added 2021/05/27 12:15 p.m.•473 views

CVE-2021-28651

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can easily trigger a l...

7.5CVSS7.3AI score0.0338EPSS

CVE•added 2021/05/27 12:15 p.m.•341 views

CVE-2021-28652

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unspecified short query...

4.9CVSS5.9AI score0.003EPSS

CVE•added 2021/06/08 8:15 p.m.•325 views

CVE-2021-31807

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious inte...

6.5CVSS6.8AI score0.37332EPSS

CVE•added 2021/05/27 1:15 p.m.•306 views

CVE-2021-31806

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing.

6.5CVSS6.7AI score0.73684EPSS

CVE•added 2021/05/27 12:15 p.m.•295 views

CVE-2021-28662

An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain response header over HTTP or HTTPS, there is a denial of service. This header can plausibly occur in benign network traffic.

6.5CVSS6.7AI score0.08921EPSS

CVE•added 2021/03/09 10:15 p.m.•291 views

CVE-2021-28116

Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody.

5.3CVSS5.8AI score0.04628EPSS

CVE•added 2021/05/28 12:15 p.m.•258 views

CVE-2021-33620

Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server.

6.5CVSS6.5AI score0.0315EPSS

CVE•added 2021/05/27 2:15 p.m.•248 views

CVE-2021-31808

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy). A client sends an HTTP Range request to trigger this.

6.5CVSS6.6AI score0.00267EPSS