Squid Security Vulnerabilities and Issues — Squid CVE List

Lucene search

Squid-cacheSquid

4 matches found

CVE•added 2010/02/15 6:30 p.m.•72 views

CVE-2010-0639

The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port.

5CVSS6.3AI score0.49372EPSS

CVE•added 2010/02/03 6:30 p.m.•67 views

CVE-2010-0308

lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header.

4CVSS6.1AI score0.16448EPSS

CVE•added 2010/10/12 9:0 p.m.•52 views

CVE-2010-2951

dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not enabled, accesses an invalid socket during an IPv4 TCP DNS query, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors that trigger an IPv4 DNS response with the TC bit set.

5CVSS6.5AI score0.45622EPSS

CVE•added 2010/09/20 9:0 p.m.•49 views

CVE-2010-3072

The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.

5CVSS6.2AI score0.72344EPSS