Squid Security Vulnerabilities and Issues — Squid CVE List

Lucene search

Squid-cacheSquid

3 matches found

CVE•added 2022/07/17 10:15 p.m.•390 views

CVE-2021-46784

In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses.

6.5CVSS6.6AI score0.08055EPSS

CVE•added 2022/12/25 7:15 p.m.•244 views

CVE-2022-41318

A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a cl...

8.6CVSS7.8AI score0.00153EPSS

CVE•added 2022/12/25 7:15 p.m.•229 views

CVE-2022-41317

An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7.

6.5CVSS6.8AI score0.01389EPSS