Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Squid-cache Subscribe
Filtered by product Squid
Total 88 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-4123 2 Opensuse, Squid-cache 2 Opensuse, Squid 2018-10-30 5.0 MEDIUM N/A
client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header.
CVE-2005-0211 2 Debian, Squid-cache 2 Debian Linux, Squid 2018-10-12 7.5 HIGH N/A
Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recvfrom function call that uses an incorrect length parameter.
CVE-2016-2571 1 Squid-cache 1 Squid 2018-03-15 5.0 MEDIUM 7.5 HIGH
http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.
CVE-2016-2570 1 Squid-cache 1 Squid 2018-03-15 5.0 MEDIUM 7.5 HIGH
The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.
CVE-2016-2569 1 Squid-cache 1 Squid 2018-03-15 5.0 MEDIUM 7.5 HIGH
Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.
CVE-2016-3948 1 Squid-cache 1 Squid 2018-03-15 5.0 MEDIUM 7.5 HIGH
Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers.
CVE-2016-2572 1 Squid-cache 1 Squid 2018-01-04 5.0 MEDIUM 7.5 HIGH
http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.
CVE-2016-10002 2 Debian, Squid-cache 2 Debian Linux, Squid 2018-01-04 5.0 MEDIUM 7.5 HIGH
Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.
CVE-2015-5400 3 Debian, Fedoraproject, Squid-cache 3 Debian Linux, Fedora, Squid 2017-09-21 6.8 MEDIUM N/A
Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.
CVE-2010-0308 1 Squid-cache 1 Squid 2017-09-18 4.0 MEDIUM N/A
lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header.
CVE-2009-2855 1 Squid-cache 1 Squid 2017-09-18 5.0 MEDIUM N/A
The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function.
CVE-2014-6270 2 Oracle, Squid-cache 2 Solaris, Squid 2017-09-07 6.8 MEDIUM N/A
Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow.
CVE-2016-10003 1 Squid-cache 1 Squid 2017-02-27 5.0 MEDIUM 7.5 HIGH
Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients.
CVE-2014-3609 1 Squid-cache 1 Squid 2017-01-06 5.0 MEDIUM N/A
HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted "Range headers with unidentifiable byte-range values."
CVE-2016-4052 2 Canonical, Squid-cache 2 Ubuntu Linux, Squid 2016-11-29 6.8 MEDIUM 8.1 HIGH
Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses.
CVE-2016-3947 2 Canonical, Squid-cache 2 Ubuntu Linux, Squid 2016-11-28 7.5 HIGH 8.2 HIGH
Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 packet.
CVE-2016-2390 1 Squid-cache 1 Squid 2016-11-28 4.3 MEDIUM 5.9 MEDIUM
The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintext HTTP message.
CVE-2014-7142 3 Canonical, Oracle, Squid-cache 3 Ubuntu Linux, Solaris, Squid 2016-11-28 6.4 MEDIUM N/A
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.
CVE-2014-7141 1 Squid-cache 1 Squid 2016-11-28 6.4 MEDIUM N/A
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet.
CVE-2011-4096 1 Squid-cache 1 Squid 2016-11-28 5.0 MEDIUM N/A
The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record.