Vulnerabilites related to squid-cache - squid
Vulnerability from fkie_nvd
Published
2016-04-25 14:59
Modified
2024-11-21 02:51
Severity ?
Summary
Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", matchCriteriaId: "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", matchCriteriaId: "E88A537F-F4D0-46B9-9E37-965233C2A355", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:*:*:*:*:*:*", matchCriteriaId: "62B9F669-6217-498A-902E-22EDEEFC565E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1:*:*:*:*:*:*:*", matchCriteriaId: "6A8586AD-E820-4BAE-AAF9-AC7EF2316C06", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "802E3D2B-90B7-4725-854F-4174116BC314", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "7501697A-BCFD-4DC3-8D87-CC9A186D9589", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "0D6C4455-85F4-462D-9FF6-F830ED7D398E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "B600BF4C-8169-4086-BFE6-F066BE5F5406", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "46272D1B-1468-48C0-B37A-7D06FAC39C47", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.6:*:*:*:*:*:*:*", matchCriteriaId: "DA782B4B-486F-4197-BD5D-ABF791D57211", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.7:*:*:*:*:*:*:*", matchCriteriaId: "558D8641-E097-4D91-9B6E-07433844BB82", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.8:*:*:*:*:*:*:*", matchCriteriaId: "0B46F5F1-38FC-4E25-8F04-CA2730561DF8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.9:*:*:*:*:*:*:*", matchCriteriaId: "C69B0A4D-9619-4BEA-A846-C4438C2660F2", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.10:*:*:*:*:*:*:*", matchCriteriaId: "ED17FE35-6B2C-41BF-A7C7-2EECBDB5A934", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.11:*:*:*:*:*:*:*", matchCriteriaId: "78A50750-3A31-482C-B95C-019C8934850E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.12:*:*:*:*:*:*:*", matchCriteriaId: "8FF6AC30-9570-4D4B-835E-CCADEB546F46", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.13:*:*:*:*:*:*:*", matchCriteriaId: "7FB84E4E-6A0A-41C8-9DDF-3C18F526F155", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.14:*:*:*:*:*:*:*", matchCriteriaId: "2E49E5C3-D01F-4DBC-B33A-5495D3EC44F8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.15:*:*:*:*:*:*:*", matchCriteriaId: "79C53B22-9F33-43E7-8D1F-EEB0DEF4B503", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.16:*:*:*:*:*:*:*", matchCriteriaId: "25B60DB2-F50C-42F0-B6C9-B25C34B8F578", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.17:*:*:*:*:*:*:*", matchCriteriaId: "DE973F9E-8387-464F-AFA0-25215B340173", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.18:*:*:*:*:*:*:*", matchCriteriaId: "03D3F0E3-0C50-4A86-87F4-90FC82B312F5", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "CE26BEC0-B9C7-43F0-B0FB-E81870170B29", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "D0778579-A193-4C61-BB1A-6D2E733F3958", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "9ED5DC63-6E9D-4068-95DF-AF8FD9A0A7ED", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.4:*:*:*:*:*:*:*", matchCriteriaId: "8DE890F9-12C0-4D66-B6C1-6A5A87FAD5F0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.5:*:*:*:*:*:*:*", matchCriteriaId: "FB414FE3-3567-474B-B5A7-D3EF5DD63AB8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "AF450F17-12A2-4E33-875A-5F3C2CA4A5C1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.6:*:*:*:*:*:*:*", matchCriteriaId: "E3AB229E-2C32-410B-BFE2-62DCA734C3F3", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "78A6D6B0-9BC0-418E-84EE-23697A0FEC19", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.8:*:*:*:*:*:*:*", matchCriteriaId: "5BF7AFE1-A45A-43B7-B3C7-45C060D046BC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.9:*:*:*:*:*:*:*", matchCriteriaId: "41914354-D5BE-4B1F-BED3-0ECA43586537", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.10:*:*:*:*:*:*:*", matchCriteriaId: "AE9A3716-8670-4847-A6EB-F601184D369E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.11:*:*:*:*:*:*:*", matchCriteriaId: "D0E88EE3-EC00-4F1F-BAEF-4F1F893C5C5F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.12:*:*:*:*:*:*:*", matchCriteriaId: "A330DFA8-BF79-45CC-BF88-6CEA26D7BC9E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.12.1:*:*:*:*:*:*:*", matchCriteriaId: "0B218819-0975-4E1F-8F6C-D666655937B0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.12.2:*:*:*:*:*:*:*", matchCriteriaId: "594A05FF-E5D2-4132-BF03-44D6866D8133", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.12.3:*:*:*:*:*:*:*", matchCriteriaId: "3B22C192-02F2-4AD4-A305-BADCC09E8075", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.13:*:*:*:*:*:*:*", matchCriteriaId: "679A55F8-34B4-435A-8BCE-8F842F3FB269", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.14:*:*:*:*:*:*:*", matchCriteriaId: "898674F9-6BF7-469F-A74E-558EAFC2CD27", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.15:*:*:*:*:*:*:*", matchCriteriaId: "3F50E718-1CF2-4C8F-A1EA-5F769B203B8A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.16:*:*:*:*:*:*:*", matchCriteriaId: "290D66F4-D27F-4E86-AC95-05082F3C2E36", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.17:*:*:*:*:*:*:*", matchCriteriaId: "A8CD6A42-2C79-48EB-8F6C-0A7CE0C6AAAA", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.18:*:*:*:*:*:*:*", matchCriteriaId: "ABBA9A61-2B05-4527-A49D-425AD5FD863B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.19:*:*:*:*:*:*:*", matchCriteriaId: "E893D7A8-9C39-438C-8EF2-9573EEDC884A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.20:*:*:*:*:*:*:*", matchCriteriaId: "0B707451-BF0E-4F79-A348-B1141ABA6EF8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.21:*:*:*:*:*:*:*", matchCriteriaId: "810AAA9D-F4B2-4F0A-89DD-2D9378516481", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.22:*:*:*:*:*:*:*", matchCriteriaId: "516F3F77-3AEA-489D-A36F-C502B4D9BF01", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "6DFAB3BA-BBE9-4CFB-BE6B-BDF3E7772E7F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "C9F523B8-463E-4FB0-ACB6-E36AAAF85CD9", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*", matchCriteriaId: "5BA593D9-907D-4051-A3F2-0F88F01A7C79", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "20D2B364-B98A-4484-A10A-86AF43774096", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*", matchCriteriaId: "0B7BF076-0D43-407A-86DC-D1163922A787", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*", matchCriteriaId: "AA576F49-A7F5-4013-89DF-F6C91C15B547", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*", matchCriteriaId: "5D3F52FE-FFB3-4221-8DC7-3F5680A07429", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*", matchCriteriaId: "604FEF42-ABA7-42C1-8A5F-C3AECFD68481", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*", matchCriteriaId: "DC2568C1-89CB-41C1-9126-A8665614D0B1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*", matchCriteriaId: "C18B5392-3FDB-49E6-89DB-7945D337FBFB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*", matchCriteriaId: "BA9E0E7F-E93C-4DE9-8D91-5EE50BCFAC2A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.12:*:*:*:*:*:*:*", matchCriteriaId: "0BFF9D8B-343B-415D-8AF8-B07AF94CC48B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.13:*:*:*:*:*:*:*", matchCriteriaId: "16F5794B-BBFB-4B12-9A0B-88A0334681C7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.14:*:*:*:*:*:*:*", matchCriteriaId: "17D0083E-8D50-4DC6-979F-685D5CB588AF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.15:*:*:*:*:*:*:*", matchCriteriaId: "138FAD73-1D25-4F46-B9EA-599FF0EDA1AA", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.16:*:*:*:*:*:*:*", matchCriteriaId: "2CE34DC1-F654-474E-B6A3-D81B9BF4D6CF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.17:*:*:*:*:*:*:*", matchCriteriaId: "8A4BF7AC-7D9F-40D8-A5AA-BE1EBF37CF96", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.18:*:*:*:*:*:*:*", matchCriteriaId: "643E8B9B-C3F4-4171-BF67-D9359BDCE5CB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.19:*:*:*:*:*:*:*", matchCriteriaId: "A73CBC60-1EF1-4730-9350-EB51F269695B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.1:*:*:*:*:*:*:*", matchCriteriaId: "2721E403-A553-492F-897F-1CD1E2685139", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.2:*:*:*:*:*:*:*", matchCriteriaId: "85B091C4-8104-4A1E-A09D-EBCD114DC829", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.3:*:*:*:*:*:*:*", matchCriteriaId: "FA2EDF9C-45AD-4980-8DEF-C7F473B22CAF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.4:*:*:*:*:*:*:*", matchCriteriaId: "BE4B8448-49FA-491C-A6A2-040233D670B1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.5:*:*:*:*:*:*:*", matchCriteriaId: "11480BB1-874C-48EB-BB03-081313310608", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.6:*:*:*:*:*:*:*", matchCriteriaId: "1B739890-99E8-434C-97D4-3739E6C31838", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.7:*:*:*:*:*:*:*", matchCriteriaId: "0C7B1871-3C85-4B88-AB42-E60BF5CDFB04", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0A71DCD2-0E54-46A7-8309-CDB0736AD5C1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.9:*:*:*:*:*:*:*", matchCriteriaId: "CD54BDDF-F7A8-4715-BA0E-4E7F741492FE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.10:*:*:*:*:*:*:*", matchCriteriaId: "9A2B9699-6622-4883-BA03-E3374C54871A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.11:*:*:*:*:*:*:*", matchCriteriaId: "78391DAF-2096-4DC4-80E4-D4D2859DCA32", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.12:*:*:*:*:*:*:*", matchCriteriaId: "9B062A06-31C1-4B23-B7BD-9F751ABD6A37", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.13:*:*:*:*:*:*:*", matchCriteriaId: "DE426934-A9E2-4019-99EA-5A76EA7CDF5C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0:*:*:*:*:*:*:*", matchCriteriaId: "728DD64E-C267-475A-BEA8-C139581DD7A7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A7A83183-74B1-4041-A961-D9F382AAC7E5", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "4CE8F3F5-45A2-418A-9D8E-4E6DFC888BC6", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "7F4845D4-40D9-431E-A63C-E949B9D9F959", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.1:*:*:*:*:*:*:*", matchCriteriaId: "9EF070E6-0B73-4F6D-8932-B284697FCD2E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.2:*:*:*:*:*:*:*", matchCriteriaId: "6E07992B-92B4-4307-8DBD-085376C1D6DD", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.3:*:*:*:*:*:*:*", matchCriteriaId: "386550A3-A55B-4F24-9625-6A50260ADA72", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.4:*:*:*:*:*:*:*", matchCriteriaId: "810D1F9E-81E5-45F0-B62B-AB0A797FF8B0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.5:*:*:*:*:*:*:*", matchCriteriaId: "4673327A-1E50-47CC-AD83-6A3D2E687292", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.6:*:*:*:*:*:*:*", matchCriteriaId: "6624AF2D-9EF0-4597-B8B2-20D7A309EA6F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.7:*:*:*:*:*:*:*", matchCriteriaId: "E9F75D13-ED59-42A9-A662-AC77DBA20903", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.8:*:*:*:*:*:*:*", matchCriteriaId: "1D2DEDED-818C-42E4-821C-954CE7406DA8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.9:*:*:*:*:*:*:*", matchCriteriaId: "EEED0A2E-AA5D-4835-A7C6-499325A0EB32", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.10:*:*:*:*:*:*:*", matchCriteriaId: "BEDD0AF5-8252-4548-941B-26581393E918", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.11:*:*:*:*:*:*:*", matchCriteriaId: "3E939AD4-B8F3-4BC0-9948-3C92B88D2593", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.12:*:*:*:*:*:*:*", matchCriteriaId: "73CAD438-969B-4D2E-8A2F-9264AFAD9DE2", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.13:*:*:*:*:*:*:*", matchCriteriaId: "87259A2E-E132-45BA-8AC4-8CC50B1F659A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.14:*:*:*:*:*:*:*", matchCriteriaId: "76245991-1D91-4475-87E1-FBB77A1B3CDF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "1DD85E57-9A51-42DF-8BF7-E5701BAA64AE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.2:*:*:*:*:*:*:*", matchCriteriaId: "E983C5C3-C93C-4750-8DC5-31D6206335A8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DEC8D212-6E8B-45F7-B7FB-9FFA64C1DB8F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.1:*:*:*:*:*:*:*", matchCriteriaId: "F03B2A6E-1D63-42F2-BB31-18EC120B6543", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.2:*:*:*:*:*:*:*", matchCriteriaId: "3BC83C4B-7C06-40D7-9EF6-76E752E5724B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.3:*:*:*:*:*:*:*", matchCriteriaId: "5C1E1CC9-81A7-47D5-87AC-86703E257D29", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.4:*:*:*:*:*:*:*", matchCriteriaId: "D716D8C4-2089-4E61-9487-B2085B74B5BF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.4.1:*:*:*:*:*:*:*", matchCriteriaId: "1BBC5AAD-34E1-48A5-972A-A09D66EFE825", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.4.2:*:*:*:*:*:*:*", matchCriteriaId: "79E26DC8-1030-4F3F-96B9-6BF159D86FCE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.8:*:*:*:*:*:*:*", matchCriteriaId: "40507A48-FD3B-4309-B017-A1644C5C3520", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.9:*:*:*:*:*:*:*", matchCriteriaId: "0211EBCA-144F-4BDD-8F0C-E5F7BDF96E7A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.10:*:*:*:*:*:*:*", matchCriteriaId: "7A52E699-6C08-4324-AD38-E8D40A02701F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.11:*:*:*:*:*:*:*", matchCriteriaId: "94C493CA-CBF0-4D15-8D1A-0E972E31F7A6", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.12:*:*:*:*:*:*:*", matchCriteriaId: "C398219E-503D-4DE5-85E8-5570536D6FB9", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.13:*:*:*:*:*:*:*", matchCriteriaId: "BBF91088-0BD3-48EB-8D19-C05F156D4A19", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.14:*:*:*:*:*:*:*", matchCriteriaId: "3441D193-DA62-4AC1-8E50-3AEEF8C659F3", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.1:*:*:*:*:*:*:*", matchCriteriaId: "E0868B12-EDF9-42D9-BB43-15F623A3310B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.2:*:*:*:*:*:*:*", matchCriteriaId: "F710949D-F0FE-43F4-ADB3-6EB679A70280", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DCB75144-2437-40A8-8CA3-A487B603F7DE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.4:*:*:*:*:*:*:*", matchCriteriaId: "6CED2CB3-BE78-4818-A6D7-847A1ACE74DC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.1:*:*:*:*:*:*:*", matchCriteriaId: "705D8320-A278-483A-AE47-802044CE685E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.2:*:*:*:*:*:*:*", matchCriteriaId: "715634E1-F7BE-4106-BDA7-B7D147EEA800", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.3:*:*:*:*:*:*:*", matchCriteriaId: "21E9E155-FC6F-46E7-8BF7-65DF097409D3", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.4:*:*:*:*:*:*:*", matchCriteriaId: "CF72FA7A-E35D-4000-9DDA-71E55EA3A4D4", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.5:*:*:*:*:*:*:*", matchCriteriaId: "26A3F10F-938E-44D6-845D-B66EF9812C21", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.6:*:*:*:*:*:*:*", matchCriteriaId: "B1D82EEE-F65E-4657-B0F7-6CE33D219134", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.7:*:*:*:*:*:*:*", matchCriteriaId: "C9E6A845-B67C-4112-8240-9F61D6AF3B0D", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.8:*:*:*:*:*:*:*", matchCriteriaId: "4BEDD7E3-E263-4A09-9C11-3E008E01BC28", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.9:*:*:*:*:*:*:*", matchCriteriaId: "80E3FF16-A6CD-456C-B58A-381A75D8616C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.10:*:*:*:*:*:*:*", matchCriteriaId: "87D02AB2-AA26-4416-B689-02C5EEF2099C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.11:*:*:*:*:*:*:*", matchCriteriaId: "A134E1F1-AFCC-498B-8840-5884CF858769", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.12:*:*:*:*:*:*:*", matchCriteriaId: "D5F4E7D0-B6F4-476E-A011-55619E91A3B0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.13:*:*:*:*:*:*:*", matchCriteriaId: "95588755-27E8-4DB7-B865-A784D3638FE8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.14:*:*:*:*:*:*:*", matchCriteriaId: "2CD4DDBC-4243-459A-B43D-FF8F0AE0BA3C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.15:*:*:*:*:*:*:*", matchCriteriaId: "0F90E11F-FC03-46D9-A9C4-A578196D59D8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.16:*:*:*:*:*:*:*", matchCriteriaId: "EDC9BEE2-D7E4-4192-963C-E9F2364FC8CE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "060FCBEA-DEAA-42FB-88C9-4B78136B172F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.2:*:*:*:*:*:*:*", matchCriteriaId: "74987102-8CA8-4120-B686-F18579A96A46", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DA7828AA-48B6-44CD-8507-345A4F0A25BC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.4:*:*:*:*:*:*:*", matchCriteriaId: "6640F25F-CC8B-4B05-A97A-2186BD0B5ED8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.5:*:*:*:*:*:*:*", matchCriteriaId: "A037F780-6FC9-4130-908F-B5434FA0C7DE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.6:*:*:*:*:*:*:*", matchCriteriaId: "1DDEB455-F082-44E4-8CEA-019C0084BF05", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.7:*:*:*:*:*:*:*", matchCriteriaId: "49555803-288E-4B0A-B12A-890E5E0AD05F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.8:*:*:*:*:*:*:*", matchCriteriaId: "EBEE374C-365E-49DE-A9F9-6083044C774D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses.", }, { lang: "es", value: "Múltiples desbordamientos de buffer basado en pila en Squid 3.x en versiones anteriores a 3.5.17 y 4.x en versiones anteriores a 4.0.9 permiten a servidores HTTP remotos provocar una denegación de servicio o ejecutar código arbitrario a través de respuestas Edge Side Includes (ESI) manipuladas.", }, ], id: "CVE-2016-4052", lastModified: "2024-11-21T02:51:14.673", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-04-25T14:59:03.313", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2016/dsa-3625", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/04/20/6", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/04/20/9", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { source: "cve@mitre.org", url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/86788", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/91787", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1035647", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_6.txt", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2995-1", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2016:1138", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2016:1139", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2016:1140", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/201607-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2016/dsa-3625", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/04/20/6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/04/20/9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/86788", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/91787", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1035647", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_6.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2995-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:1138", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:1139", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:1140", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/201607-01", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-11-26 17:15
Modified
2024-11-21 04:23
Severity ?
Summary
An issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-based buffer overflow. When receiving data from a remote server in response to an URN request, Squid fails to ensure that the response can fit within the buffer. This leads to attacker controlled data overflowing in the heap.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.04 | |
| canonical | ubuntu_linux | 19.10 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 | |
| opensuse | leap | 15.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "FC9F2659-B37B-4E7B-AE40-B91BF3CE4E88", versionEndIncluding: "3.5.28", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "A278895E-7005-4F4B-8649-A013F60E33D4", versionEndIncluding: "4.8", versionStartIncluding: "4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", matchCriteriaId: "CD783B0C-9246-47D9-A937-6144FE8BFF0F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-based buffer overflow. When receiving data from a remote server in response to an URN request, Squid fails to ensure that the response can fit within the buffer. This leads to attacker controlled data overflowing in the heap.", }, { lang: "es", value: "Se detectó un problema en Squid versiones anteriores a 4.9. El manejo de respuesta URN en Squid sufre de un desbordamiento de búfer en la región heap de la memoria. Cuando se reciben datos desde un servidor remoto en respuesta a una petición URN, Squid no se asegura de que la respuesta pueda caber dentro del búfer. Esto conlleva al desbordamiento de datos controlados por el atacante en la pila.", }, ], id: "CVE-2019-12526", lastModified: "2024-11-21T04:23:02.443", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-11-26T17:15:10.843", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2019_7.txt", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1156326", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202003-34", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4213-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4682", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2019_7.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1156326", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202003-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4213-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4682", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2009-07-28 17:30
Modified
2024-11-21 01:05
Severity ?
Summary
Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) "missing or mismatched protocol identifier," (2) missing or negative status value," (3) "missing version," or (4) "missing or invalid status number," related to (a) HttpMsg.cc and (b) HttpReply.cc.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.1 | |
| squid-cache | squid | 3.1.0.1 | |
| squid-cache | squid | 3.1.0.2 | |
| squid-cache | squid | 3.1.0.3 | |
| squid-cache | squid | 3.1.0.4 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:pre1:*:*:*:*:*", matchCriteriaId: "CF9C0078-D06B-4174-AF2C-599638E5B29D", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:pre2:*:*:*:*:*", matchCriteriaId: "F1DD47BA-EA59-4DCC-BFF3-2DF0BC332CBB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:pre3:*:*:*:*:*", matchCriteriaId: "2BC1746D-BE02-4D04-B31D-95589EBD4C93", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:pre4:*:*:*:*:*", matchCriteriaId: "62C35710-215C-4B80-9304-665451F3C0AB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:pre5:*:*:*:*:*", matchCriteriaId: "76A7416C-64B2-4F52-93FD-9C504B7D4F40", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:pre6:*:*:*:*:*", matchCriteriaId: "17D51261-2071-4E8F-AD75-2ECCBE7F7C04", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:pre7:*:*:*:*:*", matchCriteriaId: "ACD9E084-007E-4C6A-8D30-2DC9B355D7B5", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:stable1:*:*:*:*:*", matchCriteriaId: "95912E0D-FACF-459B-94FB-334FDBCC292B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:stable10:*:*:*:*:*", matchCriteriaId: "2C455506-7FBF-4F0E-92E7-F074B74C10D7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:stable11:*:*:*:*:*", matchCriteriaId: "67288E3E-88BF-44CE-84EF-1BF98E8C38CA", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:stable12:*:*:*:*:*", matchCriteriaId: "B428BDA9-8C83-4DE3-9391-17AFD5D750BB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:stable13:*:*:*:*:*", matchCriteriaId: "DC57EAB8-BFEF-4FE2-8ADB-D196EAE3E51D", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:stable14:*:*:*:*:*", matchCriteriaId: "935F2BDE-7F76-4E13-8318-37CE97B7948F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:stable15:*:*:*:*:*", matchCriteriaId: "354599A2-5FCF-4F5A-85AE-00505D32B9BF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:stable2:*:*:*:*:*", matchCriteriaId: "1F1BC7B9-9CD1-42E9-84BB-BEE3668BAAA6", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:stable3:*:*:*:*:*", matchCriteriaId: "88E3716B-863A-40D4-A7D9-F2A288B87394", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:stable4:*:*:*:*:*", matchCriteriaId: "02FB3C5B-95F1-4839-8F68-649AFA2FEB1C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:stable5:*:*:*:*:*", matchCriteriaId: "631CBA69-B2A1-4522-A330-6A87CCBC682C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:stable6:*:*:*:*:*", matchCriteriaId: "0FE7885D-D1EB-4543-B342-80BC645EE8EC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:stable7:*:*:*:*:*", matchCriteriaId: "B7C4AE0E-9608-4D24-8EA3-0F33A5D95A5E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:stable8:*:*:*:*:*", matchCriteriaId: "628344A8-42AE-4AD7-89A2-66711490AB30", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:stable9:*:*:*:*:*", matchCriteriaId: "3260A290-9F63-4E5C-BEF2-015E9491AD18", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:rc1:stable11:*:*:*:*:*", matchCriteriaId: "4F830353-C4E4-4DAF-B7ED-1B0BAE9F3253", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:rc4:*:*:*:*:*:*", matchCriteriaId: "131C4C00-3811-42BF-A84A-EB2E5DA156B4", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1:*:*:*:*:*:*:*", matchCriteriaId: "6A8586AD-E820-4BAE-AAF9-AC7EF2316C06", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "802E3D2B-90B7-4725-854F-4174116BC314", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "7501697A-BCFD-4DC3-8D87-CC9A186D9589", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "0D6C4455-85F4-462D-9FF6-F830ED7D398E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "B600BF4C-8169-4086-BFE6-F066BE5F5406", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) \"missing or mismatched protocol identifier,\" (2) missing or negative status value,\" (3) \"missing version,\" or (4) \"missing or invalid status number,\" related to (a) HttpMsg.cc and (b) HttpReply.cc.", }, { lang: "es", value: "Squid desde v3.0 hasta v3.0.STABLE16 y desde v3.1 hasta v3.1.0.11 permite a atacantes remotos producir una denegación de servicio a través de peticiones mal formadas que incluyen (1) \"identificador de protocolo perdido o mal utilizado,\" (2) \"valor de estatus perdido o negativo,\" (3) \"versión perdida,\" o (4) \"número de estatus perdido o inválido\", relacionado con HttpMsg.cc y (b) HttpReply.cc.", }, ], id: "CVE-2009-2622", lastModified: "2024-11-21T01:05:19.113", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2009-07-28T17:30:01.127", references: [ { source: "cret@cert.org", url: "http://secunia.com/advisories/36007", }, { source: "cret@cert.org", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:161", }, { source: "cret@cert.org", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:178", }, { source: "cret@cert.org", url: "http://www.securityfocus.com/bid/35812", }, { source: "cret@cert.org", url: "http://www.securitytracker.com/id?1022607", }, { source: "cret@cert.org", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2009_2.txt", }, { source: "cret@cert.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/b9661.patch", }, { source: "cret@cert.org", url: "http://www.vupen.com/english/advisories/2009/2013", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/36007", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:161", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:178", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/35812", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1022607", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2009_2.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/b9661.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2009/2013", }, ], sourceIdentifier: "cret@cert.org", vendorComments: [ { comment: "Not vulnerable. This issue did not affect the versions of squid as shipped with Red Hat Enterprise Linux 3, 4, or 5.", lastModified: "2009-08-06T00:00:00", organization: "Red Hat", }, ], vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-11-06 18:15
Modified
2024-11-21 08:29
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "4205423B-C18E-4565-867C-BF885D21DF03", versionEndExcluding: "6.0.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests.", }, { lang: "es", value: "Squid es un proxy de almacenamiento en caché para la Web que admite HTTP, HTTPS, FTP y más. Debido a un bug de desreferencia de NULL pointer, Squid es vulnerable a un ataque de Denegación de Servicio contra la puerta de enlace Gopher de Squid. El protocolo Gopher siempre está disponible y habilitado en Squid antes de Squid 6.0.1. Es posible recibir respuestas que desencadenen este error desde cualquier servidor Gopher, incluso aquellos sin intenciones maliciosas. La compatibilidad con Gopher se eliminó en la versión 6.0.1 de Squid. Se recomienda a los usuarios que actualicen. Los usuarios que no puedan actualizar deben rechazar todas las solicitudes de URL de Gopher.", }, ], id: "CVE-2023-46728", lastModified: "2024-11-21T08:29:10.403", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-11-06T18:15:08.637", references: [ { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/squid-cache/squid/commit/6ea12e8fb590ac6959e9356a81aa3370576568c3", }, { source: "security-advisories@github.com", tags: [ "Vendor Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-cg5h-v6vc-w33f", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/", }, { source: "security-advisories@github.com", url: "https://security.netapp.com/advisory/ntap-20231214-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/squid-cache/squid/commit/6ea12e8fb590ac6959e9356a81aa3370576568c3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-cg5h-v6vc-w33f", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20231214-0006/", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "security-advisories@github.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-11-06 21:59
Modified
2024-11-21 02:21
Severity ?
Summary
Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | 3.4.4 | |
| squid-cache | squid | 3.4.5 | |
| squid-cache | squid | 3.4.6 | |
| squid-cache | squid | 3.4.7 | |
| squid-cache | squid | 3.4.8 | |
| squid-cache | squid | 3.4.9 | |
| squid-cache | squid | 3.4.10 | |
| squid-cache | squid | 3.4.11 | |
| squid-cache | squid | 3.4.12 | |
| squid-cache | squid | 3.4.13 | |
| squid-cache | squid | 3.5.0.1 | |
| squid-cache | squid | 3.5.0.2 | |
| squid-cache | squid | 3.5.0.3 | |
| squid-cache | squid | 3.5.0.4 | |
| squid-cache | squid | 3.5.1 | |
| opensuse | opensuse | 13.1 | |
| opensuse | opensuse | 13.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:3.4.4:*:*:*:*:*:*:*", matchCriteriaId: "D716D8C4-2089-4E61-9487-B2085B74B5BF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.5:*:*:*:*:*:*:*", matchCriteriaId: "5332A8F5-8F97-465B-AF24-2FEF0B055006", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.6:*:*:*:*:*:*:*", matchCriteriaId: "6567D19B-DF18-4C52-984A-591524A83AD5", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.7:*:*:*:*:*:*:*", matchCriteriaId: "06832CD3-C761-4941-AFAB-822477C568F6", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.8:*:*:*:*:*:*:*", matchCriteriaId: "40507A48-FD3B-4309-B017-A1644C5C3520", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.9:*:*:*:*:*:*:*", matchCriteriaId: "0211EBCA-144F-4BDD-8F0C-E5F7BDF96E7A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.10:*:*:*:*:*:*:*", matchCriteriaId: "7A52E699-6C08-4324-AD38-E8D40A02701F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.11:*:*:*:*:*:*:*", matchCriteriaId: "94C493CA-CBF0-4D15-8D1A-0E972E31F7A6", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.12:*:*:*:*:*:*:*", matchCriteriaId: "C398219E-503D-4DE5-85E8-5570536D6FB9", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.13:*:*:*:*:*:*:*", matchCriteriaId: "BBF91088-0BD3-48EB-8D19-C05F156D4A19", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.1:*:*:*:*:*:*:*", matchCriteriaId: "E0868B12-EDF9-42D9-BB43-15F623A3310B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.2:*:*:*:*:*:*:*", matchCriteriaId: "F710949D-F0FE-43F4-ADB3-6EB679A70280", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DCB75144-2437-40A8-8CA3-A487B603F7DE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.4:*:*:*:*:*:*:*", matchCriteriaId: "6CED2CB3-BE78-4818-A6D7-847A1ACE74DC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.1:*:*:*:*:*:*:*", matchCriteriaId: "705D8320-A278-483A-AE47-802044CE685E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", matchCriteriaId: "A10BC294-9196-425F-9FB0-B1625465B47F", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", matchCriteriaId: "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka \"Nonce replay vulnerability.\"", }, { lang: "es", value: "Squid 3.4.4 hasta la versión 3.4.11 y 3.5.0.1 hasta la versión 3.5.1, cuando es utilizada la autenticación Digest, permiten a usuarios remotos autenticados retener el acceso aprovechando un nonce caducado, también conocido como 'Nonce replay vulnerability'.", }, ], id: "CVE-2014-9749", lastModified: "2024-11-21T02:21:34.983", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-11-06T21:59:00.123", references: [ { source: "cve@mitre.org", url: "http://bugs.squid-cache.org/show_bug.cgi?id=4066", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-updates/2015-10/msg00052.html", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2015/10/01/1", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2015/10/11/4", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2015/10/12/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://bugs.squid-cache.org/show_bug.cgi?id=4066", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2015-10/msg00052.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2015/10/01/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2015/10/11/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2015/10/12/2", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-15 20:15
Modified
2024-11-21 04:23
Severity ?
Summary
An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won't overflow.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.10 | |
| canonical | ubuntu_linux | 20.04 | |
| opensuse | leap | 15.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "FC9F2659-B37B-4E7B-AE40-B91BF3CE4E88", versionEndIncluding: "3.5.28", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "FDF78DA3-A197-41B0-B5CB-E89457D37375", versionEndIncluding: "4.10", versionStartIncluding: "4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "306640BC-6B06-4BEE-BB6E-B7B3A4613DDC", versionEndIncluding: "5.0.1", versionStartIncluding: "5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", matchCriteriaId: "902B8056-9E37-443B-8905-8AA93E2447FB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won't overflow.", }, { lang: "es", value: "Se detectó un problema en Squid versiones hasta 4.7. Cuando se maneja la etiqueta esi:when cuando ESI está habilitado, Squid llama a la función ESIExpression::Evaluate. Esta función usa un búfer de pila fijado para contener la expresión mientras se está evaluando. Cuando de procesa la expresión, podría evaluar la parte superior de la pila o agregar un nuevo miembro en la pila. Cuando se agrega un nuevo miembro, no se realiza ninguna comprobación para asegurar que la pila no se desborde.", }, ], id: "CVE-2019-12519", lastModified: "2024-11-21T04:23:01.190", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-15T20:15:13.473", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2020/04/23/1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12519.txt", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202005-05", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210205-0006/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4356-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4682", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2020/04/23/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12519.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202005-05", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210205-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4356-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4682", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-02-04 20:15
Modified
2024-11-21 05:38
Severity ?
Summary
An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.10 | |
| opensuse | leap | 15.1 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "CCB84835-9A10-4970-8A4B-6467A2BD4FCB", versionEndExcluding: "4.10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.", }, { lang: "es", value: "Se detectó un problema en Squid versiones anteriores a 4.10. Debido a una administración del búfer incorrecta, un cliente remoto puede causar un desbordamiento del búfer en una instancia de Squid que actúa como un proxy inverso.", }, ], id: "CVE-2020-8450", lastModified: "2024-11-21T05:38:52.967", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-02-04T20:15:14.777", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2020_1.txt", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202003-34", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210304-0002/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4289-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4682", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2020_1.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202003-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210304-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4289-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4682", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-131", }, { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-12-04 23:15
Modified
2024-11-21 08:33
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "64A6EFAB-804C-4B6B-B609-2F5A797EACB0", versionEndIncluding: "6.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.", }, { lang: "es", value: "Squid es un proxy de almacenamiento en caché para la Web que admite HTTP, HTTPS, FTP y más. Debido a un error de sobrelectura del búfer, Squid es vulnerable a un ataque de denegación de servicio contra el procesamiento de mensajes HTTP de Squid. Este error se solucionó con la versión 6.5 de Squid. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad.", }, ], id: "CVE-2023-49285", lastModified: "2024-11-21T08:33:11.207", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-04T23:15:27.007", references: [ { source: "security-advisories@github.com", tags: [ "Broken Link", ], url: "http://www.squid-cache.org/Versions/v5/SQUID-2023_7.patch", }, { source: "security-advisories@github.com", tags: [ "Broken Link", ], url: "http://www.squid-cache.org/Versions/v6/SQUID-2023_7.patch", }, { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/squid-cache/squid/commit/77b3fb4df0f126784d5fd4967c28ed40eb8d521b", }, { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/squid-cache/squid/commit/deee944f9a12c9fd399ce52f3e2526bb573a9470", }, { source: "security-advisories@github.com", tags: [ "Vendor Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-8w9r-p88v-mmx9", }, { source: "security-advisories@github.com", url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/", }, { source: "security-advisories@github.com", url: "https://security.netapp.com/advisory/ntap-20240119-0004/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.squid-cache.org/Versions/v5/SQUID-2023_7.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.squid-cache.org/Versions/v6/SQUID-2023_7.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/squid-cache/squid/commit/77b3fb4df0f126784d5fd4967c28ed40eb8d521b", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/squid-cache/squid/commit/deee944f9a12c9fd399ce52f3e2526bb573a9470", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-8w9r-p88v-mmx9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20240119-0004/", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-126", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2010-02-15 18:30
Modified
2024-11-21 01:12
Severity ?
Summary
The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | 2.0 | |
| squid-cache | squid | 2.1 | |
| squid-cache | squid | 2.2 | |
| squid-cache | squid | 2.3 | |
| squid-cache | squid | 2.4 | |
| squid-cache | squid | 2.5 | |
| squid-cache | squid | 2.6 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0.stable1 | |
| squid-cache | squid | 3.0.stable2 | |
| squid-cache | squid | 3.0.stable3 | |
| squid-cache | squid | 3.0.stable4 | |
| squid-cache | squid | 3.0.stable5 | |
| squid-cache | squid | 3.0.stable6 | |
| squid-cache | squid | 3.0.stable7 | |
| squid-cache | squid | 3.0.stable8 | |
| squid-cache | squid | 3.0.stable9 | |
| squid-cache | squid | 3.0.stable11 | |
| squid-cache | squid | 3.0.stable12 | |
| squid-cache | squid | 3.0.stable13 | |
| squid-cache | squid | 3.0.stable14 | |
| squid-cache | squid | 3.0.stable15 | |
| squid-cache | squid | 3.0.stable16 | |
| squid-cache | squid | 3.0.stable17 | |
| squid-cache | squid | 3.0.stable18 | |
| squid-cache | squid | 3.0.stable19 | |
| squid-cache | squid | 3.0.stable20 | |
| squid-cache | squid | 3.0.stable21 | |
| squid-cache | squid | 3.0.stable22 | |
| squid-cache | squid | 3.0.stable23 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:2.0:*:*:*:*:*:*:*", matchCriteriaId: "B7EB3DBC-313E-4F55-90F3-BED0918A4EFE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.1:*:*:*:*:*:*:*", matchCriteriaId: "C3DCC264-510E-43D1-9C13-99CEA54C7940", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.2:*:*:*:*:*:*:*", matchCriteriaId: "ED31C038-4142-4C2C-B540-9223C5C199FB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.3:*:*:*:*:*:*:*", matchCriteriaId: "177060A9-6211-4B6D-96BE-48B4BD1FAFEE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.4:*:*:*:*:*:*:*", matchCriteriaId: "A7E210DD-8EE6-4182-A78E-F791FCFDEFCF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.5:*:*:*:*:*:*:*", matchCriteriaId: "50327E36-756E-434D-804D-1E44A4ABAE1F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.6:*:*:*:*:*:*:*", matchCriteriaId: "3AE100C3-0245-4305-B514-77D0572C2947", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:*:*:*:*:*:*:*", matchCriteriaId: "35C30CB9-FA3A-408D-A8B0-8805E75657BE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable3:*:*:*:*:*:*", matchCriteriaId: "A03692DD-779F-4E3C-861C-29943870A816", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable4:*:*:*:*:*:*", matchCriteriaId: "79FF6B3C-A3CE-4AA2-80F9-44D05A6B2F08", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:*:*:*:*:*:*", matchCriteriaId: "62B9F669-6217-498A-902E-22EDEEFC565E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable1:*:*:*:*:*:*:*", matchCriteriaId: "047EDDD6-02F5-4B53-8FCA-781962392080", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable2:*:*:*:*:*:*:*", matchCriteriaId: "01AD43AB-40BF-449F-A121-A8587E7AE449", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable3:*:*:*:*:*:*:*", matchCriteriaId: "3942285D-E20C-45C5-9EF8-821F6D782CB8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable4:*:*:*:*:*:*:*", matchCriteriaId: "B3FDB45B-4D91-4427-9565-812919086E7E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable5:*:*:*:*:*:*:*", matchCriteriaId: "86C3C8B5-C2A3-4454-9F89-38A860278366", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable6:*:*:*:*:*:*:*", matchCriteriaId: "8B37B7B4-2EAC-4C2A-9526-5C62CBA1DB8B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable7:*:*:*:*:*:*:*", matchCriteriaId: "056EDEEE-A09C-47A2-9217-72E4B8387E00", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable8:*:*:*:*:*:*:*", matchCriteriaId: "2593CB12-03E2-4F98-9B89-C09D5EADE077", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable9:*:*:*:*:*:*:*", matchCriteriaId: "A44B7A4F-3070-4092-B9AF-3A1CD0897CC7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable11:*:*:*:*:*:*:*", matchCriteriaId: "042FE60B-7239-45C7-8EE3-A036AC7778F8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable12:*:*:*:*:*:*:*", matchCriteriaId: "ADF61A74-9CF9-413E-B997-4FAE5BA28939", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable13:*:*:*:*:*:*:*", matchCriteriaId: "5605B00F-438B-45CC-A55D-E75E57BC4684", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable14:*:*:*:*:*:*:*", matchCriteriaId: "8316B22E-B016-4F0E-9A3F-383E9B1A85A4", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable15:*:*:*:*:*:*:*", matchCriteriaId: "49A2C5CB-E2F1-4A72-9EA3-912050AFEF7F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable16:*:*:*:*:*:*:*", matchCriteriaId: "574C7DCC-B6E5-42A0-AA44-A0BCD67D1884", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable17:*:*:*:*:*:*:*", matchCriteriaId: "A2B1F1A5-B435-4A5C-86DF-EC3F29D94417", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable18:*:*:*:*:*:*:*", matchCriteriaId: "113EF7A6-3B8D-4A50-8873-FD36FCBF284C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable19:*:*:*:*:*:*:*", matchCriteriaId: "DC97E2DA-7378-486B-9178-3B38FF58589B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable20:*:*:*:*:*:*:*", matchCriteriaId: "1F178890-2F7E-43F5-8D6D-5EFCD790E758", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable21:*:*:*:*:*:*:*", matchCriteriaId: "9FA231EB-0F06-4D13-B50D-76FC8393187A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable22:*:*:*:*:*:*:*", matchCriteriaId: "31AB1D33-65EE-46DF-9D29-6B2BFACE7EC8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable23:*:*:*:*:*:*:*", matchCriteriaId: "BDA4744F-5FB2-4DF8-A7B9-A33EAB004CBA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port.", }, { lang: "es", value: "La función htcpHandleTstRequest en el archivo htcp.c en Squid versiones 2.x anterior a 2.6.STABLE24 y versión 2.7 anterior a 2.7.STABLE8, y en el archivo htcp.cc en versión 3.0 anterior a 3.0.STABLE24, permite que los atacantes remotos causen una denegación de servicio (desreferencia de puntero NULL y bloqueo del demonio) por medio de paquetes creados hacia el puerto HTCP.", }, ], evaluatorComment: "Per: http://cwe.mitre.org/data/definitions/476.html\r\n\r\n'NULL Pointer Dereference'", id: "CVE-2010-0639", lastModified: "2024-11-21T01:12:38.073", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2010-02-15T18:30:00.893", references: [ { source: "cve@mitre.org", url: "http://bugs.squid-cache.org/show_bug.cgi?id=2858", }, { source: "cve@mitre.org", url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035961.html", }, { source: "cve@mitre.org", url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037159.html", }, { source: "cve@mitre.org", url: "http://osvdb.org/62297", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/38812", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/38212", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id?1023587", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2010_2.txt", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v2/2.7/changesets/12600.patch", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.0/changesets/3.0-ADV-2010_2.patch", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2010/0371", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2010/0603", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://bugs.squid-cache.org/show_bug.cgi?id=2858", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035961.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037159.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/62297", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/38812", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/38212", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1023587", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2010_2.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v2/2.7/changesets/12600.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.0/changesets/3.0-ADV-2010_2.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2010/0371", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2010/0603", }, ], sourceIdentifier: "cve@mitre.org", vendorComments: [ { comment: "Not vulnerable. This issue did not affect the versions of squid as shipped with Red Hat Enterprise Linux 3, 4, or 5. Those versions are not compiled with the support for HTCP protocol.", lastModified: "2010-02-16T00:00:00", organization: "Red Hat", }, ], vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-11-26 17:15
Modified
2024-11-21 04:23
Severity ?
Summary
An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restricted HTTP servers, e.g., an attacker can connect to HTTP servers that only listen on localhost.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.04 | |
| canonical | ubuntu_linux | 19.10 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 | |
| opensuse | leap | 15.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "FC9F2659-B37B-4E7B-AE40-B91BF3CE4E88", versionEndIncluding: "3.5.28", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "A278895E-7005-4F4B-8649-A013F60E33D4", versionEndIncluding: "4.8", versionStartIncluding: "4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", matchCriteriaId: "CD783B0C-9246-47D9-A937-6144FE8BFF0F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restricted HTTP servers, e.g., an attacker can connect to HTTP servers that only listen on localhost.", }, { lang: "es", value: "Se detectó un problema en Squid versiones anteriores a 4.9. Cuando se maneja una petición URN, es realizada una petición HTTP correspondiente. Esta petición HTTP no pasa por las comprobaciones de acceso por las que pasan las peticiones HTTP entrantes. Esto causa que se omitan todas las comprobaciones de acceso y permite el acceso a servidores HTTP restringidos, por ejemplo, un atacante puede conectar con servidores HTTP que solo escuchan en localhost.", }, ], id: "CVE-2019-12523", lastModified: "2024-11-21T04:23:01.897", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 6.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-11-26T17:15:10.767", references: [ { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2019_8.txt", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1156329", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4213-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4446-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4682", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2019_8.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1156329", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4213-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4446-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4682", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-09-28 20:59
Modified
2024-11-21 02:32
Severity ?
Summary
Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | fedora | 22 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| squid-cache | squid | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", matchCriteriaId: "253C303A-E577-4488-93E6-68A8DD942C38", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "D573DBDF-0CB4-438C-B0B0-11DFD3D8DF7A", versionEndIncluding: "3.5.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.", }, { lang: "es", value: "Vulnerabilidad en Squid en versiones anteriores a 3.5.6, no maneja adecuadamente las respuestas de pares del método CONNECT cuando se configura con cache_peer, lo que permite a atacantes remotos eludir las restricciones previstas y obtener acceso a un proxy backend a través de una solicitud CONNECT.", }, ], id: "CVE-2015-5400", lastModified: "2024-11-21T02:32:56.640", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-09-28T20:59:03.280", references: [ { source: "cve@mitre.org", url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183598.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2015/dsa-3327", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2015/07/06/8", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2015/07/09/12", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2015/07/10/2", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.openwall.com/lists/oss-security/2015/07/17/14", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/75553", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id/1032873", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2015_2.txt", }, { source: "cve@mitre.org", tags: [ "Exploit", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10494.patch", }, { source: "cve@mitre.org", tags: [ "Exploit", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13225.patch", }, { source: "cve@mitre.org", tags: [ "Exploit", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13856.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183598.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2015/dsa-3327", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2015/07/06/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2015/07/09/12", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2015/07/10/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.openwall.com/lists/oss-security/2015/07/17/14", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/75553", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1032873", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2015_2.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10494.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13225.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13856.patch", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-02 17:15
Modified
2024-11-21 05:06
Severity ?
Summary
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 20.04 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 | |
| fedoraproject | fedora | 33 | |
| opensuse | leap | 15.1 | |
| opensuse | leap | 15.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "4A9D1D4D-25A3-4B02-86CA-CCC939C70E44", versionEndExcluding: "4.13", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "84BC35EF-F998-4114-BF16-E77078504004", versionEndExcluding: "5.0.4", versionStartIncluding: "5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", matchCriteriaId: "902B8056-9E37-443B-8905-8AA93E2447FB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", matchCriteriaId: "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches.", }, { lang: "es", value: "Se detectó un problema en Squid versiones anteriores a 4.13 y versiones 5.x anteriores a 5.0.4. Debido a la comprobación de datos incorrecta, los ataques de División de Peticiones HTTP pueden tener éxito contra el tráfico HTTP y HTTPS. Esto conlleva al envenenamiento de la caché. Esto permite a cualquier cliente, incluyendo los scripts del navegador, omitir la seguridad local y envenenar la caché del navegador y cualquier caché aguas abajo con contenido de una fuente arbitraria. Squid usa una búsqueda de cadenas en lugar de analizar el encabezado Transfer-Encoding para encontrar codificación fragmentada. Esto permite a un atacante ocultar una segunda petición dentro de Transfer-Encoding: Squid la interpreta como fragmentada y dividida en una segunda petición entregada en sentido ascendente. Squid luego entregará dos respuestas distintas al cliente, corrompiendo cualquier caché aguas abajo", }, ], id: "CVE-2020-15811", lastModified: "2024-11-21T05:06:13.753", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-09-02T17:15:11.687", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMTFLVB7GLRF2CKGFPZ4G4R5DIIPHWI3/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210219-0007/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210226-0006/", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210226-0007/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4477-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4551-1/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4751", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMTFLVB7GLRF2CKGFPZ4G4R5DIIPHWI3/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210219-0007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210226-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210226-0007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4477-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4551-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4751", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-697", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-02 17:15
Modified
2024-11-21 05:06
Severity ?
Summary
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source. When configured for relaxed header parsing (the default), Squid relays headers containing whitespace characters to upstream servers. When this occurs as a prefix to a Content-Length header, the frame length specified will be ignored by Squid (allowing for a conflicting length to be used from another Content-Length header) but relayed upstream.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 20.04 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 | |
| fedoraproject | fedora | 33 | |
| opensuse | leap | 15.1 | |
| opensuse | leap | 15.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "4A9D1D4D-25A3-4B02-86CA-CCC939C70E44", versionEndExcluding: "4.13", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "84BC35EF-F998-4114-BF16-E77078504004", versionEndExcluding: "5.0.4", versionStartIncluding: "5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", matchCriteriaId: "902B8056-9E37-443B-8905-8AA93E2447FB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", matchCriteriaId: "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source. When configured for relaxed header parsing (the default), Squid relays headers containing whitespace characters to upstream servers. When this occurs as a prefix to a Content-Length header, the frame length specified will be ignored by Squid (allowing for a conflicting length to be used from another Content-Length header) but relayed upstream.", }, { lang: "es", value: "Se detectó un problema en Squid versiones anteriores a 4.13 y versiones 5.x anteriores a 5.0.4. Debido a una comprobación de datos incorrecta, los ataques de Contrabando de Peticiones HTTP pueden tener éxito contra el tráfico HTTP y HTTPS. Esto conlleva a un envenenamiento de la caché. Esto permite a cualquier cliente, incluyendo los scripts del navegador, omitir la seguridad local y envenenar el caché del proxy y cualquier caché aguas abajo con contenido de una fuente arbitraria. Cuando es configurado para un análisis de encabezado relajado (el valor predeterminado), Squid transmite encabezados que contienen caracteres de espacio en blanco hacia los servidores aguas arriba. Cuando esto ocurre como un prefijo en un encabezado Content-Length, Squid ignorará la longitud de trama especificada (permitiendo usar una longitud conflictiva desde otro encabezado Content-Length) pero se retransmitirá aguas arriba", }, ], id: "CVE-2020-15810", lastModified: "2024-11-21T05:06:13.550", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-09-02T17:15:11.627", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html", }, { source: "cve@mitre.org", tags: [ "Mitigation", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-3365-q9qx-f98m", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMTFLVB7GLRF2CKGFPZ4G4R5DIIPHWI3/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210219-0007/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210226-0006/", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "https://security.netapp.com/advisory/ntap-20210226-0007/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4477-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4551-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4751", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-3365-q9qx-f98m", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMTFLVB7GLRF2CKGFPZ4G4R5DIIPHWI3/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210219-0007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210226-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://security.netapp.com/advisory/ntap-20210226-0007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4477-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4551-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4751", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-444", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-05-28 12:15
Modified
2024-11-21 06:09
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 | |
| debian | debian_linux | 9.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "32AC0EE8-444B-447A-98E9-C22F82A6203C", versionEndExcluding: "4.15", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "68801A75-0B13-444A-B88F-8BDD4EE953D3", versionEndExcluding: "5.0.6", versionStartIncluding: "5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server.", }, { lang: "es", value: "Squid versiones anteriores a 4.15 y versiones 5.x anteriores a 5.0.6, permite a servidores remotos causar una denegación de servicio (afectando la disponibilidad para todos los clientes) por medio de una respuesta HTTP. El desencadenante del problema es un encabezado que puede esperarse que se presente en el tráfico HTTP sin ninguna intención maliciosa por parte del servidor", }, ], id: "CVE-2021-33620", lastModified: "2024-11-21T06:09:12.380", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "cve@mitre.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-05-28T12:15:07.697", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2023/Oct/14", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/10/11/3", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-1e05a85bd28c22c9ca5d3ac9f5e86d6269ec0a8c.patch", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v5/changesets/squid-5-8af775ed98bfd610f9ce762fe177e01b2675588c.patch", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-572g-rvwr-6c7f", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2023/Oct/14", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/10/11/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-1e05a85bd28c22c9ca5d3ac9f5e86d6269ec0a8c.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v5/changesets/squid-5-8af775ed98bfd610f9ce762fe177e01b2675588c.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-572g-rvwr-6c7f", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-05-10 19:59
Modified
2024-11-21 02:52
Severity ?
Summary
Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:*:*:*:*:*:*", matchCriteriaId: "62B9F669-6217-498A-902E-22EDEEFC565E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1:*:*:*:*:*:*:*", matchCriteriaId: "6A8586AD-E820-4BAE-AAF9-AC7EF2316C06", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "802E3D2B-90B7-4725-854F-4174116BC314", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "7501697A-BCFD-4DC3-8D87-CC9A186D9589", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "0D6C4455-85F4-462D-9FF6-F830ED7D398E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "B600BF4C-8169-4086-BFE6-F066BE5F5406", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "46272D1B-1468-48C0-B37A-7D06FAC39C47", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.6:*:*:*:*:*:*:*", matchCriteriaId: "DA782B4B-486F-4197-BD5D-ABF791D57211", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.7:*:*:*:*:*:*:*", matchCriteriaId: "558D8641-E097-4D91-9B6E-07433844BB82", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.8:*:*:*:*:*:*:*", matchCriteriaId: "0B46F5F1-38FC-4E25-8F04-CA2730561DF8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.9:*:*:*:*:*:*:*", matchCriteriaId: "C69B0A4D-9619-4BEA-A846-C4438C2660F2", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.10:*:*:*:*:*:*:*", matchCriteriaId: "ED17FE35-6B2C-41BF-A7C7-2EECBDB5A934", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.11:*:*:*:*:*:*:*", matchCriteriaId: "78A50750-3A31-482C-B95C-019C8934850E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.12:*:*:*:*:*:*:*", matchCriteriaId: "8FF6AC30-9570-4D4B-835E-CCADEB546F46", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.13:*:*:*:*:*:*:*", matchCriteriaId: "7FB84E4E-6A0A-41C8-9DDF-3C18F526F155", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.14:*:*:*:*:*:*:*", matchCriteriaId: "2E49E5C3-D01F-4DBC-B33A-5495D3EC44F8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.15:*:*:*:*:*:*:*", matchCriteriaId: "79C53B22-9F33-43E7-8D1F-EEB0DEF4B503", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.16:*:*:*:*:*:*:*", matchCriteriaId: "25B60DB2-F50C-42F0-B6C9-B25C34B8F578", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.17:*:*:*:*:*:*:*", matchCriteriaId: "DE973F9E-8387-464F-AFA0-25215B340173", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.18:*:*:*:*:*:*:*", matchCriteriaId: "03D3F0E3-0C50-4A86-87F4-90FC82B312F5", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "CE26BEC0-B9C7-43F0-B0FB-E81870170B29", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "D0778579-A193-4C61-BB1A-6D2E733F3958", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "9ED5DC63-6E9D-4068-95DF-AF8FD9A0A7ED", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.4:*:*:*:*:*:*:*", matchCriteriaId: "8DE890F9-12C0-4D66-B6C1-6A5A87FAD5F0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.5:*:*:*:*:*:*:*", matchCriteriaId: "FB414FE3-3567-474B-B5A7-D3EF5DD63AB8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "AF450F17-12A2-4E33-875A-5F3C2CA4A5C1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.6:*:*:*:*:*:*:*", matchCriteriaId: "E3AB229E-2C32-410B-BFE2-62DCA734C3F3", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "78A6D6B0-9BC0-418E-84EE-23697A0FEC19", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.8:*:*:*:*:*:*:*", matchCriteriaId: "5BF7AFE1-A45A-43B7-B3C7-45C060D046BC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.9:*:*:*:*:*:*:*", matchCriteriaId: "41914354-D5BE-4B1F-BED3-0ECA43586537", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.10:*:*:*:*:*:*:*", matchCriteriaId: "AE9A3716-8670-4847-A6EB-F601184D369E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.11:*:*:*:*:*:*:*", matchCriteriaId: "D0E88EE3-EC00-4F1F-BAEF-4F1F893C5C5F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.12:*:*:*:*:*:*:*", matchCriteriaId: "A330DFA8-BF79-45CC-BF88-6CEA26D7BC9E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.12.1:*:*:*:*:*:*:*", matchCriteriaId: "0B218819-0975-4E1F-8F6C-D666655937B0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.12.2:*:*:*:*:*:*:*", matchCriteriaId: "594A05FF-E5D2-4132-BF03-44D6866D8133", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.12.3:*:*:*:*:*:*:*", matchCriteriaId: "3B22C192-02F2-4AD4-A305-BADCC09E8075", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.13:*:*:*:*:*:*:*", matchCriteriaId: "679A55F8-34B4-435A-8BCE-8F842F3FB269", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.14:*:*:*:*:*:*:*", matchCriteriaId: "898674F9-6BF7-469F-A74E-558EAFC2CD27", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.15:*:*:*:*:*:*:*", matchCriteriaId: "3F50E718-1CF2-4C8F-A1EA-5F769B203B8A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.16:*:*:*:*:*:*:*", matchCriteriaId: "290D66F4-D27F-4E86-AC95-05082F3C2E36", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.17:*:*:*:*:*:*:*", matchCriteriaId: "A8CD6A42-2C79-48EB-8F6C-0A7CE0C6AAAA", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.18:*:*:*:*:*:*:*", matchCriteriaId: "ABBA9A61-2B05-4527-A49D-425AD5FD863B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.19:*:*:*:*:*:*:*", matchCriteriaId: "E893D7A8-9C39-438C-8EF2-9573EEDC884A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.20:*:*:*:*:*:*:*", matchCriteriaId: "0B707451-BF0E-4F79-A348-B1141ABA6EF8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.21:*:*:*:*:*:*:*", matchCriteriaId: "810AAA9D-F4B2-4F0A-89DD-2D9378516481", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.22:*:*:*:*:*:*:*", matchCriteriaId: "516F3F77-3AEA-489D-A36F-C502B4D9BF01", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "6DFAB3BA-BBE9-4CFB-BE6B-BDF3E7772E7F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "C9F523B8-463E-4FB0-ACB6-E36AAAF85CD9", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*", matchCriteriaId: "5BA593D9-907D-4051-A3F2-0F88F01A7C79", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "20D2B364-B98A-4484-A10A-86AF43774096", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*", matchCriteriaId: "0B7BF076-0D43-407A-86DC-D1163922A787", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*", matchCriteriaId: "AA576F49-A7F5-4013-89DF-F6C91C15B547", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*", matchCriteriaId: "5D3F52FE-FFB3-4221-8DC7-3F5680A07429", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*", matchCriteriaId: "604FEF42-ABA7-42C1-8A5F-C3AECFD68481", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*", matchCriteriaId: "DC2568C1-89CB-41C1-9126-A8665614D0B1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*", matchCriteriaId: "C18B5392-3FDB-49E6-89DB-7945D337FBFB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*", matchCriteriaId: "BA9E0E7F-E93C-4DE9-8D91-5EE50BCFAC2A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.12:*:*:*:*:*:*:*", matchCriteriaId: "0BFF9D8B-343B-415D-8AF8-B07AF94CC48B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.13:*:*:*:*:*:*:*", matchCriteriaId: "16F5794B-BBFB-4B12-9A0B-88A0334681C7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.14:*:*:*:*:*:*:*", matchCriteriaId: "17D0083E-8D50-4DC6-979F-685D5CB588AF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.15:*:*:*:*:*:*:*", matchCriteriaId: "138FAD73-1D25-4F46-B9EA-599FF0EDA1AA", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.16:*:*:*:*:*:*:*", matchCriteriaId: "2CE34DC1-F654-474E-B6A3-D81B9BF4D6CF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.17:*:*:*:*:*:*:*", matchCriteriaId: "8A4BF7AC-7D9F-40D8-A5AA-BE1EBF37CF96", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.18:*:*:*:*:*:*:*", matchCriteriaId: "643E8B9B-C3F4-4171-BF67-D9359BDCE5CB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.19:*:*:*:*:*:*:*", matchCriteriaId: "A73CBC60-1EF1-4730-9350-EB51F269695B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.1:*:*:*:*:*:*:*", matchCriteriaId: "2721E403-A553-492F-897F-1CD1E2685139", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.2:*:*:*:*:*:*:*", matchCriteriaId: "85B091C4-8104-4A1E-A09D-EBCD114DC829", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.3:*:*:*:*:*:*:*", matchCriteriaId: "FA2EDF9C-45AD-4980-8DEF-C7F473B22CAF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.4:*:*:*:*:*:*:*", matchCriteriaId: "BE4B8448-49FA-491C-A6A2-040233D670B1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.5:*:*:*:*:*:*:*", matchCriteriaId: "11480BB1-874C-48EB-BB03-081313310608", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.6:*:*:*:*:*:*:*", matchCriteriaId: "1B739890-99E8-434C-97D4-3739E6C31838", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.7:*:*:*:*:*:*:*", matchCriteriaId: "0C7B1871-3C85-4B88-AB42-E60BF5CDFB04", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0A71DCD2-0E54-46A7-8309-CDB0736AD5C1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.9:*:*:*:*:*:*:*", matchCriteriaId: "CD54BDDF-F7A8-4715-BA0E-4E7F741492FE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.10:*:*:*:*:*:*:*", matchCriteriaId: "9A2B9699-6622-4883-BA03-E3374C54871A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.11:*:*:*:*:*:*:*", matchCriteriaId: "78391DAF-2096-4DC4-80E4-D4D2859DCA32", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.12:*:*:*:*:*:*:*", matchCriteriaId: "9B062A06-31C1-4B23-B7BD-9F751ABD6A37", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.13:*:*:*:*:*:*:*", matchCriteriaId: "DE426934-A9E2-4019-99EA-5A76EA7CDF5C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0:*:*:*:*:*:*:*", matchCriteriaId: "728DD64E-C267-475A-BEA8-C139581DD7A7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A7A83183-74B1-4041-A961-D9F382AAC7E5", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "4CE8F3F5-45A2-418A-9D8E-4E6DFC888BC6", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "7F4845D4-40D9-431E-A63C-E949B9D9F959", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.1:*:*:*:*:*:*:*", matchCriteriaId: "9EF070E6-0B73-4F6D-8932-B284697FCD2E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.2:*:*:*:*:*:*:*", matchCriteriaId: "6E07992B-92B4-4307-8DBD-085376C1D6DD", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.3:*:*:*:*:*:*:*", matchCriteriaId: "386550A3-A55B-4F24-9625-6A50260ADA72", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.4:*:*:*:*:*:*:*", matchCriteriaId: "810D1F9E-81E5-45F0-B62B-AB0A797FF8B0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.5:*:*:*:*:*:*:*", matchCriteriaId: "4673327A-1E50-47CC-AD83-6A3D2E687292", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.6:*:*:*:*:*:*:*", matchCriteriaId: "6624AF2D-9EF0-4597-B8B2-20D7A309EA6F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.7:*:*:*:*:*:*:*", matchCriteriaId: "E9F75D13-ED59-42A9-A662-AC77DBA20903", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.8:*:*:*:*:*:*:*", matchCriteriaId: "1D2DEDED-818C-42E4-821C-954CE7406DA8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.9:*:*:*:*:*:*:*", matchCriteriaId: "EEED0A2E-AA5D-4835-A7C6-499325A0EB32", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.10:*:*:*:*:*:*:*", matchCriteriaId: "BEDD0AF5-8252-4548-941B-26581393E918", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.11:*:*:*:*:*:*:*", matchCriteriaId: "3E939AD4-B8F3-4BC0-9948-3C92B88D2593", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.12:*:*:*:*:*:*:*", matchCriteriaId: "73CAD438-969B-4D2E-8A2F-9264AFAD9DE2", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.13:*:*:*:*:*:*:*", matchCriteriaId: "87259A2E-E132-45BA-8AC4-8CC50B1F659A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.14:*:*:*:*:*:*:*", matchCriteriaId: "76245991-1D91-4475-87E1-FBB77A1B3CDF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "1DD85E57-9A51-42DF-8BF7-E5701BAA64AE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.2:*:*:*:*:*:*:*", matchCriteriaId: "E983C5C3-C93C-4750-8DC5-31D6206335A8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DEC8D212-6E8B-45F7-B7FB-9FFA64C1DB8F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.1:*:*:*:*:*:*:*", matchCriteriaId: "F03B2A6E-1D63-42F2-BB31-18EC120B6543", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.2:*:*:*:*:*:*:*", matchCriteriaId: "3BC83C4B-7C06-40D7-9EF6-76E752E5724B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.3:*:*:*:*:*:*:*", matchCriteriaId: "5C1E1CC9-81A7-47D5-87AC-86703E257D29", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.4:*:*:*:*:*:*:*", matchCriteriaId: "D716D8C4-2089-4E61-9487-B2085B74B5BF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.4.1:*:*:*:*:*:*:*", matchCriteriaId: "1BBC5AAD-34E1-48A5-972A-A09D66EFE825", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.4.2:*:*:*:*:*:*:*", matchCriteriaId: "79E26DC8-1030-4F3F-96B9-6BF159D86FCE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.8:*:*:*:*:*:*:*", matchCriteriaId: "40507A48-FD3B-4309-B017-A1644C5C3520", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.9:*:*:*:*:*:*:*", matchCriteriaId: "0211EBCA-144F-4BDD-8F0C-E5F7BDF96E7A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.10:*:*:*:*:*:*:*", matchCriteriaId: "7A52E699-6C08-4324-AD38-E8D40A02701F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.11:*:*:*:*:*:*:*", matchCriteriaId: "94C493CA-CBF0-4D15-8D1A-0E972E31F7A6", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.12:*:*:*:*:*:*:*", matchCriteriaId: "C398219E-503D-4DE5-85E8-5570536D6FB9", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.13:*:*:*:*:*:*:*", matchCriteriaId: "BBF91088-0BD3-48EB-8D19-C05F156D4A19", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.14:*:*:*:*:*:*:*", matchCriteriaId: "3441D193-DA62-4AC1-8E50-3AEEF8C659F3", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.1:*:*:*:*:*:*:*", matchCriteriaId: "E0868B12-EDF9-42D9-BB43-15F623A3310B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.2:*:*:*:*:*:*:*", matchCriteriaId: "F710949D-F0FE-43F4-ADB3-6EB679A70280", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DCB75144-2437-40A8-8CA3-A487B603F7DE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.4:*:*:*:*:*:*:*", matchCriteriaId: "6CED2CB3-BE78-4818-A6D7-847A1ACE74DC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.1:*:*:*:*:*:*:*", matchCriteriaId: "705D8320-A278-483A-AE47-802044CE685E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.2:*:*:*:*:*:*:*", matchCriteriaId: "715634E1-F7BE-4106-BDA7-B7D147EEA800", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.3:*:*:*:*:*:*:*", matchCriteriaId: "21E9E155-FC6F-46E7-8BF7-65DF097409D3", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.4:*:*:*:*:*:*:*", matchCriteriaId: "CF72FA7A-E35D-4000-9DDA-71E55EA3A4D4", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.5:*:*:*:*:*:*:*", matchCriteriaId: "26A3F10F-938E-44D6-845D-B66EF9812C21", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.6:*:*:*:*:*:*:*", matchCriteriaId: "B1D82EEE-F65E-4657-B0F7-6CE33D219134", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.7:*:*:*:*:*:*:*", matchCriteriaId: "C9E6A845-B67C-4112-8240-9F61D6AF3B0D", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.8:*:*:*:*:*:*:*", matchCriteriaId: "4BEDD7E3-E263-4A09-9C11-3E008E01BC28", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.9:*:*:*:*:*:*:*", matchCriteriaId: "80E3FF16-A6CD-456C-B58A-381A75D8616C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.10:*:*:*:*:*:*:*", matchCriteriaId: "87D02AB2-AA26-4416-B689-02C5EEF2099C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.11:*:*:*:*:*:*:*", matchCriteriaId: "A134E1F1-AFCC-498B-8840-5884CF858769", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.12:*:*:*:*:*:*:*", matchCriteriaId: "D5F4E7D0-B6F4-476E-A011-55619E91A3B0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.13:*:*:*:*:*:*:*", matchCriteriaId: "95588755-27E8-4DB7-B865-A784D3638FE8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.14:*:*:*:*:*:*:*", matchCriteriaId: "2CD4DDBC-4243-459A-B43D-FF8F0AE0BA3C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.15:*:*:*:*:*:*:*", matchCriteriaId: "0F90E11F-FC03-46D9-A9C4-A578196D59D8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.16:*:*:*:*:*:*:*", matchCriteriaId: "EDC9BEE2-D7E4-4192-963C-E9F2364FC8CE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.17:*:*:*:*:*:*:*", matchCriteriaId: "CA0BDDAD-2912-480F-8911-8FF94E1A7415", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "060FCBEA-DEAA-42FB-88C9-4B78136B172F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.2:*:*:*:*:*:*:*", matchCriteriaId: "74987102-8CA8-4120-B686-F18579A96A46", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DA7828AA-48B6-44CD-8507-345A4F0A25BC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.4:*:*:*:*:*:*:*", matchCriteriaId: "6640F25F-CC8B-4B05-A97A-2186BD0B5ED8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.5:*:*:*:*:*:*:*", matchCriteriaId: "A037F780-6FC9-4130-908F-B5434FA0C7DE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.6:*:*:*:*:*:*:*", matchCriteriaId: "1DDEB455-F082-44E4-8CEA-019C0084BF05", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.7:*:*:*:*:*:*:*", matchCriteriaId: "49555803-288E-4B0A-B12A-890E5E0AD05F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.8:*:*:*:*:*:*:*", matchCriteriaId: "EBEE374C-365E-49DE-A9F9-6083044C774D", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.9:*:*:*:*:*:*:*", matchCriteriaId: "1B6B2A8E-DD81-43CD-9F5B-E8F87498E513", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*", matchCriteriaId: "CC7A498A-A669-4C42-8134-86103C799D13", vulnerable: true, }, { criteria: "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", matchCriteriaId: "104DA87B-DEE4-4262-AE50-8E6BC43B228B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", matchCriteriaId: "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", matchCriteriaId: "E88A537F-F4D0-46B9-9E37-965233C2A355", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response.", }, { lang: "es", value: "Vulnerabilidad de liberación doble de memoria en Esi.cc en Squid 3.x en versiones anteriores a 3.5.18 y 4.x en versiones anteriores a 4.0.10 permite a servidores remotos provocar una denegación de servicio (caída) a través de una respuesta Edge Side Includes (ESI) manipulada.", }, ], evaluatorComment: "<a href=\"http://cwe.mitre.org/data/definitions/415.html\">CWE-415: Double Free</a>", id: "CVE-2016-4556", lastModified: "2024-11-21T02:52:28.533", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-05-10T19:59:03.387", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2016/dsa-3625", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/05/06/3", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/05/06/5", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.securitytracker.com/id/1035770", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_9.txt", }, { source: "cve@mitre.org", url: "http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_9.patch", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_9.patch", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2995-1", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2016:1138", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2016:1139", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2016:1140", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/201607-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2016/dsa-3625", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/05/06/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/05/06/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.securitytracker.com/id/1035770", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_9.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_9.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_9.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2995-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:1138", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:1139", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:1140", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/201607-01", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-04-25 14:59
Modified
2024-11-21 02:51
Severity ?
Summary
Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", matchCriteriaId: "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", matchCriteriaId: "E88A537F-F4D0-46B9-9E37-965233C2A355", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:*:*:*:*:*:*", matchCriteriaId: "62B9F669-6217-498A-902E-22EDEEFC565E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1:*:*:*:*:*:*:*", matchCriteriaId: "6A8586AD-E820-4BAE-AAF9-AC7EF2316C06", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "802E3D2B-90B7-4725-854F-4174116BC314", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "7501697A-BCFD-4DC3-8D87-CC9A186D9589", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "0D6C4455-85F4-462D-9FF6-F830ED7D398E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "B600BF4C-8169-4086-BFE6-F066BE5F5406", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "46272D1B-1468-48C0-B37A-7D06FAC39C47", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.6:*:*:*:*:*:*:*", matchCriteriaId: "DA782B4B-486F-4197-BD5D-ABF791D57211", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.7:*:*:*:*:*:*:*", matchCriteriaId: "558D8641-E097-4D91-9B6E-07433844BB82", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.8:*:*:*:*:*:*:*", matchCriteriaId: "0B46F5F1-38FC-4E25-8F04-CA2730561DF8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.9:*:*:*:*:*:*:*", matchCriteriaId: "C69B0A4D-9619-4BEA-A846-C4438C2660F2", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.10:*:*:*:*:*:*:*", matchCriteriaId: "ED17FE35-6B2C-41BF-A7C7-2EECBDB5A934", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.11:*:*:*:*:*:*:*", matchCriteriaId: "78A50750-3A31-482C-B95C-019C8934850E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.12:*:*:*:*:*:*:*", matchCriteriaId: "8FF6AC30-9570-4D4B-835E-CCADEB546F46", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.13:*:*:*:*:*:*:*", matchCriteriaId: "7FB84E4E-6A0A-41C8-9DDF-3C18F526F155", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.14:*:*:*:*:*:*:*", matchCriteriaId: "2E49E5C3-D01F-4DBC-B33A-5495D3EC44F8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.15:*:*:*:*:*:*:*", matchCriteriaId: "79C53B22-9F33-43E7-8D1F-EEB0DEF4B503", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.16:*:*:*:*:*:*:*", matchCriteriaId: "25B60DB2-F50C-42F0-B6C9-B25C34B8F578", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.17:*:*:*:*:*:*:*", matchCriteriaId: "DE973F9E-8387-464F-AFA0-25215B340173", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.18:*:*:*:*:*:*:*", matchCriteriaId: "03D3F0E3-0C50-4A86-87F4-90FC82B312F5", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "CE26BEC0-B9C7-43F0-B0FB-E81870170B29", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "D0778579-A193-4C61-BB1A-6D2E733F3958", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "9ED5DC63-6E9D-4068-95DF-AF8FD9A0A7ED", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.4:*:*:*:*:*:*:*", matchCriteriaId: "8DE890F9-12C0-4D66-B6C1-6A5A87FAD5F0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.5:*:*:*:*:*:*:*", matchCriteriaId: "FB414FE3-3567-474B-B5A7-D3EF5DD63AB8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "AF450F17-12A2-4E33-875A-5F3C2CA4A5C1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.6:*:*:*:*:*:*:*", matchCriteriaId: "E3AB229E-2C32-410B-BFE2-62DCA734C3F3", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "78A6D6B0-9BC0-418E-84EE-23697A0FEC19", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.8:*:*:*:*:*:*:*", matchCriteriaId: "5BF7AFE1-A45A-43B7-B3C7-45C060D046BC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.9:*:*:*:*:*:*:*", matchCriteriaId: "41914354-D5BE-4B1F-BED3-0ECA43586537", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.10:*:*:*:*:*:*:*", matchCriteriaId: "AE9A3716-8670-4847-A6EB-F601184D369E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.11:*:*:*:*:*:*:*", matchCriteriaId: "D0E88EE3-EC00-4F1F-BAEF-4F1F893C5C5F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.12:*:*:*:*:*:*:*", matchCriteriaId: "A330DFA8-BF79-45CC-BF88-6CEA26D7BC9E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.12.1:*:*:*:*:*:*:*", matchCriteriaId: "0B218819-0975-4E1F-8F6C-D666655937B0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.12.2:*:*:*:*:*:*:*", matchCriteriaId: "594A05FF-E5D2-4132-BF03-44D6866D8133", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.12.3:*:*:*:*:*:*:*", matchCriteriaId: "3B22C192-02F2-4AD4-A305-BADCC09E8075", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.13:*:*:*:*:*:*:*", matchCriteriaId: "679A55F8-34B4-435A-8BCE-8F842F3FB269", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.14:*:*:*:*:*:*:*", matchCriteriaId: "898674F9-6BF7-469F-A74E-558EAFC2CD27", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.15:*:*:*:*:*:*:*", matchCriteriaId: "3F50E718-1CF2-4C8F-A1EA-5F769B203B8A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.16:*:*:*:*:*:*:*", matchCriteriaId: "290D66F4-D27F-4E86-AC95-05082F3C2E36", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.17:*:*:*:*:*:*:*", matchCriteriaId: "A8CD6A42-2C79-48EB-8F6C-0A7CE0C6AAAA", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.18:*:*:*:*:*:*:*", matchCriteriaId: "ABBA9A61-2B05-4527-A49D-425AD5FD863B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.19:*:*:*:*:*:*:*", matchCriteriaId: "E893D7A8-9C39-438C-8EF2-9573EEDC884A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.20:*:*:*:*:*:*:*", matchCriteriaId: "0B707451-BF0E-4F79-A348-B1141ABA6EF8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.21:*:*:*:*:*:*:*", matchCriteriaId: "810AAA9D-F4B2-4F0A-89DD-2D9378516481", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.22:*:*:*:*:*:*:*", matchCriteriaId: "516F3F77-3AEA-489D-A36F-C502B4D9BF01", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "6DFAB3BA-BBE9-4CFB-BE6B-BDF3E7772E7F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "C9F523B8-463E-4FB0-ACB6-E36AAAF85CD9", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*", matchCriteriaId: "5BA593D9-907D-4051-A3F2-0F88F01A7C79", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "20D2B364-B98A-4484-A10A-86AF43774096", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*", matchCriteriaId: "0B7BF076-0D43-407A-86DC-D1163922A787", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*", matchCriteriaId: "AA576F49-A7F5-4013-89DF-F6C91C15B547", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*", matchCriteriaId: "5D3F52FE-FFB3-4221-8DC7-3F5680A07429", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*", matchCriteriaId: "604FEF42-ABA7-42C1-8A5F-C3AECFD68481", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*", matchCriteriaId: "DC2568C1-89CB-41C1-9126-A8665614D0B1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*", matchCriteriaId: "C18B5392-3FDB-49E6-89DB-7945D337FBFB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*", matchCriteriaId: "BA9E0E7F-E93C-4DE9-8D91-5EE50BCFAC2A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.12:*:*:*:*:*:*:*", matchCriteriaId: "0BFF9D8B-343B-415D-8AF8-B07AF94CC48B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.13:*:*:*:*:*:*:*", matchCriteriaId: "16F5794B-BBFB-4B12-9A0B-88A0334681C7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.14:*:*:*:*:*:*:*", matchCriteriaId: "17D0083E-8D50-4DC6-979F-685D5CB588AF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.15:*:*:*:*:*:*:*", matchCriteriaId: "138FAD73-1D25-4F46-B9EA-599FF0EDA1AA", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.16:*:*:*:*:*:*:*", matchCriteriaId: "2CE34DC1-F654-474E-B6A3-D81B9BF4D6CF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.17:*:*:*:*:*:*:*", matchCriteriaId: "8A4BF7AC-7D9F-40D8-A5AA-BE1EBF37CF96", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.18:*:*:*:*:*:*:*", matchCriteriaId: "643E8B9B-C3F4-4171-BF67-D9359BDCE5CB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.19:*:*:*:*:*:*:*", matchCriteriaId: "A73CBC60-1EF1-4730-9350-EB51F269695B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.1:*:*:*:*:*:*:*", matchCriteriaId: "2721E403-A553-492F-897F-1CD1E2685139", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.2:*:*:*:*:*:*:*", matchCriteriaId: "85B091C4-8104-4A1E-A09D-EBCD114DC829", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.3:*:*:*:*:*:*:*", matchCriteriaId: "FA2EDF9C-45AD-4980-8DEF-C7F473B22CAF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.4:*:*:*:*:*:*:*", matchCriteriaId: "BE4B8448-49FA-491C-A6A2-040233D670B1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.5:*:*:*:*:*:*:*", matchCriteriaId: "11480BB1-874C-48EB-BB03-081313310608", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.6:*:*:*:*:*:*:*", matchCriteriaId: "1B739890-99E8-434C-97D4-3739E6C31838", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.7:*:*:*:*:*:*:*", matchCriteriaId: "0C7B1871-3C85-4B88-AB42-E60BF5CDFB04", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0A71DCD2-0E54-46A7-8309-CDB0736AD5C1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.9:*:*:*:*:*:*:*", matchCriteriaId: "CD54BDDF-F7A8-4715-BA0E-4E7F741492FE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.10:*:*:*:*:*:*:*", matchCriteriaId: "9A2B9699-6622-4883-BA03-E3374C54871A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.11:*:*:*:*:*:*:*", matchCriteriaId: "78391DAF-2096-4DC4-80E4-D4D2859DCA32", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.12:*:*:*:*:*:*:*", matchCriteriaId: "9B062A06-31C1-4B23-B7BD-9F751ABD6A37", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.13:*:*:*:*:*:*:*", matchCriteriaId: "DE426934-A9E2-4019-99EA-5A76EA7CDF5C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0:*:*:*:*:*:*:*", matchCriteriaId: "728DD64E-C267-475A-BEA8-C139581DD7A7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A7A83183-74B1-4041-A961-D9F382AAC7E5", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "4CE8F3F5-45A2-418A-9D8E-4E6DFC888BC6", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "7F4845D4-40D9-431E-A63C-E949B9D9F959", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.1:*:*:*:*:*:*:*", matchCriteriaId: "9EF070E6-0B73-4F6D-8932-B284697FCD2E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.2:*:*:*:*:*:*:*", matchCriteriaId: "6E07992B-92B4-4307-8DBD-085376C1D6DD", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.3:*:*:*:*:*:*:*", matchCriteriaId: "386550A3-A55B-4F24-9625-6A50260ADA72", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.4:*:*:*:*:*:*:*", matchCriteriaId: "810D1F9E-81E5-45F0-B62B-AB0A797FF8B0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.5:*:*:*:*:*:*:*", matchCriteriaId: "4673327A-1E50-47CC-AD83-6A3D2E687292", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.6:*:*:*:*:*:*:*", matchCriteriaId: "6624AF2D-9EF0-4597-B8B2-20D7A309EA6F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.7:*:*:*:*:*:*:*", matchCriteriaId: "E9F75D13-ED59-42A9-A662-AC77DBA20903", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.8:*:*:*:*:*:*:*", matchCriteriaId: "1D2DEDED-818C-42E4-821C-954CE7406DA8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.9:*:*:*:*:*:*:*", matchCriteriaId: "EEED0A2E-AA5D-4835-A7C6-499325A0EB32", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.10:*:*:*:*:*:*:*", matchCriteriaId: "BEDD0AF5-8252-4548-941B-26581393E918", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.11:*:*:*:*:*:*:*", matchCriteriaId: "3E939AD4-B8F3-4BC0-9948-3C92B88D2593", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.12:*:*:*:*:*:*:*", matchCriteriaId: "73CAD438-969B-4D2E-8A2F-9264AFAD9DE2", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.13:*:*:*:*:*:*:*", matchCriteriaId: "87259A2E-E132-45BA-8AC4-8CC50B1F659A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.14:*:*:*:*:*:*:*", matchCriteriaId: "76245991-1D91-4475-87E1-FBB77A1B3CDF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "1DD85E57-9A51-42DF-8BF7-E5701BAA64AE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.2:*:*:*:*:*:*:*", matchCriteriaId: "E983C5C3-C93C-4750-8DC5-31D6206335A8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DEC8D212-6E8B-45F7-B7FB-9FFA64C1DB8F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.1:*:*:*:*:*:*:*", matchCriteriaId: "F03B2A6E-1D63-42F2-BB31-18EC120B6543", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.2:*:*:*:*:*:*:*", matchCriteriaId: "3BC83C4B-7C06-40D7-9EF6-76E752E5724B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.3:*:*:*:*:*:*:*", matchCriteriaId: "5C1E1CC9-81A7-47D5-87AC-86703E257D29", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.4:*:*:*:*:*:*:*", matchCriteriaId: "D716D8C4-2089-4E61-9487-B2085B74B5BF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.4.1:*:*:*:*:*:*:*", matchCriteriaId: "1BBC5AAD-34E1-48A5-972A-A09D66EFE825", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.4.2:*:*:*:*:*:*:*", matchCriteriaId: "79E26DC8-1030-4F3F-96B9-6BF159D86FCE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.8:*:*:*:*:*:*:*", matchCriteriaId: "40507A48-FD3B-4309-B017-A1644C5C3520", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.9:*:*:*:*:*:*:*", matchCriteriaId: "0211EBCA-144F-4BDD-8F0C-E5F7BDF96E7A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.10:*:*:*:*:*:*:*", matchCriteriaId: "7A52E699-6C08-4324-AD38-E8D40A02701F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.11:*:*:*:*:*:*:*", matchCriteriaId: "94C493CA-CBF0-4D15-8D1A-0E972E31F7A6", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.12:*:*:*:*:*:*:*", matchCriteriaId: "C398219E-503D-4DE5-85E8-5570536D6FB9", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.13:*:*:*:*:*:*:*", matchCriteriaId: "BBF91088-0BD3-48EB-8D19-C05F156D4A19", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.14:*:*:*:*:*:*:*", matchCriteriaId: "3441D193-DA62-4AC1-8E50-3AEEF8C659F3", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.1:*:*:*:*:*:*:*", matchCriteriaId: "E0868B12-EDF9-42D9-BB43-15F623A3310B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.2:*:*:*:*:*:*:*", matchCriteriaId: "F710949D-F0FE-43F4-ADB3-6EB679A70280", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DCB75144-2437-40A8-8CA3-A487B603F7DE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.4:*:*:*:*:*:*:*", matchCriteriaId: "6CED2CB3-BE78-4818-A6D7-847A1ACE74DC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.1:*:*:*:*:*:*:*", matchCriteriaId: "705D8320-A278-483A-AE47-802044CE685E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.2:*:*:*:*:*:*:*", matchCriteriaId: "715634E1-F7BE-4106-BDA7-B7D147EEA800", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.3:*:*:*:*:*:*:*", matchCriteriaId: "21E9E155-FC6F-46E7-8BF7-65DF097409D3", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.4:*:*:*:*:*:*:*", matchCriteriaId: "CF72FA7A-E35D-4000-9DDA-71E55EA3A4D4", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.5:*:*:*:*:*:*:*", matchCriteriaId: "26A3F10F-938E-44D6-845D-B66EF9812C21", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.6:*:*:*:*:*:*:*", matchCriteriaId: "B1D82EEE-F65E-4657-B0F7-6CE33D219134", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.7:*:*:*:*:*:*:*", matchCriteriaId: "C9E6A845-B67C-4112-8240-9F61D6AF3B0D", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.8:*:*:*:*:*:*:*", matchCriteriaId: "4BEDD7E3-E263-4A09-9C11-3E008E01BC28", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.9:*:*:*:*:*:*:*", matchCriteriaId: "80E3FF16-A6CD-456C-B58A-381A75D8616C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.10:*:*:*:*:*:*:*", matchCriteriaId: "87D02AB2-AA26-4416-B689-02C5EEF2099C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.11:*:*:*:*:*:*:*", matchCriteriaId: "A134E1F1-AFCC-498B-8840-5884CF858769", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.12:*:*:*:*:*:*:*", matchCriteriaId: "D5F4E7D0-B6F4-476E-A011-55619E91A3B0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.13:*:*:*:*:*:*:*", matchCriteriaId: "95588755-27E8-4DB7-B865-A784D3638FE8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.14:*:*:*:*:*:*:*", matchCriteriaId: "2CD4DDBC-4243-459A-B43D-FF8F0AE0BA3C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.15:*:*:*:*:*:*:*", matchCriteriaId: "0F90E11F-FC03-46D9-A9C4-A578196D59D8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.16:*:*:*:*:*:*:*", matchCriteriaId: "EDC9BEE2-D7E4-4192-963C-E9F2364FC8CE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "060FCBEA-DEAA-42FB-88C9-4B78136B172F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.2:*:*:*:*:*:*:*", matchCriteriaId: "74987102-8CA8-4120-B686-F18579A96A46", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DA7828AA-48B6-44CD-8507-345A4F0A25BC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.4:*:*:*:*:*:*:*", matchCriteriaId: "6640F25F-CC8B-4B05-A97A-2186BD0B5ED8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.5:*:*:*:*:*:*:*", matchCriteriaId: "A037F780-6FC9-4130-908F-B5434FA0C7DE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.6:*:*:*:*:*:*:*", matchCriteriaId: "1DDEB455-F082-44E4-8CEA-019C0084BF05", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.7:*:*:*:*:*:*:*", matchCriteriaId: "49555803-288E-4B0A-B12A-890E5E0AD05F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.8:*:*:*:*:*:*:*", matchCriteriaId: "EBEE374C-365E-49DE-A9F9-6083044C774D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*", matchCriteriaId: "CC7A498A-A669-4C42-8134-86103C799D13", vulnerable: true, }, { criteria: "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", matchCriteriaId: "104DA87B-DEE4-4262-AE50-8E6BC43B228B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses.", }, { lang: "es", value: "Desbordamiento de buffer en Squid 3.x en versiones anteriores a 3.5.17 y 4.x en versiones anteriores a 4.0.9 permite a atacantes remotos ejecutar código arbitrario a través de respuestas Edge Side Includes (ESI) manipuladas.", }, ], id: "CVE-2016-4054", lastModified: "2024-11-21T02:51:15.140", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-04-25T14:59:05.487", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2016/dsa-3625", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/04/20/6", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/04/20/9", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/86788", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1035647", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_6.txt", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2995-1", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2016:1138", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2016:1139", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2016:1140", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/201607-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2016/dsa-3625", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/04/20/6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/04/20/9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/86788", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1035647", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_6.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2995-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:1138", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:1139", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:1140", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/201607-01", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-06-30 18:15
Modified
2024-11-21 05:04
Severity ?
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an uncommon shell whitespace character prefix to the length field-value.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| fedoraproject | fedora | 31 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "357FB8EB-55D7-40D8-918A-F8F2C1B6182A", versionEndIncluding: "2.6", versionStartIncluding: "2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "E3828B8E-1FF7-4707-BB24-6C7CABC37362", versionEndIncluding: "3.5.28", versionStartIncluding: "3.1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "C3430B4A-4E1E-438D-9C84-4CFED6A3F023", versionEndExcluding: "4.12", versionStartIncluding: "4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "137B599B-80D1-4903-8791-40F11BC3FCD9", versionEndExcluding: "5.0.3", versionStartIncluding: "5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:*:*:*:*:*:*:*", matchCriteriaId: "35C30CB9-FA3A-408D-A8B0-8805E75657BE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable2:*:*:*:*:*:*", matchCriteriaId: "EFBB466C-C679-4B4B-87C2-E7853E5B3F04", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable3:*:*:*:*:*:*", matchCriteriaId: "A03692DD-779F-4E3C-861C-29943870A816", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable4:*:*:*:*:*:*", matchCriteriaId: "79FF6B3C-A3CE-4AA2-80F9-44D05A6B2F08", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable5:*:*:*:*:*:*", matchCriteriaId: "3CF6E367-D33B-4B60-8C40-4618C47D53E8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable6:*:*:*:*:*:*", matchCriteriaId: "0FA1F4FE-629C-4489-A13C-017A824C840F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable7:*:*:*:*:*:*", matchCriteriaId: "2479C5BF-94E1-4153-9FA3-333BC00F01D6", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable8:*:*:*:*:*:*", matchCriteriaId: "8ABFCCCC-7584-466E-97CC-6EBD3934A70E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable9:*:*:*:*:*:*", matchCriteriaId: "F17E49BF-FB11-4EE6-B6AC-30914F381B2F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing \"+\\ \"-\" or an uncommon shell whitespace character prefix to the length field-value.", }, { lang: "es", value: "Se detectó un problema en el archivo http/ContentLengthInterpreter.cc en Squid versiones anteriores a 4.12 y versiones 5.x anteriores a 5.0.3. Un ataque de Trafico No Autorizado de Peticiones y Envenenamiento puede tener éxito contra la memoria caché HTTP. El cliente envía una petición HTTP con un encabezado Content-Length que contiene \"+\\\"-\" o un prefijo del carácter espacio en blanco de shell poco común en el valor de campo de longitud", }, ], id: "CVE-2020-15049", lastModified: "2024-11-21T05:04:41.830", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.9, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.1, impactScore: 6, source: "cve@mitre.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-06-30T18:15:12.367", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-ea12a34d338b962707d5078d6d1fc7c6eb119a22.patch", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v5/changesets/squid-5-485c9a7bb1bba88754e07ad0094647ea57a6eb8d.patch", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-qf3v-rc95-96j5", }, { source: "cve@mitre.org", url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3RG5FGSTCAYVIJPJHIY3MRZ7NFT6HDO7/", }, { source: "cve@mitre.org", url: "https://security.netapp.com/advisory/ntap-20210312-0001/", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/4551-1/", }, { source: "cve@mitre.org", url: "https://www.debian.org/security/2020/dsa-4732", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-ea12a34d338b962707d5078d6d1fc7c6eb119a22.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v5/changesets/squid-5-485c9a7bb1bba88754e07ad0094647ea57a6eb8d.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-qf3v-rc95-96j5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3RG5FGSTCAYVIJPJHIY3MRZ7NFT6HDO7/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20210312-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/4551-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.debian.org/security/2020/dsa-4732", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-444", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-02-14 21:15
Modified
2025-01-09 13:51
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to perform Denial of Service when sending oversized headers in HTTP messages. In versions of Squid prior to 6.5 this can be achieved if the request_header_max_size or reply_header_max_size settings are unchanged from the default. In Squid version 6.5 and later, the default setting of these parameters is safe. Squid will emit a critical warning in cache.log if the administrator is setting these parameters to unsafe values. Squid will not at this time prevent these settings from being changed to unsafe values. Users are advised to upgrade to version 6.5. There are no known workarounds for this vulnerability. This issue is also tracked as SQUID-2024:2
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| netapp | bluexp | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "D809589D-9661-408B-9A8F-3B878B10518F", versionEndExcluding: "6.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:bluexp:-:*:*:*:*:*:*:*", matchCriteriaId: "FC1AE8BD-EE3F-494C-9F03-D4B2B7233106", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to perform Denial of Service when sending oversized headers in HTTP messages. In versions of Squid prior to 6.5 this can be achieved if the request_header_max_size or reply_header_max_size settings are unchanged from the default. In Squid version 6.5 and later, the default setting of these parameters is safe. Squid will emit a critical warning in cache.log if the administrator is setting these parameters to unsafe values. Squid will not at this time prevent these settings from being changed to unsafe values. Users are advised to upgrade to version 6.5. There are no known workarounds for this vulnerability. This issue is also tracked as SQUID-2024:2 ", }, { lang: "es", value: "Squid es un proxy de almacenamiento en caché de código abierto para la Web que admite HTTP, HTTPS, FTP y más. Debido a un error de colapso de datos en valor inseguro, Squid puede ser vulnerable a un ataque de denegación de servicio contra el análisis de encabezados HTTP. Este problema permite que un cliente remoto o un servidor remoto realice una Denegación de Servicio al enviar encabezados de gran tamaño en mensajes HTTP. En versiones de Squid anteriores a la 6.5, esto se puede lograr si las configuraciones request_header_max_size o Reply_header_max_size no se modifican con respecto a las predeterminadas. En la versión 6.5 y posteriores de Squid, la configuración predeterminada de estos parámetros es segura. Squid emitirá una advertencia crítica en cache.log si el administrador configura estos parámetros en valores no seguros. Squid no impedirá en este momento que estas configuraciones se cambien a valores inseguros. Se recomienda a los usuarios que actualicen a la versión 6.5. No se conocen workarounds para esta vulnerabilidad. Este problema también se rastrea como SQUID-2024:2", }, ], id: "CVE-2024-25617", lastModified: "2025-01-09T13:51:19.633", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-02-14T21:15:08.197", references: [ { source: "security-advisories@github.com", tags: [ "Vendor Advisory", ], url: "https://github.com/squid-cache/squid/commit/72a3bbd5e431597c3fdb56d752bc56b010ba3817", }, { source: "security-advisories@github.com", tags: [ "Mitigation", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-h5x6-w8mv-xfpr", }, { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://security.netapp.com/advisory/ntap-20240322-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/squid-cache/squid/commit/72a3bbd5e431597c3fdb56d752bc56b010ba3817", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-h5x6-w8mv-xfpr", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "Vendor Advisory", ], url: "https://security.netapp.com/advisory/ntap-20240322-0006/", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-182", }, { lang: "en", value: "CWE-400", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2010-09-20 21:00
Modified
2024-11-21 01:17
Severity ?
Summary
The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:*:*:*:*:*:*", matchCriteriaId: "62B9F669-6217-498A-902E-22EDEEFC565E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable1:*:*:*:*:*:*:*", matchCriteriaId: "047EDDD6-02F5-4B53-8FCA-781962392080", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable2:*:*:*:*:*:*:*", matchCriteriaId: "01AD43AB-40BF-449F-A121-A8587E7AE449", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable3:*:*:*:*:*:*:*", matchCriteriaId: "3942285D-E20C-45C5-9EF8-821F6D782CB8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable4:*:*:*:*:*:*:*", matchCriteriaId: "B3FDB45B-4D91-4427-9565-812919086E7E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable5:*:*:*:*:*:*:*", matchCriteriaId: "86C3C8B5-C2A3-4454-9F89-38A860278366", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable6:*:*:*:*:*:*:*", matchCriteriaId: "8B37B7B4-2EAC-4C2A-9526-5C62CBA1DB8B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable7:*:*:*:*:*:*:*", matchCriteriaId: "056EDEEE-A09C-47A2-9217-72E4B8387E00", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable8:*:*:*:*:*:*:*", matchCriteriaId: "2593CB12-03E2-4F98-9B89-C09D5EADE077", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable9:*:*:*:*:*:*:*", matchCriteriaId: "A44B7A4F-3070-4092-B9AF-3A1CD0897CC7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable10:*:*:*:*:*:*:*", matchCriteriaId: "EF79D9A9-9C11-4E6D-81D1-32CA8CA95223", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable11:*:*:*:*:*:*:*", matchCriteriaId: "042FE60B-7239-45C7-8EE3-A036AC7778F8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable11:rc1:*:*:*:*:*:*", matchCriteriaId: "FF5EE89A-720F-456A-BD26-FE46BBA29D9A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable12:*:*:*:*:*:*:*", matchCriteriaId: "ADF61A74-9CF9-413E-B997-4FAE5BA28939", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable13:*:*:*:*:*:*:*", matchCriteriaId: "5605B00F-438B-45CC-A55D-E75E57BC4684", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable14:*:*:*:*:*:*:*", matchCriteriaId: "8316B22E-B016-4F0E-9A3F-383E9B1A85A4", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable15:*:*:*:*:*:*:*", matchCriteriaId: "49A2C5CB-E2F1-4A72-9EA3-912050AFEF7F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable16:*:*:*:*:*:*:*", matchCriteriaId: "574C7DCC-B6E5-42A0-AA44-A0BCD67D1884", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable16:rc1:*:*:*:*:*:*", matchCriteriaId: "4D0DAD04-02C4-4FC4-BE08-3CAA3B85EB0B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable17:*:*:*:*:*:*:*", matchCriteriaId: "A2B1F1A5-B435-4A5C-86DF-EC3F29D94417", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable18:*:*:*:*:*:*:*", matchCriteriaId: "113EF7A6-3B8D-4A50-8873-FD36FCBF284C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable19:*:*:*:*:*:*:*", matchCriteriaId: "DC97E2DA-7378-486B-9178-3B38FF58589B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable20:*:*:*:*:*:*:*", matchCriteriaId: "1F178890-2F7E-43F5-8D6D-5EFCD790E758", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable21:*:*:*:*:*:*:*", matchCriteriaId: "9FA231EB-0F06-4D13-B50D-76FC8393187A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable22:*:*:*:*:*:*:*", matchCriteriaId: "31AB1D33-65EE-46DF-9D29-6B2BFACE7EC8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable23:*:*:*:*:*:*:*", matchCriteriaId: "BDA4744F-5FB2-4DF8-A7B9-A33EAB004CBA", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable24:*:*:*:*:*:*:*", matchCriteriaId: "72023FB9-F081-4F0A-9E81-2AF0470EB278", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable25:*:*:*:*:*:*:*", matchCriteriaId: "2F7D973B-9D57-4F74-89B1-A18CDA388EF4", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1:*:*:*:*:*:*:*", matchCriteriaId: "6A8586AD-E820-4BAE-AAF9-AC7EF2316C06", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "802E3D2B-90B7-4725-854F-4174116BC314", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "7501697A-BCFD-4DC3-8D87-CC9A186D9589", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "0D6C4455-85F4-462D-9FF6-F830ED7D398E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "B600BF4C-8169-4086-BFE6-F066BE5F5406", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "46272D1B-1468-48C0-B37A-7D06FAC39C47", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.6:*:*:*:*:*:*:*", matchCriteriaId: "DA782B4B-486F-4197-BD5D-ABF791D57211", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.7:*:*:*:*:*:*:*", matchCriteriaId: "558D8641-E097-4D91-9B6E-07433844BB82", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.8:*:*:*:*:*:*:*", matchCriteriaId: "0B46F5F1-38FC-4E25-8F04-CA2730561DF8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.9:*:*:*:*:*:*:*", matchCriteriaId: "C69B0A4D-9619-4BEA-A846-C4438C2660F2", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.10:*:*:*:*:*:*:*", matchCriteriaId: "ED17FE35-6B2C-41BF-A7C7-2EECBDB5A934", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.11:*:*:*:*:*:*:*", matchCriteriaId: "78A50750-3A31-482C-B95C-019C8934850E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.12:*:*:*:*:*:*:*", matchCriteriaId: "8FF6AC30-9570-4D4B-835E-CCADEB546F46", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.13:*:*:*:*:*:*:*", matchCriteriaId: "7FB84E4E-6A0A-41C8-9DDF-3C18F526F155", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.14:*:*:*:*:*:*:*", matchCriteriaId: "2E49E5C3-D01F-4DBC-B33A-5495D3EC44F8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.15:*:*:*:*:*:*:*", matchCriteriaId: "79C53B22-9F33-43E7-8D1F-EEB0DEF4B503", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.16:*:*:*:*:*:*:*", matchCriteriaId: "25B60DB2-F50C-42F0-B6C9-B25C34B8F578", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.17:*:*:*:*:*:*:*", matchCriteriaId: "DE973F9E-8387-464F-AFA0-25215B340173", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.18:*:*:*:*:*:*:*", matchCriteriaId: "03D3F0E3-0C50-4A86-87F4-90FC82B312F5", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "CE26BEC0-B9C7-43F0-B0FB-E81870170B29", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "D0778579-A193-4C61-BB1A-6D2E733F3958", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "9ED5DC63-6E9D-4068-95DF-AF8FD9A0A7ED", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.4:*:*:*:*:*:*:*", matchCriteriaId: "8DE890F9-12C0-4D66-B6C1-6A5A87FAD5F0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.5:*:*:*:*:*:*:*", matchCriteriaId: "FB414FE3-3567-474B-B5A7-D3EF5DD63AB8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "AF450F17-12A2-4E33-875A-5F3C2CA4A5C1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.6:*:*:*:*:*:*:*", matchCriteriaId: "E3AB229E-2C32-410B-BFE2-62DCA734C3F3", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "78A6D6B0-9BC0-418E-84EE-23697A0FEC19", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.", }, { lang: "es", value: "Las funciones de comparación de cadenas en String.cci en Squid v3.x anteriores a v3.1.8 y v3.2.x anteriores a v3.2.0.2 permite a atacantes remotos provocar una denegación de servicio (desreferenciación a puntero nulo y caída del demonio) a través de una petición manipulada.\r\n", }, ], evaluatorComment: "Per: http://cwe.mitre.org/data/definitions/476.html\r\n\r\n'CWE-476: NULL Pointer Dereference'", id: "CVE-2010-3072", lastModified: "2024-11-21T01:17:58.600", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2010-09-20T21:00:02.597", references: [ { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047787.html", }, { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047820.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/41298", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/41477", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/41534", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2010/dsa-2111", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2010/09/05/2", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2010/09/07/7", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/42982", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2010_3.txt", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9189.patch", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10090.patch", }, { source: "secalert@redhat.com", url: "http://www.vupen.com/english/advisories/2010/2433", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=630444", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047787.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047820.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/41298", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/41477", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/41534", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2010/dsa-2111", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2010/09/05/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2010/09/07/7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/42982", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2010_3.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9189.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10090.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2010/2433", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=630444", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-06-30 19:15
Modified
2024-11-21 05:02
Severity ?
Summary
An issue was discovered in Squid 5.x before 5.0.3. Due to an Incorrect Synchronization, a Denial of Service can occur when processing objects in an SMP cache because of an Ipc::Mem::PageStack::pop ABA problem during access to the memory page/slot management list.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "137B599B-80D1-4903-8791-40F11BC3FCD9", versionEndExcluding: "5.0.3", versionStartIncluding: "5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Squid 5.x before 5.0.3. Due to an Incorrect Synchronization, a Denial of Service can occur when processing objects in an SMP cache because of an Ipc::Mem::PageStack::pop ABA problem during access to the memory page/slot management list.", }, { lang: "es", value: "Se detectó un problema en Squid versiones 5.x anteriores a 5.0.3. Debido a una Sincronización Incorrecta, puede ocurrir una Denegación de Servicio al procesar objetos en una memoria caché SMP debido a un problema ABA de la función Ipc::Mem::PageStack::pop durante el acceso a una lista de administración de page/slot", }, ], id: "CVE-2020-14059", lastModified: "2024-11-21T05:02:27.680", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-06-30T19:15:11.223", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2020_5.txt", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v5/changesets/squid-5-7a5af8db8e0377c06ed9ffbdcb1334389c7cd8ab.patch", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210312-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2020_5.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v5/changesets/squid-5-7a5af8db8e0377c06ed9ffbdcb1334389c7cd8ab.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210312-0001/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-662", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2010-10-12 21:00
Modified
2024-11-21 01:17
Severity ?
Summary
dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not enabled, accesses an invalid socket during an IPv4 TCP DNS query, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors that trigger an IPv4 DNS response with the TC bit set.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | 3.1.6 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:3.1.6:*:*:*:*:*:*:*", matchCriteriaId: "E3AB229E-2C32-410B-BFE2-62DCA734C3F3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not enabled, accesses an invalid socket during an IPv4 TCP DNS query, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors that trigger an IPv4 DNS response with the TC bit set.", }, { lang: "es", value: "dns_internal.cc en Squid 3.1.6, cuando la resolución DNS IPv6 no está habilitada, accede a un socket inválido durante una petición DNS TCP IPv4, lo que permite a atacantes remotos provocar una denegación de servicio (por falta de confirmación y salida del demonio) mediante vectores que disparan una respuesta DNS IPv4 con el bit TC configurado.", }, ], id: "CVE-2010-2951", lastModified: "2024-11-21T01:17:43.283", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2010-10-12T21:00:01.710", references: [ { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://bazaar.launchpad.net/~squid/squid/3.1/revision/10072", }, { source: "secalert@redhat.com", url: "http://bugs.gentoo.org/show_bug.cgi?id=334263", }, { source: "secalert@redhat.com", url: "http://bugs.squid-cache.org/show_bug.cgi?id=3009", }, { source: "secalert@redhat.com", url: "http://bugs.squid-cache.org/show_bug.cgi?id=3021", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://marc.info/?l=squid-users&m=128263555724981&w=2", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2010/08/24/6", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2010/08/24/7", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2010/08/25/2", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2010/08/25/6", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10072.patch", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=626927", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://bazaar.launchpad.net/~squid/squid/3.1/revision/10072", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://bugs.gentoo.org/show_bug.cgi?id=334263", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://bugs.squid-cache.org/show_bug.cgi?id=3009", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://bugs.squid-cache.org/show_bug.cgi?id=3021", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://marc.info/?l=squid-users&m=128263555724981&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2010/08/24/6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2010/08/24/7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2010/08/25/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2010/08/25/6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10072.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=626927", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-06-08 20:15
Modified
2024-11-21 06:06
Severity ?
Summary
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| squid-cache | squid | 2.5.stable2 | |
| squid-cache | squid | 2.5.stable3 | |
| squid-cache | squid | 2.5.stable4 | |
| squid-cache | squid | 2.5.stable5 | |
| squid-cache | squid | 2.5.stable6 | |
| squid-cache | squid | 2.5.stable7 | |
| squid-cache | squid | 2.5.stable8 | |
| squid-cache | squid | 2.5.stable9 | |
| squid-cache | squid | 2.5.stable10 | |
| squid-cache | squid | 2.5.stable11 | |
| squid-cache | squid | 2.5.stable12 | |
| squid-cache | squid | 2.5.stable13 | |
| squid-cache | squid | 2.5.stable14 | |
| squid-cache | squid | 2.6 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 | |
| netapp | cloud_manager | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "A9ED22D0-23B0-4441-91C9-CBC1C57A7D6D", versionEndExcluding: "4.15", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "68801A75-0B13-444A-B88F-8BDD4EE953D3", versionEndExcluding: "5.0.6", versionStartIncluding: "5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.5.stable2:*:*:*:*:*:*:*", matchCriteriaId: "3DBDF00F-0FCC-4C6B-8541-7FBF2FF79CEB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.5.stable3:*:*:*:*:*:*:*", matchCriteriaId: "1460A9BC-464D-47FC-9CDE-08E094E84520", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.5.stable4:*:*:*:*:*:*:*", matchCriteriaId: "FA370C48-58E9-4A66-8CEB-01ABB90DDDF4", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.5.stable5:*:*:*:*:*:*:*", matchCriteriaId: "F7D47FF1-44FC-4798-B7DB-45B3825496AF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.5.stable6:*:*:*:*:*:*:*", matchCriteriaId: "6AFABF40-3269-44D6-98BE-30030002BB40", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.5.stable7:*:*:*:*:*:*:*", matchCriteriaId: "15D4C357-F4AC-4BB3-889D-0B76DB28D8A0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.5.stable8:*:*:*:*:*:*:*", matchCriteriaId: "B16B99BF-4DC3-4525-8153-B45287DB5BA1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.5.stable9:*:*:*:*:*:*:*", matchCriteriaId: "00A8E046-A375-442D-B96B-DBD2993652AD", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.5.stable10:*:*:*:*:*:*:*", matchCriteriaId: "CE90AB17-3998-42D6-BB43-577C05BD8380", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.5.stable11:*:*:*:*:*:*:*", matchCriteriaId: "6B516FB5-5779-4F81-812B-A321E3E711FE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.5.stable12:*:*:*:*:*:*:*", matchCriteriaId: "6DD5E8F7-19C7-4733-9A57-033572E8A78B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.5.stable13:*:*:*:*:*:*:*", matchCriteriaId: "EB55AD78-C3FA-4DC5-81F0-83CB1385AE5E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.5.stable14:*:*:*:*:*:*:*", matchCriteriaId: "2B43CE92-434B-4F93-9355-F9CD6D5959EF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.6:*:*:*:*:*:*:*", matchCriteriaId: "3AE100C3-0245-4305-B514-77D0572C2947", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:-:*:*:*:*:*:*", matchCriteriaId: "A4E50120-7298-4BC5-AC36-708EFCCFA1F8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable2:*:*:*:*:*:*", matchCriteriaId: "EFBB466C-C679-4B4B-87C2-E7853E5B3F04", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable3:*:*:*:*:*:*", matchCriteriaId: "A03692DD-779F-4E3C-861C-29943870A816", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable4:*:*:*:*:*:*", matchCriteriaId: "79FF6B3C-A3CE-4AA2-80F9-44D05A6B2F08", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable5:*:*:*:*:*:*", matchCriteriaId: "3CF6E367-D33B-4B60-8C40-4618C47D53E8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable6:*:*:*:*:*:*", matchCriteriaId: "0FA1F4FE-629C-4489-A13C-017A824C840F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable7:*:*:*:*:*:*", matchCriteriaId: "2479C5BF-94E1-4153-9FA3-333BC00F01D6", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable8:*:*:*:*:*:*", matchCriteriaId: "8ABFCCCC-7584-466E-97CC-6EBD3934A70E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable9:*:*:*:*:*:*", matchCriteriaId: "F17E49BF-FB11-4EE6-B6AC-30914F381B2F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "197D0D80-6702-4B61-B681-AFDBA7D69067", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent.", }, { lang: "es", value: "Se ha detectado un problema en Squid versiones anteriores a 4.15 y en versiones 5.x anteriores a 5.0.6. Un problema de desbordamiento de enteros permite a un servidor remoto conseguir una Denegación de Servicio cuando se entrega respuestas a peticiones de rango HTTP. El desencadenante del problema es un encabezado que puede esperarse que se presente en el tráfico HTTP sin ninguna intención maliciosa", }, ], id: "CVE-2021-31807", lastModified: "2024-11-21T06:06:15.980", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-06-08T20:15:09.057", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2023/Oct/14", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/10/11/3", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210716-0007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2023/Oct/14", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/10/11/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210716-0007/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-05-27 12:15
Modified
2024-11-21 06:00
Severity ?
Summary
An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain response header over HTTP or HTTPS, there is a denial of service. This header can plausibly occur in benign network traffic.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "B5A199CF-E7E1-44D4-8A5A-BEA6DFEB35ED", versionEndExcluding: "4.15", versionStartIncluding: "4.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "68801A75-0B13-444A-B88F-8BDD4EE953D3", versionEndExcluding: "5.0.6", versionStartIncluding: "5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain response header over HTTP or HTTPS, there is a denial of service. This header can plausibly occur in benign network traffic.", }, { lang: "es", value: "Se detectó un problema en Squid versiones 4.x anteriores a 4.15 y versiones 5.x anteriores a 5.0.6. Si un servidor remoto envía un determinado encabezado de respuesta por medio de HTTP o HTTPS, ocurre una denegación de servicio. Este encabezado puede ocurrir plausiblemente en tráfico de red benigno", }, ], id: "CVE-2021-28662", lastModified: "2024-11-21T06:00:03.360", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-05-27T12:15:08.263", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2023/Oct/14", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/10/11/3", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v6/changesets/squid-6-051824924c709bd6162a378f746fb859454c674e.patch", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/commit/051824924c709bd6162a378f746fb859454c674e", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-jjq6-mh2h-g39h", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4924", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2023/Oct/14", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/10/11/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v6/changesets/squid-6-051824924c709bd6162a378f746fb859454c674e.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/commit/051824924c709bd6162a378f746fb859454c674e", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-jjq6-mh2h-g39h", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4924", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-116", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-05-10 19:59
Modified
2024-11-21 02:52
Severity ?
Summary
mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | linux | 6 | |
| oracle | linux | 7 | |
| squid-cache | squid | * | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.10 | |
| canonical | ubuntu_linux | 16.04 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*", matchCriteriaId: "CC7A498A-A669-4C42-8134-86103C799D13", vulnerable: true, }, { criteria: "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", matchCriteriaId: "104DA87B-DEE4-4262-AE50-8E6BC43B228B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "C563F5CC-F4FB-4440-981E-EA2C003A639C", versionEndIncluding: "3.5.17", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", matchCriteriaId: "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", matchCriteriaId: "E88A537F-F4D0-46B9-9E37-965233C2A355", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a \"header smuggling\" issue.", }, { lang: "es", value: "mime_header.cc en Squid en versiones anteriores a 3.5.18 permite a atacantes remotos eludir restricciones destinadas al mismo origen y posiblemente llevar a cabo ataques de envenenamiento de caché a través de una cabecera HTTP Host manipulada, también conocido como un problema \"contrabando de peticiones\".", }, ], id: "CVE-2016-4554", lastModified: "2024-11-21T02:52:28.113", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-05-10T19:59:01.307", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2016/dsa-3625", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.securitytracker.com/id/1035769", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_8.txt", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID-2016_8.patch", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.2/changesets/SQUID-2016_8.patch", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.3/changesets/SQUID-2016_8.patch", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_8.patch", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_8.patch", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2995-1", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2016:1138", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2016:1139", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2016:1140", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/201607-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2016/dsa-3625", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.securitytracker.com/id/1035769", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_8.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID-2016_8.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.2/changesets/SQUID-2016_8.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.3/changesets/SQUID-2016_8.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_8.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_8.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2995-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:1138", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:1139", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:1140", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/201607-01", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-345", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-15 19:15
Modified
2024-11-21 04:23
Severity ?
Summary
An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is implemented via url_regex. The handler for url_regex rules URL decodes an incoming request. This allows an attacker to encode their URL to bypass the url_regex check, and gain access to the blocked resource.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "A5584C95-5CB1-4D45-8C05-633746AE2AB4", versionEndIncluding: "4.7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is implemented via url_regex. The handler for url_regex rules URL decodes an incoming request. This allows an attacker to encode their URL to bypass the url_regex check, and gain access to the blocked resource.", }, { lang: "es", value: "Se detectó un problema en Squid versiones hasta 4.7. Al manejar las peticiones de los usuarios, Squid verifica sus reglas para visualizar si la petición debe ser denegada. Squid por defecto viene con reglas para bloquear el acceso al Cache Manager, que sirve información detallada del servidor destinada al mantenedor. Esta regla es implementada por medio de url_regex. El manejador de reglas URL de url_regex decodifica una petición entrante. Esto permite a un atacante codificar su URL para omitir la comprobación de url_regex y obtener acceso al recurso bloqueado.", }, ], id: "CVE-2019-12524", lastModified: "2024-11-21T04:23:02.080", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-15T19:15:12.533", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12524.txt", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210205-0006/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4446-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4682", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12524.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210205-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4446-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4682", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-306", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2009-07-28 17:30
Modified
2024-11-21 01:05
Severity ?
Summary
Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce "buffer limits and related bound checks," which allows remote attackers to cause a denial of service via (1) an incomplete request or (2) a request with a large header size, related to (a) HttpMsg.cc and (b) client_side.cc.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.1 | |
| squid-cache | squid | 3.1.0.1 | |
| squid-cache | squid | 3.1.0.2 | |
| squid-cache | squid | 3.1.0.3 | |
| squid-cache | squid | 3.1.0.4 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:pre1:*:*:*:*:*", matchCriteriaId: "CF9C0078-D06B-4174-AF2C-599638E5B29D", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:pre2:*:*:*:*:*", matchCriteriaId: "F1DD47BA-EA59-4DCC-BFF3-2DF0BC332CBB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:pre3:*:*:*:*:*", matchCriteriaId: "2BC1746D-BE02-4D04-B31D-95589EBD4C93", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:pre4:*:*:*:*:*", matchCriteriaId: "62C35710-215C-4B80-9304-665451F3C0AB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:pre5:*:*:*:*:*", matchCriteriaId: "76A7416C-64B2-4F52-93FD-9C504B7D4F40", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:pre6:*:*:*:*:*", matchCriteriaId: "17D51261-2071-4E8F-AD75-2ECCBE7F7C04", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:pre7:*:*:*:*:*", matchCriteriaId: "ACD9E084-007E-4C6A-8D30-2DC9B355D7B5", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:stable1:*:*:*:*:*", matchCriteriaId: "95912E0D-FACF-459B-94FB-334FDBCC292B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:stable10:*:*:*:*:*", matchCriteriaId: "2C455506-7FBF-4F0E-92E7-F074B74C10D7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:stable11:*:*:*:*:*", matchCriteriaId: "67288E3E-88BF-44CE-84EF-1BF98E8C38CA", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:stable12:*:*:*:*:*", matchCriteriaId: "B428BDA9-8C83-4DE3-9391-17AFD5D750BB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:stable13:*:*:*:*:*", matchCriteriaId: "DC57EAB8-BFEF-4FE2-8ADB-D196EAE3E51D", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:stable14:*:*:*:*:*", matchCriteriaId: "935F2BDE-7F76-4E13-8318-37CE97B7948F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:stable15:*:*:*:*:*", matchCriteriaId: "354599A2-5FCF-4F5A-85AE-00505D32B9BF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:stable2:*:*:*:*:*", matchCriteriaId: "1F1BC7B9-9CD1-42E9-84BB-BEE3668BAAA6", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:stable3:*:*:*:*:*", matchCriteriaId: "88E3716B-863A-40D4-A7D9-F2A288B87394", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:stable4:*:*:*:*:*", matchCriteriaId: "02FB3C5B-95F1-4839-8F68-649AFA2FEB1C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:stable5:*:*:*:*:*", matchCriteriaId: "631CBA69-B2A1-4522-A330-6A87CCBC682C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:stable6:*:*:*:*:*", matchCriteriaId: "0FE7885D-D1EB-4543-B342-80BC645EE8EC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:stable7:*:*:*:*:*", matchCriteriaId: "B7C4AE0E-9608-4D24-8EA3-0F33A5D95A5E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:stable8:*:*:*:*:*", matchCriteriaId: "628344A8-42AE-4AD7-89A2-66711490AB30", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:stable9:*:*:*:*:*", matchCriteriaId: "3260A290-9F63-4E5C-BEF2-015E9491AD18", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:rc1:stable11:*:*:*:*:*", matchCriteriaId: "4F830353-C4E4-4DAF-B7ED-1B0BAE9F3253", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:rc4:*:*:*:*:*:*", matchCriteriaId: "131C4C00-3811-42BF-A84A-EB2E5DA156B4", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1:*:*:*:*:*:*:*", matchCriteriaId: "6A8586AD-E820-4BAE-AAF9-AC7EF2316C06", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "802E3D2B-90B7-4725-854F-4174116BC314", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "7501697A-BCFD-4DC3-8D87-CC9A186D9589", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "0D6C4455-85F4-462D-9FF6-F830ED7D398E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "B600BF4C-8169-4086-BFE6-F066BE5F5406", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce \"buffer limits and related bound checks,\" which allows remote attackers to cause a denial of service via (1) an incomplete request or (2) a request with a large header size, related to (a) HttpMsg.cc and (b) client_side.cc.", }, { lang: "es", value: "Squid desde v3.0 hasta v3.0.STABLE16 desde v3.1 hasta v3.1.0.11 no cumple adecuadamente con \"los limites de búfer y comprobaciones vinculadas,\" lo que permite a atacantes remotos producir una denegación de servicio a través de (1) una petición incompleta o (2) una petición con un tamaño largo de cabecera, relacionado con (a) HttpMsg.cc y (b) client_side.cc.", }, ], id: "CVE-2009-2621", lastModified: "2024-11-21T01:05:18.980", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2009-07-28T17:30:01.077", references: [ { source: "cret@cert.org", url: "http://secunia.com/advisories/36007", }, { source: "cret@cert.org", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:161", }, { source: "cret@cert.org", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:178", }, { source: "cret@cert.org", url: "http://www.securityfocus.com/bid/35812", }, { source: "cret@cert.org", url: "http://www.securitytracker.com/id?1022607", }, { source: "cret@cert.org", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2009_2.txt", }, { source: "cret@cert.org", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/b9654.patch", }, { source: "cret@cert.org", url: "http://www.vupen.com/english/advisories/2009/2013", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/36007", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:161", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:178", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/35812", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1022607", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2009_2.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/b9654.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2009/2013", }, ], sourceIdentifier: "cret@cert.org", vendorComments: [ { comment: "Not vulnerable. This issue did not affect the versions of squid as shipped with Red Hat Enterprise Linux 3, 4, or 5.", lastModified: "2009-08-06T00:00:00", organization: "Red Hat", }, ], vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-05-18 15:59
Modified
2024-11-21 02:29
Severity ?
Summary
Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", matchCriteriaId: "104DA87B-DEE4-4262-AE50-8E6BC43B228B", vulnerable: true, }, { criteria: "cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*", matchCriteriaId: "0B1C288F-326B-497B-B26C-D26E01262DDB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "6DFAB3BA-BBE9-4CFB-BE6B-BDF3E7772E7F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "C9F523B8-463E-4FB0-ACB6-E36AAAF85CD9", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*", matchCriteriaId: "5BA593D9-907D-4051-A3F2-0F88F01A7C79", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "20D2B364-B98A-4484-A10A-86AF43774096", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*", matchCriteriaId: "0B7BF076-0D43-407A-86DC-D1163922A787", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*", matchCriteriaId: "AA576F49-A7F5-4013-89DF-F6C91C15B547", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*", matchCriteriaId: "5D3F52FE-FFB3-4221-8DC7-3F5680A07429", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*", matchCriteriaId: "604FEF42-ABA7-42C1-8A5F-C3AECFD68481", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*", matchCriteriaId: "DC2568C1-89CB-41C1-9126-A8665614D0B1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*", matchCriteriaId: "C18B5392-3FDB-49E6-89DB-7945D337FBFB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*", matchCriteriaId: "BA9E0E7F-E93C-4DE9-8D91-5EE50BCFAC2A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.12:*:*:*:*:*:*:*", matchCriteriaId: "0BFF9D8B-343B-415D-8AF8-B07AF94CC48B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.13:*:*:*:*:*:*:*", matchCriteriaId: "16F5794B-BBFB-4B12-9A0B-88A0334681C7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.14:*:*:*:*:*:*:*", matchCriteriaId: "17D0083E-8D50-4DC6-979F-685D5CB588AF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.15:*:*:*:*:*:*:*", matchCriteriaId: "138FAD73-1D25-4F46-B9EA-599FF0EDA1AA", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.16:*:*:*:*:*:*:*", matchCriteriaId: "2CE34DC1-F654-474E-B6A3-D81B9BF4D6CF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.17:*:*:*:*:*:*:*", matchCriteriaId: "8A4BF7AC-7D9F-40D8-A5AA-BE1EBF37CF96", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.18:*:*:*:*:*:*:*", matchCriteriaId: "643E8B9B-C3F4-4171-BF67-D9359BDCE5CB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.19:*:*:*:*:*:*:*", matchCriteriaId: "A73CBC60-1EF1-4730-9350-EB51F269695B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.1:*:*:*:*:*:*:*", matchCriteriaId: "2721E403-A553-492F-897F-1CD1E2685139", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.2:*:*:*:*:*:*:*", matchCriteriaId: "85B091C4-8104-4A1E-A09D-EBCD114DC829", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.3:*:*:*:*:*:*:*", matchCriteriaId: "FA2EDF9C-45AD-4980-8DEF-C7F473B22CAF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.4:*:*:*:*:*:*:*", matchCriteriaId: "BE4B8448-49FA-491C-A6A2-040233D670B1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.5:*:*:*:*:*:*:*", matchCriteriaId: "11480BB1-874C-48EB-BB03-081313310608", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.6:*:*:*:*:*:*:*", matchCriteriaId: "1B739890-99E8-434C-97D4-3739E6C31838", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.7:*:*:*:*:*:*:*", matchCriteriaId: "0C7B1871-3C85-4B88-AB42-E60BF5CDFB04", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0A71DCD2-0E54-46A7-8309-CDB0736AD5C1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.9:*:*:*:*:*:*:*", matchCriteriaId: "CD54BDDF-F7A8-4715-BA0E-4E7F741492FE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.10:*:*:*:*:*:*:*", matchCriteriaId: "9A2B9699-6622-4883-BA03-E3374C54871A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.11:*:*:*:*:*:*:*", matchCriteriaId: "78391DAF-2096-4DC4-80E4-D4D2859DCA32", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.12:*:*:*:*:*:*:*", matchCriteriaId: "9B062A06-31C1-4B23-B7BD-9F751ABD6A37", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.13:*:*:*:*:*:*:*", matchCriteriaId: "DE426934-A9E2-4019-99EA-5A76EA7CDF5C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0:*:*:*:*:*:*:*", matchCriteriaId: "728DD64E-C267-475A-BEA8-C139581DD7A7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A7A83183-74B1-4041-A961-D9F382AAC7E5", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "4CE8F3F5-45A2-418A-9D8E-4E6DFC888BC6", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "7F4845D4-40D9-431E-A63C-E949B9D9F959", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.1:*:*:*:*:*:*:*", matchCriteriaId: "9EF070E6-0B73-4F6D-8932-B284697FCD2E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.2:*:*:*:*:*:*:*", matchCriteriaId: "6E07992B-92B4-4307-8DBD-085376C1D6DD", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.3:*:*:*:*:*:*:*", matchCriteriaId: "386550A3-A55B-4F24-9625-6A50260ADA72", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.4:*:*:*:*:*:*:*", matchCriteriaId: "810D1F9E-81E5-45F0-B62B-AB0A797FF8B0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.5:*:*:*:*:*:*:*", matchCriteriaId: "4673327A-1E50-47CC-AD83-6A3D2E687292", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.6:*:*:*:*:*:*:*", matchCriteriaId: "6624AF2D-9EF0-4597-B8B2-20D7A309EA6F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.7:*:*:*:*:*:*:*", matchCriteriaId: "E9F75D13-ED59-42A9-A662-AC77DBA20903", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.8:*:*:*:*:*:*:*", matchCriteriaId: "1D2DEDED-818C-42E4-821C-954CE7406DA8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.9:*:*:*:*:*:*:*", matchCriteriaId: "EEED0A2E-AA5D-4835-A7C6-499325A0EB32", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.10:*:*:*:*:*:*:*", matchCriteriaId: "BEDD0AF5-8252-4548-941B-26581393E918", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.11:*:*:*:*:*:*:*", matchCriteriaId: "3E939AD4-B8F3-4BC0-9948-3C92B88D2593", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.12:*:*:*:*:*:*:*", matchCriteriaId: "73CAD438-969B-4D2E-8A2F-9264AFAD9DE2", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.13:*:*:*:*:*:*:*", matchCriteriaId: "87259A2E-E132-45BA-8AC4-8CC50B1F659A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "1DD85E57-9A51-42DF-8BF7-E5701BAA64AE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.2:*:*:*:*:*:*:*", matchCriteriaId: "E983C5C3-C93C-4750-8DC5-31D6206335A8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DEC8D212-6E8B-45F7-B7FB-9FFA64C1DB8F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.1:*:*:*:*:*:*:*", matchCriteriaId: "F03B2A6E-1D63-42F2-BB31-18EC120B6543", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.2:*:*:*:*:*:*:*", matchCriteriaId: "3BC83C4B-7C06-40D7-9EF6-76E752E5724B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.3:*:*:*:*:*:*:*", matchCriteriaId: "5C1E1CC9-81A7-47D5-87AC-86703E257D29", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.4:*:*:*:*:*:*:*", matchCriteriaId: "D716D8C4-2089-4E61-9487-B2085B74B5BF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.5:*:*:*:*:*:*:*", matchCriteriaId: "5332A8F5-8F97-465B-AF24-2FEF0B055006", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.6:*:*:*:*:*:*:*", matchCriteriaId: "6567D19B-DF18-4C52-984A-591524A83AD5", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.7:*:*:*:*:*:*:*", matchCriteriaId: "06832CD3-C761-4941-AFAB-822477C568F6", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.8:*:*:*:*:*:*:*", matchCriteriaId: "40507A48-FD3B-4309-B017-A1644C5C3520", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.9:*:*:*:*:*:*:*", matchCriteriaId: "0211EBCA-144F-4BDD-8F0C-E5F7BDF96E7A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.10:*:*:*:*:*:*:*", matchCriteriaId: "7A52E699-6C08-4324-AD38-E8D40A02701F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.11:*:*:*:*:*:*:*", matchCriteriaId: "94C493CA-CBF0-4D15-8D1A-0E972E31F7A6", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.12:*:*:*:*:*:*:*", matchCriteriaId: "C398219E-503D-4DE5-85E8-5570536D6FB9", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.1:*:*:*:*:*:*:*", matchCriteriaId: "E0868B12-EDF9-42D9-BB43-15F623A3310B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.2:*:*:*:*:*:*:*", matchCriteriaId: "F710949D-F0FE-43F4-ADB3-6EB679A70280", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DCB75144-2437-40A8-8CA3-A487B603F7DE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.4:*:*:*:*:*:*:*", matchCriteriaId: "6CED2CB3-BE78-4818-A6D7-847A1ACE74DC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.1:*:*:*:*:*:*:*", matchCriteriaId: "705D8320-A278-483A-AE47-802044CE685E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.2:*:*:*:*:*:*:*", matchCriteriaId: "715634E1-F7BE-4106-BDA7-B7D147EEA800", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", matchCriteriaId: "253C303A-E577-4488-93E6-68A8DD942C38", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate.", }, { lang: "es", value: "Squid 3.2.x en versiones anteriores a 3.2.14, 3.3.x en versiones anteriores a 3.3.14, 3.4.x en versiones anteriores a 3.4.13 y 3.5.x en versiones anteriores a 3.5.4, cuando el primer cliente está configurado mediante SSL-bump, no valida adecuadamente el dominio o campos de nombre de host de certificados X.509, lo que permite a atacantes man-in-the-middle suplantar servidores SSL a través de un certificado válido.", }, ], id: "CVE-2015-3455", lastModified: "2024-11-21T02:29:27.457", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2015-05-18T15:59:11.650", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://advisories.mageia.org/MGASA-2015-0191.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183598.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-updates/2015-09/msg00016.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { source: "cve@mitre.org", url: "http://rhn.redhat.com/errata/RHSA-2015-2378.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:230", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/74438", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032221", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2015_1.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://advisories.mageia.org/MGASA-2015-0191.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183598.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2015-09/msg00016.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2015-2378.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:230", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/74438", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032221", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2015_1.txt", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-02-09 23:29
Modified
2024-11-21 03:39
Severity ?
Summary
The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax.. This vulnerability appears to have been fixed in 4.0.23 and later.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.10 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "4FEA210B-5C46-41BF-9419-7C6F71ADDC9E", versionEndIncluding: "3.5.27", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "A880903B-1BA7-4AEF-9751-0D99C9D5F3FE", versionEndIncluding: "4.0.22", versionStartIncluding: "4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", matchCriteriaId: "9070C9D8-A14A-467F-8253-33B966C16886", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax.. This vulnerability appears to have been fixed in 4.0.23 and later.", }, { lang: "es", value: "Squid Software Foundation Squid HTTP Caching Proxy, en versiones 3.0 a 3.5.27 y 4.0 a 4.0.22 contiene una vulnerabilidad de manipulación de punteros incorrecta en el procesamiento de respuestas ESI. Esto puede resultar en una denegación de servicio (DoS) para todos los clientes que empleen el proxy. Parece que el ataque puede ser explotado mediante servidores remotos que envían una carga útil de respuesta HTTP que contiene una sintaxis válida pero inusual de ESI. Parece ser que la vulnerabilidad se ha solucionado en la versión 4.0.23 y siguientes.", }, ], id: "CVE-2018-1000024", lastModified: "2024-11-21T03:39:27.140", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-02-09T23:29:00.730", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2018_1.txt", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/02/msg00001.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3557-1/", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/4059-2/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2018/dsa-4122", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2018_1.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/02/msg00001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3557-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/4059-2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2018/dsa-4122", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-12-04 23:15
Modified
2024-11-21 08:33
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with "collapsed_forwarding on" are vulnerable. Configurations with "collapsed_forwarding off" or without a "collapsed_forwarding" directive are not vulnerable. This bug is fixed by Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should remove all collapsed_forwarding lines from their squid.conf.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "58165CD0-BDD1-48E3-86A8-4A3CA5AC2039", versionEndIncluding: "5.9", versionStartIncluding: "3.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with \"collapsed_forwarding on\" are vulnerable. Configurations with \"collapsed_forwarding off\" or without a \"collapsed_forwarding\" directive are not vulnerable. This bug is fixed by Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should remove all collapsed_forwarding lines from their squid.conf.", }, { lang: "es", value: "Squid es un proxy de almacenamiento en caché para la Web que admite HTTP, HTTPS, FTP y más. Las versiones afectadas de squid están sujetas a un error Use-After-Free que puede provocar un ataque de denegación de servicio mediante reenvío colapsado. Todas las versiones de Squid desde la 3.5 hasta la 5.9 inclusive configuradas con \"collapsed_forwarding on\" son vulnerables. Las configuraciones con \"collapsed_forwarding desactivado\" o sin una directiva \"collapsed_forwarding\" no son vulnerables. Este error se solucionó con la versión 6.0.1 de Squid. Se recomienda a los usuarios que actualicen. Los usuarios que no puedan actualizar deben eliminar todas las líneas collapsed_forwarding de su squid.conf.", }, ], id: "CVE-2023-49288", lastModified: "2024-11-21T08:33:11.613", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-04T23:15:27.477", references: [ { source: "security-advisories@github.com", tags: [ "Vendor Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-rj5h-46j6-q2g5", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/", }, { source: "security-advisories@github.com", url: "https://security.netapp.com/advisory/ntap-20240119-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-rj5h-46j6-q2g5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20240119-0006/", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "security-advisories@github.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-11-03 08:15
Modified
2024-11-21 08:42
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk cache, resulting in a denial of service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| redhat | enterprise_linux | 6.0 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "1D384D1F-2A05-4EE0-9CB8-C83FDC53F608", versionEndExcluding: "6.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", matchCriteriaId: "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk cache, resulting in a denial of service.", }, { lang: "es", value: "Squid es vulnerable a ataques de Denegación de Servicio contra clientes HTTP y HTTPS debido a un error en el manejo inadecuado de elementos estructurales.", }, ], id: "CVE-2023-5824", lastModified: "2024-11-21T08:42:34.053", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-11-03T08:15:08.270", references: [ { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2023:7465", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2023:7668", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:0072", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:0397", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:0771", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:0772", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:0773", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:1153", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-5824", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2245914", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2023:7465", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2023:7668", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2024:0072", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2024:0397", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2024:0771", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2024:0772", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2024:0773", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2024:1153", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-5824", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2245914", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20231130-0003/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-755", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-755", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-08-24 18:15
Modified
2024-11-21 05:15
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 20.04 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 | |
| fedoraproject | fedora | 33 | |
| opensuse | leap | 15.1 | |
| opensuse | leap | 15.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "77F27CCE-271D-4EFC-A417-DAEAB0DDA82A", versionEndExcluding: "4.13", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "FC0541DD-366F-47F9-981B-525697B1D166", versionEndExcluding: "5.0.4", versionStartIncluding: "5.0.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", matchCriteriaId: "902B8056-9E37-443B-8905-8AA93E2447FB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", matchCriteriaId: "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF.", }, { lang: "es", value: "Squid versiones anteriores a 4.13 y versiones 5.x anteriores a 5.0.4, permite que un peer de confianza lleve a cabo una Denegación de Servicio mediante el consumo de todos los ciclos de la CPU disponibles durante el manejo de un mensaje de respuesta de Cache Digest diseñado. Esto solo ocurre cuando cache_peer es usado con la funcionalidad cache digest. El problema se presenta porque el bloqueo en vivo de peerDigestHandleReply() en el archivo peer_digest.cc maneja inapropiadamente EOF.", }, ], id: "CVE-2020-24606", lastModified: "2024-11-21T05:15:08.487", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.1, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4, source: "cve@mitre.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-08-24T18:15:10.047", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_9.patch", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMTFLVB7GLRF2CKGFPZ4G4R5DIIPHWI3/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210219-0007/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210226-0006/", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "https://security.netapp.com/advisory/ntap-20210226-0007/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4477-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4551-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4751", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_9.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMTFLVB7GLRF2CKGFPZ4G4R5DIIPHWI3/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210219-0007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210226-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://security.netapp.com/advisory/ntap-20210226-0007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4477-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4551-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4751", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-667", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-09-06 15:55
Modified
2024-11-21 01:29
Severity ?
Summary
Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable1:*:*:*:*:*:*:*", matchCriteriaId: "047EDDD6-02F5-4B53-8FCA-781962392080", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable2:*:*:*:*:*:*:*", matchCriteriaId: "01AD43AB-40BF-449F-A121-A8587E7AE449", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable3:*:*:*:*:*:*:*", matchCriteriaId: "3942285D-E20C-45C5-9EF8-821F6D782CB8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable4:*:*:*:*:*:*:*", matchCriteriaId: "B3FDB45B-4D91-4427-9565-812919086E7E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable5:*:*:*:*:*:*:*", matchCriteriaId: "86C3C8B5-C2A3-4454-9F89-38A860278366", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable6:*:*:*:*:*:*:*", matchCriteriaId: "8B37B7B4-2EAC-4C2A-9526-5C62CBA1DB8B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable7:*:*:*:*:*:*:*", matchCriteriaId: "056EDEEE-A09C-47A2-9217-72E4B8387E00", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable8:*:*:*:*:*:*:*", matchCriteriaId: "2593CB12-03E2-4F98-9B89-C09D5EADE077", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable9:*:*:*:*:*:*:*", matchCriteriaId: "A44B7A4F-3070-4092-B9AF-3A1CD0897CC7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable10:*:*:*:*:*:*:*", matchCriteriaId: "EF79D9A9-9C11-4E6D-81D1-32CA8CA95223", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable11:*:*:*:*:*:*:*", matchCriteriaId: "042FE60B-7239-45C7-8EE3-A036AC7778F8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable11:rc1:*:*:*:*:*:*", matchCriteriaId: "FF5EE89A-720F-456A-BD26-FE46BBA29D9A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable12:*:*:*:*:*:*:*", matchCriteriaId: "ADF61A74-9CF9-413E-B997-4FAE5BA28939", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable13:*:*:*:*:*:*:*", matchCriteriaId: "5605B00F-438B-45CC-A55D-E75E57BC4684", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable14:*:*:*:*:*:*:*", matchCriteriaId: "8316B22E-B016-4F0E-9A3F-383E9B1A85A4", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable15:*:*:*:*:*:*:*", matchCriteriaId: "49A2C5CB-E2F1-4A72-9EA3-912050AFEF7F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable16:*:*:*:*:*:*:*", matchCriteriaId: "574C7DCC-B6E5-42A0-AA44-A0BCD67D1884", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable16:rc1:*:*:*:*:*:*", matchCriteriaId: "4D0DAD04-02C4-4FC4-BE08-3CAA3B85EB0B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable17:*:*:*:*:*:*:*", matchCriteriaId: "A2B1F1A5-B435-4A5C-86DF-EC3F29D94417", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable18:*:*:*:*:*:*:*", matchCriteriaId: "113EF7A6-3B8D-4A50-8873-FD36FCBF284C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable19:*:*:*:*:*:*:*", matchCriteriaId: "DC97E2DA-7378-486B-9178-3B38FF58589B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable20:*:*:*:*:*:*:*", matchCriteriaId: "1F178890-2F7E-43F5-8D6D-5EFCD790E758", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable21:*:*:*:*:*:*:*", matchCriteriaId: "9FA231EB-0F06-4D13-B50D-76FC8393187A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable22:*:*:*:*:*:*:*", matchCriteriaId: "31AB1D33-65EE-46DF-9D29-6B2BFACE7EC8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable23:*:*:*:*:*:*:*", matchCriteriaId: "BDA4744F-5FB2-4DF8-A7B9-A33EAB004CBA", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable24:*:*:*:*:*:*:*", matchCriteriaId: "72023FB9-F081-4F0A-9E81-2AF0470EB278", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable25:*:*:*:*:*:*:*", matchCriteriaId: "2F7D973B-9D57-4F74-89B1-A18CDA388EF4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:3.1:*:*:*:*:*:*:*", matchCriteriaId: "6A8586AD-E820-4BAE-AAF9-AC7EF2316C06", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "802E3D2B-90B7-4725-854F-4174116BC314", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "7501697A-BCFD-4DC3-8D87-CC9A186D9589", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "0D6C4455-85F4-462D-9FF6-F830ED7D398E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "B600BF4C-8169-4086-BFE6-F066BE5F5406", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "46272D1B-1468-48C0-B37A-7D06FAC39C47", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.6:*:*:*:*:*:*:*", matchCriteriaId: "DA782B4B-486F-4197-BD5D-ABF791D57211", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.7:*:*:*:*:*:*:*", matchCriteriaId: "558D8641-E097-4D91-9B6E-07433844BB82", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.8:*:*:*:*:*:*:*", matchCriteriaId: "0B46F5F1-38FC-4E25-8F04-CA2730561DF8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.9:*:*:*:*:*:*:*", matchCriteriaId: "C69B0A4D-9619-4BEA-A846-C4438C2660F2", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.10:*:*:*:*:*:*:*", matchCriteriaId: "ED17FE35-6B2C-41BF-A7C7-2EECBDB5A934", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.11:*:*:*:*:*:*:*", matchCriteriaId: "78A50750-3A31-482C-B95C-019C8934850E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.12:*:*:*:*:*:*:*", matchCriteriaId: "8FF6AC30-9570-4D4B-835E-CCADEB546F46", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.13:*:*:*:*:*:*:*", matchCriteriaId: "7FB84E4E-6A0A-41C8-9DDF-3C18F526F155", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.14:*:*:*:*:*:*:*", matchCriteriaId: "2E49E5C3-D01F-4DBC-B33A-5495D3EC44F8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.15:*:*:*:*:*:*:*", matchCriteriaId: "79C53B22-9F33-43E7-8D1F-EEB0DEF4B503", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.16:*:*:*:*:*:*:*", matchCriteriaId: "25B60DB2-F50C-42F0-B6C9-B25C34B8F578", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.17:*:*:*:*:*:*:*", matchCriteriaId: "DE973F9E-8387-464F-AFA0-25215B340173", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.18:*:*:*:*:*:*:*", matchCriteriaId: "03D3F0E3-0C50-4A86-87F4-90FC82B312F5", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "CE26BEC0-B9C7-43F0-B0FB-E81870170B29", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "D0778579-A193-4C61-BB1A-6D2E733F3958", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "9ED5DC63-6E9D-4068-95DF-AF8FD9A0A7ED", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.4:*:*:*:*:*:*:*", matchCriteriaId: "8DE890F9-12C0-4D66-B6C1-6A5A87FAD5F0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.5:*:*:*:*:*:*:*", matchCriteriaId: "FB414FE3-3567-474B-B5A7-D3EF5DD63AB8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "AF450F17-12A2-4E33-875A-5F3C2CA4A5C1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.6:*:*:*:*:*:*:*", matchCriteriaId: "E3AB229E-2C32-410B-BFE2-62DCA734C3F3", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "78A6D6B0-9BC0-418E-84EE-23697A0FEC19", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.8:*:*:*:*:*:*:*", matchCriteriaId: "5BF7AFE1-A45A-43B7-B3C7-45C060D046BC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.9:*:*:*:*:*:*:*", matchCriteriaId: "41914354-D5BE-4B1F-BED3-0ECA43586537", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.10:*:*:*:*:*:*:*", matchCriteriaId: "AE9A3716-8670-4847-A6EB-F601184D369E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.11:*:*:*:*:*:*:*", matchCriteriaId: "D0E88EE3-EC00-4F1F-BAEF-4F1F893C5C5F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.12:*:*:*:*:*:*:*", matchCriteriaId: "A330DFA8-BF79-45CC-BF88-6CEA26D7BC9E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.13:*:*:*:*:*:*:*", matchCriteriaId: "679A55F8-34B4-435A-8BCE-8F842F3FB269", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.14:*:*:*:*:*:*:*", matchCriteriaId: "898674F9-6BF7-469F-A74E-558EAFC2CD27", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "6DFAB3BA-BBE9-4CFB-BE6B-BDF3E7772E7F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "C9F523B8-463E-4FB0-ACB6-E36AAAF85CD9", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*", matchCriteriaId: "5BA593D9-907D-4051-A3F2-0F88F01A7C79", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "20D2B364-B98A-4484-A10A-86AF43774096", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*", matchCriteriaId: "0B7BF076-0D43-407A-86DC-D1163922A787", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*", matchCriteriaId: "AA576F49-A7F5-4013-89DF-F6C91C15B547", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*", matchCriteriaId: "5D3F52FE-FFB3-4221-8DC7-3F5680A07429", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*", matchCriteriaId: "604FEF42-ABA7-42C1-8A5F-C3AECFD68481", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*", matchCriteriaId: "DC2568C1-89CB-41C1-9126-A8665614D0B1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*", matchCriteriaId: "C18B5392-3FDB-49E6-89DB-7945D337FBFB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression.", }, { lang: "es", value: "Desbordamiento de búfer en la v3.0 anterior a v3.0.STABLE26, v3.1 anterior a v3.1.15, y v3.2 anterior a v3.2.0.11 permite a servidores remotos Gopher provocar una denegación de servicio (corrupción de memoria y reinicio del demonio) o posiblemente tener un impacto no especificado a través de una respuesta demasiado larga. NOTA: Este problema existe debido a una regresión de CVE-2005-0094.", }, ], id: "CVE-2011-3205", lastModified: "2024-11-21T01:29:58.557", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2011-09-06T15:55:08.383", references: [ { source: "secalert@redhat.com", url: "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065534.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00012.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00013.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { source: "secalert@redhat.com", url: "http://openwall.com/lists/oss-security/2011/08/29/2", }, { source: "secalert@redhat.com", url: "http://openwall.com/lists/oss-security/2011/08/30/4", }, { source: "secalert@redhat.com", url: "http://openwall.com/lists/oss-security/2011/08/30/8", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/45805", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/45906", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/45920", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/45965", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/46029", }, { source: "secalert@redhat.com", url: "http://securitytracker.com/id?1025981", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2011/dsa-2304", }, { source: "secalert@redhat.com", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:150", }, { source: "secalert@redhat.com", url: "http://www.osvdb.org/74847", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2011-1293.html", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/49356", }, { source: "secalert@redhat.com", url: "http://www.squid-cache.org/Advisories/SQUID-2011_3.txt", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v2/2.HEAD/changesets/12710.patch", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9193.patch", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10363.patch", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11294.patch", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=734583", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065534.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00013.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://openwall.com/lists/oss-security/2011/08/29/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://openwall.com/lists/oss-security/2011/08/30/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://openwall.com/lists/oss-security/2011/08/30/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/45805", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/45906", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/45920", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/45965", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/46029", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1025981", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2011/dsa-2304", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:150", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/74847", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2011-1293.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/49356", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.squid-cache.org/Advisories/SQUID-2011_3.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v2/2.HEAD/changesets/12710.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9193.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10363.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11294.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=734583", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-11-26 15:59
Modified
2024-11-21 02:16
Severity ?
Summary
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "CE26BEC0-B9C7-43F0-B0FB-E81870170B29", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "D0778579-A193-4C61-BB1A-6D2E733F3958", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "9ED5DC63-6E9D-4068-95DF-AF8FD9A0A7ED", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.4:*:*:*:*:*:*:*", matchCriteriaId: "8DE890F9-12C0-4D66-B6C1-6A5A87FAD5F0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.5:*:*:*:*:*:*:*", matchCriteriaId: "FB414FE3-3567-474B-B5A7-D3EF5DD63AB8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "AF450F17-12A2-4E33-875A-5F3C2CA4A5C1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.6:*:*:*:*:*:*:*", matchCriteriaId: "E3AB229E-2C32-410B-BFE2-62DCA734C3F3", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "78A6D6B0-9BC0-418E-84EE-23697A0FEC19", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.8:*:*:*:*:*:*:*", matchCriteriaId: "5BF7AFE1-A45A-43B7-B3C7-45C060D046BC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.9:*:*:*:*:*:*:*", matchCriteriaId: "41914354-D5BE-4B1F-BED3-0ECA43586537", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.10:*:*:*:*:*:*:*", matchCriteriaId: "AE9A3716-8670-4847-A6EB-F601184D369E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.11:*:*:*:*:*:*:*", matchCriteriaId: "D0E88EE3-EC00-4F1F-BAEF-4F1F893C5C5F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.12:*:*:*:*:*:*:*", matchCriteriaId: "A330DFA8-BF79-45CC-BF88-6CEA26D7BC9E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.13:*:*:*:*:*:*:*", matchCriteriaId: "679A55F8-34B4-435A-8BCE-8F842F3FB269", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.14:*:*:*:*:*:*:*", matchCriteriaId: "898674F9-6BF7-469F-A74E-558EAFC2CD27", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.15:*:*:*:*:*:*:*", matchCriteriaId: "3F50E718-1CF2-4C8F-A1EA-5F769B203B8A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.16:*:*:*:*:*:*:*", matchCriteriaId: "290D66F4-D27F-4E86-AC95-05082F3C2E36", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.17:*:*:*:*:*:*:*", matchCriteriaId: "A8CD6A42-2C79-48EB-8F6C-0A7CE0C6AAAA", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.18:*:*:*:*:*:*:*", matchCriteriaId: "ABBA9A61-2B05-4527-A49D-425AD5FD863B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.19:*:*:*:*:*:*:*", matchCriteriaId: "E893D7A8-9C39-438C-8EF2-9573EEDC884A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.20:*:*:*:*:*:*:*", matchCriteriaId: "0B707451-BF0E-4F79-A348-B1141ABA6EF8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.21:*:*:*:*:*:*:*", matchCriteriaId: "810AAA9D-F4B2-4F0A-89DD-2D9378516481", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.22:*:*:*:*:*:*:*", matchCriteriaId: "516F3F77-3AEA-489D-A36F-C502B4D9BF01", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "6DFAB3BA-BBE9-4CFB-BE6B-BDF3E7772E7F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "C9F523B8-463E-4FB0-ACB6-E36AAAF85CD9", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*", matchCriteriaId: "5BA593D9-907D-4051-A3F2-0F88F01A7C79", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "20D2B364-B98A-4484-A10A-86AF43774096", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*", matchCriteriaId: "0B7BF076-0D43-407A-86DC-D1163922A787", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*", matchCriteriaId: "AA576F49-A7F5-4013-89DF-F6C91C15B547", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*", matchCriteriaId: "5D3F52FE-FFB3-4221-8DC7-3F5680A07429", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*", matchCriteriaId: "604FEF42-ABA7-42C1-8A5F-C3AECFD68481", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*", matchCriteriaId: "DC2568C1-89CB-41C1-9126-A8665614D0B1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*", matchCriteriaId: "C18B5392-3FDB-49E6-89DB-7945D337FBFB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*", matchCriteriaId: "BA9E0E7F-E93C-4DE9-8D91-5EE50BCFAC2A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.12:*:*:*:*:*:*:*", matchCriteriaId: "0BFF9D8B-343B-415D-8AF8-B07AF94CC48B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.13:*:*:*:*:*:*:*", matchCriteriaId: "16F5794B-BBFB-4B12-9A0B-88A0334681C7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.14:*:*:*:*:*:*:*", matchCriteriaId: "17D0083E-8D50-4DC6-979F-685D5CB588AF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.15:*:*:*:*:*:*:*", matchCriteriaId: "138FAD73-1D25-4F46-B9EA-599FF0EDA1AA", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.16:*:*:*:*:*:*:*", matchCriteriaId: "2CE34DC1-F654-474E-B6A3-D81B9BF4D6CF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.17:*:*:*:*:*:*:*", matchCriteriaId: "8A4BF7AC-7D9F-40D8-A5AA-BE1EBF37CF96", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.18:*:*:*:*:*:*:*", matchCriteriaId: "643E8B9B-C3F4-4171-BF67-D9359BDCE5CB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.19:*:*:*:*:*:*:*", matchCriteriaId: "A73CBC60-1EF1-4730-9350-EB51F269695B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.1:*:*:*:*:*:*:*", matchCriteriaId: "2721E403-A553-492F-897F-1CD1E2685139", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.2:*:*:*:*:*:*:*", matchCriteriaId: "85B091C4-8104-4A1E-A09D-EBCD114DC829", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.3:*:*:*:*:*:*:*", matchCriteriaId: "FA2EDF9C-45AD-4980-8DEF-C7F473B22CAF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.4:*:*:*:*:*:*:*", matchCriteriaId: "BE4B8448-49FA-491C-A6A2-040233D670B1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.5:*:*:*:*:*:*:*", matchCriteriaId: "11480BB1-874C-48EB-BB03-081313310608", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.6:*:*:*:*:*:*:*", matchCriteriaId: "1B739890-99E8-434C-97D4-3739E6C31838", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.7:*:*:*:*:*:*:*", matchCriteriaId: "0C7B1871-3C85-4B88-AB42-E60BF5CDFB04", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0A71DCD2-0E54-46A7-8309-CDB0736AD5C1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.9:*:*:*:*:*:*:*", matchCriteriaId: "CD54BDDF-F7A8-4715-BA0E-4E7F741492FE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.10:*:*:*:*:*:*:*", matchCriteriaId: "9A2B9699-6622-4883-BA03-E3374C54871A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.11:*:*:*:*:*:*:*", matchCriteriaId: "78391DAF-2096-4DC4-80E4-D4D2859DCA32", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.12:*:*:*:*:*:*:*", matchCriteriaId: "9B062A06-31C1-4B23-B7BD-9F751ABD6A37", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0:*:*:*:*:*:*:*", matchCriteriaId: "728DD64E-C267-475A-BEA8-C139581DD7A7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A7A83183-74B1-4041-A961-D9F382AAC7E5", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "4CE8F3F5-45A2-418A-9D8E-4E6DFC888BC6", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "7F4845D4-40D9-431E-A63C-E949B9D9F959", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.1:*:*:*:*:*:*:*", matchCriteriaId: "9EF070E6-0B73-4F6D-8932-B284697FCD2E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.2:*:*:*:*:*:*:*", matchCriteriaId: "6E07992B-92B4-4307-8DBD-085376C1D6DD", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.3:*:*:*:*:*:*:*", matchCriteriaId: "386550A3-A55B-4F24-9625-6A50260ADA72", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.4:*:*:*:*:*:*:*", matchCriteriaId: "810D1F9E-81E5-45F0-B62B-AB0A797FF8B0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.5:*:*:*:*:*:*:*", matchCriteriaId: "4673327A-1E50-47CC-AD83-6A3D2E687292", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.6:*:*:*:*:*:*:*", matchCriteriaId: "6624AF2D-9EF0-4597-B8B2-20D7A309EA6F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.7:*:*:*:*:*:*:*", matchCriteriaId: "E9F75D13-ED59-42A9-A662-AC77DBA20903", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.8:*:*:*:*:*:*:*", matchCriteriaId: "1D2DEDED-818C-42E4-821C-954CE7406DA8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.9:*:*:*:*:*:*:*", matchCriteriaId: "EEED0A2E-AA5D-4835-A7C6-499325A0EB32", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.10:*:*:*:*:*:*:*", matchCriteriaId: "BEDD0AF5-8252-4548-941B-26581393E918", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.11:*:*:*:*:*:*:*", matchCriteriaId: "3E939AD4-B8F3-4BC0-9948-3C92B88D2593", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.12:*:*:*:*:*:*:*", matchCriteriaId: "73CAD438-969B-4D2E-8A2F-9264AFAD9DE2", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "1DD85E57-9A51-42DF-8BF7-E5701BAA64AE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.2:*:*:*:*:*:*:*", matchCriteriaId: "E983C5C3-C93C-4750-8DC5-31D6206335A8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DEC8D212-6E8B-45F7-B7FB-9FFA64C1DB8F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.1:*:*:*:*:*:*:*", matchCriteriaId: "F03B2A6E-1D63-42F2-BB31-18EC120B6543", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.2:*:*:*:*:*:*:*", matchCriteriaId: "3BC83C4B-7C06-40D7-9EF6-76E752E5724B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.3:*:*:*:*:*:*:*", matchCriteriaId: "5C1E1CC9-81A7-47D5-87AC-86703E257D29", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.4:*:*:*:*:*:*:*", matchCriteriaId: "D716D8C4-2089-4E61-9487-B2085B74B5BF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.5:*:*:*:*:*:*:*", matchCriteriaId: "5332A8F5-8F97-465B-AF24-2FEF0B055006", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.6:*:*:*:*:*:*:*", matchCriteriaId: "6567D19B-DF18-4C52-984A-591524A83AD5", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.7:*:*:*:*:*:*:*", matchCriteriaId: "06832CD3-C761-4941-AFAB-822477C568F6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet.", }, { lang: "es", value: "El módulo pinger en Squid 3.x anterior a 3.4.8 permite a atacantes remotos obtener información sensible o causar una denegación de servicio (lectura fuera de rango y caída) a través de un tipo manipulado en un paquete (1) ICMP o (2) ICMP6.", }, ], id: "CVE-2014-7141", lastModified: "2024-11-21T02:16:24.517", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-11-26T15:59:03.557", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { source: "cve@mitre.org", url: "http://seclists.org/oss-sec/2014/q3/539", }, { source: "cve@mitre.org", url: "http://seclists.org/oss-sec/2014/q3/612", }, { source: "cve@mitre.org", url: "http://seclists.org/oss-sec/2014/q3/626", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/60242", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://ubuntu.com/usn/usn-2422-1", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/69688", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2014_4.txt", }, { source: "cve@mitre.org", url: "https://bugzilla.novell.com/show_bug.cgi?id=891268", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://seclists.org/oss-sec/2014/q3/539", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://seclists.org/oss-sec/2014/q3/612", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://seclists.org/oss-sec/2014/q3/626", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/60242", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://ubuntu.com/usn/usn-2422-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/69688", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2014_4.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.novell.com/show_bug.cgi?id=891268", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-19", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:54
Severity ?
Summary
Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recvfrom function call that uses an incorrect length parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | 2.5.stable1 | |
| squid-cache | squid | 2.5.stable2 | |
| squid-cache | squid | 2.5.stable3 | |
| squid-cache | squid | 2.5.stable4 | |
| squid-cache | squid | 2.5.stable5 | |
| squid-cache | squid | 2.5.stable6 | |
| debian | debian_linux | 3.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:2.5.stable1:*:*:*:*:*:*:*", matchCriteriaId: "2914D032-6969-4522-8D2F-B93D55CB4231", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.5.stable2:*:*:*:*:*:*:*", matchCriteriaId: "3DBDF00F-0FCC-4C6B-8541-7FBF2FF79CEB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.5.stable3:*:*:*:*:*:*:*", matchCriteriaId: "1460A9BC-464D-47FC-9CDE-08E094E84520", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.5.stable4:*:*:*:*:*:*:*", matchCriteriaId: "FA370C48-58E9-4A66-8CEB-01ABB90DDDF4", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.5.stable5:*:*:*:*:*:*:*", matchCriteriaId: "F7D47FF1-44FC-4798-B7DB-45B3825496AF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.5.stable6:*:*:*:*:*:*:*", matchCriteriaId: "6AFABF40-3269-44D6-98BE-30030002BB40", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*", matchCriteriaId: "2CAE037F-111C-4A76-8FFE-716B74D65EF3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recvfrom function call that uses an incorrect length parameter.", }, ], id: "CVE-2005-0211", lastModified: "2024-11-20T23:54:38.747", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: true, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-05-02T04:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://fedoranews.org/updates/FEDORA--.shtml", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=110780531820947&w=2", }, { source: "cve@mitre.org", tags: [ "Permissions Required", ], url: "http://secunia.com/advisories/14076", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://securitytracker.com/id?1013045", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.debian.org/security/2005/dsa-667", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/886006", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.novell.com/linux/security/advisories/2005_06_squid.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.osvdb.org/13319", }, { source: "cve@mitre.org", tags: [ "Not Applicable", "Third Party Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-060.html", }, { source: "cve@mitre.org", tags: [ "Not Applicable", "Third Party Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-061.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/12432", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-wccp_buffer_overflow", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-wccp_buffer_overflow.patch", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9573", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://fedoranews.org/updates/FEDORA--.shtml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://marc.info/?l=bugtraq&m=110780531820947&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", ], url: "http://secunia.com/advisories/14076", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://securitytracker.com/id?1013045", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.debian.org/security/2005/dsa-667", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/886006", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.novell.com/linux/security/advisories/2005_06_squid.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.osvdb.org/13319", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", "Third Party Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-060.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", "Third Party Advisory", ], url: "http://www.redhat.com/support/errata/RHSA-2005-061.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/12432", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-wccp_buffer_overflow", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-wccp_buffer_overflow.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9573", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-05-10 19:59
Modified
2024-11-21 02:52
Severity ?
Summary
client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:*:*:*:*:*:*", matchCriteriaId: "62B9F669-6217-498A-902E-22EDEEFC565E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1:*:*:*:*:*:*:*", matchCriteriaId: "6A8586AD-E820-4BAE-AAF9-AC7EF2316C06", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "802E3D2B-90B7-4725-854F-4174116BC314", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "7501697A-BCFD-4DC3-8D87-CC9A186D9589", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "0D6C4455-85F4-462D-9FF6-F830ED7D398E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "B600BF4C-8169-4086-BFE6-F066BE5F5406", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "46272D1B-1468-48C0-B37A-7D06FAC39C47", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.6:*:*:*:*:*:*:*", matchCriteriaId: "DA782B4B-486F-4197-BD5D-ABF791D57211", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.7:*:*:*:*:*:*:*", matchCriteriaId: "558D8641-E097-4D91-9B6E-07433844BB82", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.8:*:*:*:*:*:*:*", matchCriteriaId: "0B46F5F1-38FC-4E25-8F04-CA2730561DF8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.9:*:*:*:*:*:*:*", matchCriteriaId: "C69B0A4D-9619-4BEA-A846-C4438C2660F2", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.10:*:*:*:*:*:*:*", matchCriteriaId: "ED17FE35-6B2C-41BF-A7C7-2EECBDB5A934", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.11:*:*:*:*:*:*:*", matchCriteriaId: "78A50750-3A31-482C-B95C-019C8934850E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.12:*:*:*:*:*:*:*", matchCriteriaId: "8FF6AC30-9570-4D4B-835E-CCADEB546F46", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.13:*:*:*:*:*:*:*", matchCriteriaId: "7FB84E4E-6A0A-41C8-9DDF-3C18F526F155", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.14:*:*:*:*:*:*:*", matchCriteriaId: "2E49E5C3-D01F-4DBC-B33A-5495D3EC44F8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.15:*:*:*:*:*:*:*", matchCriteriaId: "79C53B22-9F33-43E7-8D1F-EEB0DEF4B503", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.16:*:*:*:*:*:*:*", matchCriteriaId: "25B60DB2-F50C-42F0-B6C9-B25C34B8F578", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.17:*:*:*:*:*:*:*", matchCriteriaId: "DE973F9E-8387-464F-AFA0-25215B340173", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.18:*:*:*:*:*:*:*", matchCriteriaId: "03D3F0E3-0C50-4A86-87F4-90FC82B312F5", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "CE26BEC0-B9C7-43F0-B0FB-E81870170B29", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "D0778579-A193-4C61-BB1A-6D2E733F3958", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "9ED5DC63-6E9D-4068-95DF-AF8FD9A0A7ED", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.4:*:*:*:*:*:*:*", matchCriteriaId: "8DE890F9-12C0-4D66-B6C1-6A5A87FAD5F0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.5:*:*:*:*:*:*:*", matchCriteriaId: "FB414FE3-3567-474B-B5A7-D3EF5DD63AB8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "AF450F17-12A2-4E33-875A-5F3C2CA4A5C1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.6:*:*:*:*:*:*:*", matchCriteriaId: "E3AB229E-2C32-410B-BFE2-62DCA734C3F3", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "78A6D6B0-9BC0-418E-84EE-23697A0FEC19", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.8:*:*:*:*:*:*:*", matchCriteriaId: "5BF7AFE1-A45A-43B7-B3C7-45C060D046BC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.9:*:*:*:*:*:*:*", matchCriteriaId: "41914354-D5BE-4B1F-BED3-0ECA43586537", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.10:*:*:*:*:*:*:*", matchCriteriaId: "AE9A3716-8670-4847-A6EB-F601184D369E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.11:*:*:*:*:*:*:*", matchCriteriaId: "D0E88EE3-EC00-4F1F-BAEF-4F1F893C5C5F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.12:*:*:*:*:*:*:*", matchCriteriaId: "A330DFA8-BF79-45CC-BF88-6CEA26D7BC9E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.12.1:*:*:*:*:*:*:*", matchCriteriaId: "0B218819-0975-4E1F-8F6C-D666655937B0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.12.2:*:*:*:*:*:*:*", matchCriteriaId: "594A05FF-E5D2-4132-BF03-44D6866D8133", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.12.3:*:*:*:*:*:*:*", matchCriteriaId: "3B22C192-02F2-4AD4-A305-BADCC09E8075", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.13:*:*:*:*:*:*:*", matchCriteriaId: "679A55F8-34B4-435A-8BCE-8F842F3FB269", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.14:*:*:*:*:*:*:*", matchCriteriaId: "898674F9-6BF7-469F-A74E-558EAFC2CD27", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.15:*:*:*:*:*:*:*", matchCriteriaId: "3F50E718-1CF2-4C8F-A1EA-5F769B203B8A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.16:*:*:*:*:*:*:*", matchCriteriaId: "290D66F4-D27F-4E86-AC95-05082F3C2E36", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.17:*:*:*:*:*:*:*", matchCriteriaId: "A8CD6A42-2C79-48EB-8F6C-0A7CE0C6AAAA", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.18:*:*:*:*:*:*:*", matchCriteriaId: "ABBA9A61-2B05-4527-A49D-425AD5FD863B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.19:*:*:*:*:*:*:*", matchCriteriaId: "E893D7A8-9C39-438C-8EF2-9573EEDC884A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.20:*:*:*:*:*:*:*", matchCriteriaId: "0B707451-BF0E-4F79-A348-B1141ABA6EF8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.21:*:*:*:*:*:*:*", matchCriteriaId: "810AAA9D-F4B2-4F0A-89DD-2D9378516481", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.22:*:*:*:*:*:*:*", matchCriteriaId: "516F3F77-3AEA-489D-A36F-C502B4D9BF01", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "6DFAB3BA-BBE9-4CFB-BE6B-BDF3E7772E7F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "C9F523B8-463E-4FB0-ACB6-E36AAAF85CD9", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*", matchCriteriaId: "5BA593D9-907D-4051-A3F2-0F88F01A7C79", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "20D2B364-B98A-4484-A10A-86AF43774096", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*", matchCriteriaId: "0B7BF076-0D43-407A-86DC-D1163922A787", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*", matchCriteriaId: "AA576F49-A7F5-4013-89DF-F6C91C15B547", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*", matchCriteriaId: "5D3F52FE-FFB3-4221-8DC7-3F5680A07429", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*", matchCriteriaId: "604FEF42-ABA7-42C1-8A5F-C3AECFD68481", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*", matchCriteriaId: "DC2568C1-89CB-41C1-9126-A8665614D0B1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*", matchCriteriaId: "C18B5392-3FDB-49E6-89DB-7945D337FBFB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*", matchCriteriaId: "BA9E0E7F-E93C-4DE9-8D91-5EE50BCFAC2A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.12:*:*:*:*:*:*:*", matchCriteriaId: "0BFF9D8B-343B-415D-8AF8-B07AF94CC48B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.13:*:*:*:*:*:*:*", matchCriteriaId: "16F5794B-BBFB-4B12-9A0B-88A0334681C7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.14:*:*:*:*:*:*:*", matchCriteriaId: "17D0083E-8D50-4DC6-979F-685D5CB588AF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.15:*:*:*:*:*:*:*", matchCriteriaId: "138FAD73-1D25-4F46-B9EA-599FF0EDA1AA", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.16:*:*:*:*:*:*:*", matchCriteriaId: "2CE34DC1-F654-474E-B6A3-D81B9BF4D6CF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.17:*:*:*:*:*:*:*", matchCriteriaId: "8A4BF7AC-7D9F-40D8-A5AA-BE1EBF37CF96", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.18:*:*:*:*:*:*:*", matchCriteriaId: "643E8B9B-C3F4-4171-BF67-D9359BDCE5CB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.19:*:*:*:*:*:*:*", matchCriteriaId: "A73CBC60-1EF1-4730-9350-EB51F269695B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.1:*:*:*:*:*:*:*", matchCriteriaId: "2721E403-A553-492F-897F-1CD1E2685139", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.2:*:*:*:*:*:*:*", matchCriteriaId: "85B091C4-8104-4A1E-A09D-EBCD114DC829", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.3:*:*:*:*:*:*:*", matchCriteriaId: "FA2EDF9C-45AD-4980-8DEF-C7F473B22CAF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.4:*:*:*:*:*:*:*", matchCriteriaId: "BE4B8448-49FA-491C-A6A2-040233D670B1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.5:*:*:*:*:*:*:*", matchCriteriaId: "11480BB1-874C-48EB-BB03-081313310608", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.6:*:*:*:*:*:*:*", matchCriteriaId: "1B739890-99E8-434C-97D4-3739E6C31838", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.7:*:*:*:*:*:*:*", matchCriteriaId: "0C7B1871-3C85-4B88-AB42-E60BF5CDFB04", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0A71DCD2-0E54-46A7-8309-CDB0736AD5C1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.9:*:*:*:*:*:*:*", matchCriteriaId: "CD54BDDF-F7A8-4715-BA0E-4E7F741492FE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.10:*:*:*:*:*:*:*", matchCriteriaId: "9A2B9699-6622-4883-BA03-E3374C54871A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.11:*:*:*:*:*:*:*", matchCriteriaId: "78391DAF-2096-4DC4-80E4-D4D2859DCA32", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.12:*:*:*:*:*:*:*", matchCriteriaId: "9B062A06-31C1-4B23-B7BD-9F751ABD6A37", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.13:*:*:*:*:*:*:*", matchCriteriaId: "DE426934-A9E2-4019-99EA-5A76EA7CDF5C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0:*:*:*:*:*:*:*", matchCriteriaId: "728DD64E-C267-475A-BEA8-C139581DD7A7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A7A83183-74B1-4041-A961-D9F382AAC7E5", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "4CE8F3F5-45A2-418A-9D8E-4E6DFC888BC6", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "7F4845D4-40D9-431E-A63C-E949B9D9F959", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.1:*:*:*:*:*:*:*", matchCriteriaId: "9EF070E6-0B73-4F6D-8932-B284697FCD2E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.2:*:*:*:*:*:*:*", matchCriteriaId: "6E07992B-92B4-4307-8DBD-085376C1D6DD", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.3:*:*:*:*:*:*:*", matchCriteriaId: "386550A3-A55B-4F24-9625-6A50260ADA72", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.4:*:*:*:*:*:*:*", matchCriteriaId: "810D1F9E-81E5-45F0-B62B-AB0A797FF8B0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.5:*:*:*:*:*:*:*", matchCriteriaId: "4673327A-1E50-47CC-AD83-6A3D2E687292", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.6:*:*:*:*:*:*:*", matchCriteriaId: "6624AF2D-9EF0-4597-B8B2-20D7A309EA6F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.7:*:*:*:*:*:*:*", matchCriteriaId: "E9F75D13-ED59-42A9-A662-AC77DBA20903", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.8:*:*:*:*:*:*:*", matchCriteriaId: "1D2DEDED-818C-42E4-821C-954CE7406DA8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.9:*:*:*:*:*:*:*", matchCriteriaId: "EEED0A2E-AA5D-4835-A7C6-499325A0EB32", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.10:*:*:*:*:*:*:*", matchCriteriaId: "BEDD0AF5-8252-4548-941B-26581393E918", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.11:*:*:*:*:*:*:*", matchCriteriaId: "3E939AD4-B8F3-4BC0-9948-3C92B88D2593", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.12:*:*:*:*:*:*:*", matchCriteriaId: "73CAD438-969B-4D2E-8A2F-9264AFAD9DE2", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.13:*:*:*:*:*:*:*", matchCriteriaId: "87259A2E-E132-45BA-8AC4-8CC50B1F659A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.14:*:*:*:*:*:*:*", matchCriteriaId: "76245991-1D91-4475-87E1-FBB77A1B3CDF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "1DD85E57-9A51-42DF-8BF7-E5701BAA64AE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.2:*:*:*:*:*:*:*", matchCriteriaId: "E983C5C3-C93C-4750-8DC5-31D6206335A8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DEC8D212-6E8B-45F7-B7FB-9FFA64C1DB8F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.1:*:*:*:*:*:*:*", matchCriteriaId: "F03B2A6E-1D63-42F2-BB31-18EC120B6543", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.2:*:*:*:*:*:*:*", matchCriteriaId: "3BC83C4B-7C06-40D7-9EF6-76E752E5724B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.3:*:*:*:*:*:*:*", matchCriteriaId: "5C1E1CC9-81A7-47D5-87AC-86703E257D29", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.4:*:*:*:*:*:*:*", matchCriteriaId: "D716D8C4-2089-4E61-9487-B2085B74B5BF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.4.1:*:*:*:*:*:*:*", matchCriteriaId: "1BBC5AAD-34E1-48A5-972A-A09D66EFE825", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.4.2:*:*:*:*:*:*:*", matchCriteriaId: "79E26DC8-1030-4F3F-96B9-6BF159D86FCE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.8:*:*:*:*:*:*:*", matchCriteriaId: "40507A48-FD3B-4309-B017-A1644C5C3520", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.9:*:*:*:*:*:*:*", matchCriteriaId: "0211EBCA-144F-4BDD-8F0C-E5F7BDF96E7A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.10:*:*:*:*:*:*:*", matchCriteriaId: "7A52E699-6C08-4324-AD38-E8D40A02701F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.11:*:*:*:*:*:*:*", matchCriteriaId: "94C493CA-CBF0-4D15-8D1A-0E972E31F7A6", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.12:*:*:*:*:*:*:*", matchCriteriaId: "C398219E-503D-4DE5-85E8-5570536D6FB9", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.13:*:*:*:*:*:*:*", matchCriteriaId: "BBF91088-0BD3-48EB-8D19-C05F156D4A19", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.14:*:*:*:*:*:*:*", matchCriteriaId: "3441D193-DA62-4AC1-8E50-3AEEF8C659F3", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.1:*:*:*:*:*:*:*", matchCriteriaId: "E0868B12-EDF9-42D9-BB43-15F623A3310B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.2:*:*:*:*:*:*:*", matchCriteriaId: "F710949D-F0FE-43F4-ADB3-6EB679A70280", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DCB75144-2437-40A8-8CA3-A487B603F7DE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.4:*:*:*:*:*:*:*", matchCriteriaId: "6CED2CB3-BE78-4818-A6D7-847A1ACE74DC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.1:*:*:*:*:*:*:*", matchCriteriaId: "705D8320-A278-483A-AE47-802044CE685E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.2:*:*:*:*:*:*:*", matchCriteriaId: "715634E1-F7BE-4106-BDA7-B7D147EEA800", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.3:*:*:*:*:*:*:*", matchCriteriaId: "21E9E155-FC6F-46E7-8BF7-65DF097409D3", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.4:*:*:*:*:*:*:*", matchCriteriaId: "CF72FA7A-E35D-4000-9DDA-71E55EA3A4D4", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.5:*:*:*:*:*:*:*", matchCriteriaId: "26A3F10F-938E-44D6-845D-B66EF9812C21", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.6:*:*:*:*:*:*:*", matchCriteriaId: "B1D82EEE-F65E-4657-B0F7-6CE33D219134", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.7:*:*:*:*:*:*:*", matchCriteriaId: "C9E6A845-B67C-4112-8240-9F61D6AF3B0D", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.8:*:*:*:*:*:*:*", matchCriteriaId: "4BEDD7E3-E263-4A09-9C11-3E008E01BC28", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.9:*:*:*:*:*:*:*", matchCriteriaId: "80E3FF16-A6CD-456C-B58A-381A75D8616C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.10:*:*:*:*:*:*:*", matchCriteriaId: "87D02AB2-AA26-4416-B689-02C5EEF2099C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.11:*:*:*:*:*:*:*", matchCriteriaId: "A134E1F1-AFCC-498B-8840-5884CF858769", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.12:*:*:*:*:*:*:*", matchCriteriaId: "D5F4E7D0-B6F4-476E-A011-55619E91A3B0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.13:*:*:*:*:*:*:*", matchCriteriaId: "95588755-27E8-4DB7-B865-A784D3638FE8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.14:*:*:*:*:*:*:*", matchCriteriaId: "2CD4DDBC-4243-459A-B43D-FF8F0AE0BA3C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.15:*:*:*:*:*:*:*", matchCriteriaId: "0F90E11F-FC03-46D9-A9C4-A578196D59D8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.16:*:*:*:*:*:*:*", matchCriteriaId: "EDC9BEE2-D7E4-4192-963C-E9F2364FC8CE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.17:*:*:*:*:*:*:*", matchCriteriaId: "CA0BDDAD-2912-480F-8911-8FF94E1A7415", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", matchCriteriaId: "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", matchCriteriaId: "E88A537F-F4D0-46B9-9E37-965233C2A355", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "060FCBEA-DEAA-42FB-88C9-4B78136B172F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.2:*:*:*:*:*:*:*", matchCriteriaId: "74987102-8CA8-4120-B686-F18579A96A46", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DA7828AA-48B6-44CD-8507-345A4F0A25BC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.4:*:*:*:*:*:*:*", matchCriteriaId: "6640F25F-CC8B-4B05-A97A-2186BD0B5ED8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.5:*:*:*:*:*:*:*", matchCriteriaId: "A037F780-6FC9-4130-908F-B5434FA0C7DE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.6:*:*:*:*:*:*:*", matchCriteriaId: "1DDEB455-F082-44E4-8CEA-019C0084BF05", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.7:*:*:*:*:*:*:*", matchCriteriaId: "49555803-288E-4B0A-B12A-890E5E0AD05F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.8:*:*:*:*:*:*:*", matchCriteriaId: "EBEE374C-365E-49DE-A9F9-6083044C774D", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.9:*:*:*:*:*:*:*", matchCriteriaId: "1B6B2A8E-DD81-43CD-9F5B-E8F87498E513", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*", matchCriteriaId: "CC7A498A-A669-4C42-8134-86103C799D13", vulnerable: true, }, { criteria: "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", matchCriteriaId: "104DA87B-DEE4-4262-AE50-8E6BC43B228B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses.", }, { lang: "es", value: "client_side_request.cc en Squid 3.x en versiones anteriores a 3.5.18 y 4.x en versiones anteriores a 4.0.10 permite a servidores remotos provocar una denegación de servicio (caída) a través de respuestas Edge Side Includes (ESI) manipuladas.", }, ], id: "CVE-2016-4555", lastModified: "2024-11-21T02:52:28.303", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-05-10T19:59:02.323", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Patch", "Vendor Advisory", ], url: "http://bugs.squid-cache.org/show_bug.cgi?id=4455", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2016/dsa-3625", }, { source: "cve@mitre.org", tags: [ "Patch", "Release Notes", ], url: "http://www.openwall.com/lists/oss-security/2016/05/06/3", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/05/06/5", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.securitytracker.com/id/1035770", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_9.txt", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_9.patch", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_9.patch", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2995-1", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2016:1139", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2016:1140", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/201607-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Vendor Advisory", ], url: "http://bugs.squid-cache.org/show_bug.cgi?id=4455", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2016/dsa-3625", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", ], url: "http://www.openwall.com/lists/oss-security/2016/05/06/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/05/06/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.securitytracker.com/id/1035770", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_9.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_9.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_9.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2995-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:1139", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:1140", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/201607-01", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-10-18 09:15
Modified
2024-11-21 06:26
Severity ?
Summary
An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem allows a remote server to obtain security trust well improperly. This indication of trust may be passed along to clients, allowing access to unsafe or hijacked services.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| fedoraproject | fedora | 35 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "9D24F4FC-780E-44DE-B19B-9F63819DE09D", versionEndExcluding: "5.2", versionStartIncluding: "5.0.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem allows a remote server to obtain security trust well improperly. This indication of trust may be passed along to clients, allowing access to unsafe or hijacked services.", }, { lang: "es", value: "Se ha detectado un problema en Squid versiones 5.0.6 hasta 5.1.x anteriores a 5.2. Cuando se comprueba un certificado de servidor de origen o de pares, Squid puede clasificar incorrectamente determinados certificados como confiable. Este problema permite que un servidor remoto obtenga la confianza de seguridad de forma inapropiada. Esta indicación confiable puede ser transmitida a clientes, permitiendo el acceso a servicios no seguros o secuestrados", }, ], id: "CVE-2021-41611", lastModified: "2024-11-21T06:26:31.043", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-10-18T09:15:08.823", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/12/23/2", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v6/changesets/squid-6-43d6b5c81b88ec2256b430c69a872a1e4f324e4a.patch", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-47m4-g3mv-9q5r", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CWQ2WKDWTSO47S3F6XJJ6HGG2ULWEAE4/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/12/23/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v6/changesets/squid-6-43d6b5c81b88ec2256b430c69a872a1e4f324e4a.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-47m4-g3mv-9q5r", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CWQ2WKDWTSO47S3F6XJJ6HGG2ULWEAE4/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-295", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-08-15 17:15
Modified
2024-11-21 04:23
Severity ?
Summary
Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 29 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.04 | |
| canonical | ubuntu_linux | 19.10 | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 15.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "61861774-A71F-48CB-B6B2-0489C57E4E66", versionEndIncluding: "4.7", versionStartIncluding: "4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", matchCriteriaId: "CD783B0C-9246-47D9-A937-6144FE8BFF0F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it.", }, { lang: "es", value: "Debido a una terminación de cadena incorrecta, el archivo cachemgr.cgi de Squid versiones 4.0 hasta 4.7 puede acceder a la memoria no asignada. En sistemas con protecciones de acceso a memoria, esto puede causar que el proceso CGI finalice inesperadamente, resultando en una denegación de servicio para todos los clientes que lo usan.", }, ], id: "CVE-2019-12854", lastModified: "2024-11-21T04:23:43.380", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-08-15T17:15:12.753", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2019_1.txt", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-2981a957716c61ff7e21eee1d7d6eb5a237e466d.patch", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://bugs.squid-cache.org/show_bug.cgi?id=4937", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Aug/42", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4213-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4507", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2019_1.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-2981a957716c61ff7e21eee1d7d6eb5a237e466d.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://bugs.squid-cache.org/show_bug.cgi?id=4937", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Aug/42", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4213-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4507", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-05-27 12:15
Modified
2024-11-21 06:00
Severity ?
Summary
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can easily trigger a large amount of memory consumption.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 | |
| netapp | cloud_manager | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "CB25C152-063D-4C60-8DA0-A0A0256B2310", versionEndExcluding: "4.15", versionStartIncluding: "2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "68801A75-0B13-444A-B88F-8BDD4EE953D3", versionEndExcluding: "5.0.6", versionStartIncluding: "5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "197D0D80-6702-4B61-B681-AFDBA7D69067", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can easily trigger a large amount of memory consumption.", }, { lang: "es", value: "Se detectó un problema en Squid versiones anteriores a 4.15 y versiones 5.x anteriores a 5.0.6. Debido a un bug de administración del búfer, permite una denegación de servicio. Cuando se resuelve una petición con el esquema urn:, el analizador filtra una pequeña cantidad de memoria. Sin embargo, se presenta una metodología de ataque no especificada que puede desencadenar fácilmente una gran cantidad de consumo de memoria", }, ], id: "CVE-2021-28651", lastModified: "2024-11-21T06:00:01.677", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-05-27T12:15:08.197", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2023/Oct/14", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/10/11/3", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugs.squid-cache.org/show_bug.cgi?id=5104", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-ch36-9jhx-phm4", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210716-0007/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4924", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2023/Oct/14", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/10/11/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugs.squid-cache.org/show_bug.cgi?id=5104", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-ch36-9jhx-phm4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210716-0007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4924", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-401", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-09-12 14:55
Modified
2024-11-21 02:14
Severity ?
Summary
Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:2.4.stable1:*:*:*:*:*:*:*", matchCriteriaId: "52528A34-0850-4B9E-BA07-96C3C487AFEA", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.4.stable2:*:*:*:*:*:*:*", matchCriteriaId: "9854B7ED-18A2-46D3-BC5E-6D0616FDCABC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.4.stable3:*:*:*:*:*:*:*", matchCriteriaId: "63CBE3D5-B1FF-4EA6-AA5A-271E324A7E18", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.4.stable4:*:*:*:*:*:*:*", matchCriteriaId: "6A975352-2A0A-42CD-8BC2-F3439FCE910A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.4.stable5:*:*:*:*:*:*:*", matchCriteriaId: "9198C08C-3A28-4C70-A1E2-2594D55CAA53", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.4.stable6:*:*:*:*:*:*:*", matchCriteriaId: "8CA7A0D8-A373-4591-A02E-6B0DB8CEB990", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.4.stable7:*:*:*:*:*:*:*", matchCriteriaId: "00D5BF21-0292-4CDB-A995-CE62C40B6F06", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.5.stable1:*:*:*:*:*:*:*", matchCriteriaId: "2914D032-6969-4522-8D2F-B93D55CB4231", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.5.stable2:*:*:*:*:*:*:*", matchCriteriaId: "3DBDF00F-0FCC-4C6B-8541-7FBF2FF79CEB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.5.stable3:*:*:*:*:*:*:*", matchCriteriaId: "1460A9BC-464D-47FC-9CDE-08E094E84520", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.5.stable4:*:*:*:*:*:*:*", matchCriteriaId: "FA370C48-58E9-4A66-8CEB-01ABB90DDDF4", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.5.stable5:*:*:*:*:*:*:*", matchCriteriaId: "F7D47FF1-44FC-4798-B7DB-45B3825496AF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.5.stable6:*:*:*:*:*:*:*", matchCriteriaId: "6AFABF40-3269-44D6-98BE-30030002BB40", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.5.stable7:*:*:*:*:*:*:*", matchCriteriaId: "15D4C357-F4AC-4BB3-889D-0B76DB28D8A0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.5.stable8:*:*:*:*:*:*:*", matchCriteriaId: "B16B99BF-4DC3-4525-8153-B45287DB5BA1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.5.stable9:*:*:*:*:*:*:*", matchCriteriaId: "00A8E046-A375-442D-B96B-DBD2993652AD", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.5.stable10:*:*:*:*:*:*:*", matchCriteriaId: "CE90AB17-3998-42D6-BB43-577C05BD8380", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.5.stable11:*:*:*:*:*:*:*", matchCriteriaId: "6B516FB5-5779-4F81-812B-A321E3E711FE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.5.stable12:*:*:*:*:*:*:*", matchCriteriaId: "6DD5E8F7-19C7-4733-9A57-033572E8A78B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.5.stable13:*:*:*:*:*:*:*", matchCriteriaId: "EB55AD78-C3FA-4DC5-81F0-83CB1385AE5E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.5.stable14:*:*:*:*:*:*:*", matchCriteriaId: "2B43CE92-434B-4F93-9355-F9CD6D5959EF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.6.stable1:*:*:*:*:*:*:*", matchCriteriaId: "BFC44EF3-8E51-4085-BF6D-57D04C8E8340", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.6.stable2:*:*:*:*:*:*:*", matchCriteriaId: "DB29D4DB-00A6-4119-864C-999C182BA2A1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.6.stable3:*:*:*:*:*:*:*", matchCriteriaId: "8361513B-2354-4530-A695-D90331617281", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.6.stable4:*:*:*:*:*:*:*", matchCriteriaId: "317DF3DF-25DB-4CE6-9528-DFFFCDB2C6FD", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.6.stable5:*:*:*:*:*:*:*", matchCriteriaId: "7DDB0DAC-0F5B-4FA6-9278-673C9270ED9C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.6.stable6:*:*:*:*:*:*:*", matchCriteriaId: "986064E6-7DE5-4632-ACE4-F700A4CD8CCC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.6.stable7:*:*:*:*:*:*:*", matchCriteriaId: "726A4FF6-A281-43A0-AEDB-D07AE665BBFD", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.6.stable8:*:*:*:*:*:*:*", matchCriteriaId: "5B6723FF-DB8C-4364-B404-50C8D19316BA", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.6.stable9:*:*:*:*:*:*:*", matchCriteriaId: "0F3343F7-DAD2-4782-81AE-2FFC050EAC20", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.6.stable10:*:*:*:*:*:*:*", matchCriteriaId: "1F36B48F-8649-4FA8-8B27-CD6481633313", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.6.stable11:*:*:*:*:*:*:*", matchCriteriaId: "CB2FABCA-9DFF-4671-B5FD-91F4843ADE14", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.6.stable12:*:*:*:*:*:*:*", matchCriteriaId: "176881FC-4CD9-46A0-B993-304BB836E361", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.6.stable13:*:*:*:*:*:*:*", matchCriteriaId: "8B9E3B27-CA69-44EB-A77B-79353077D4E7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.6.stable14:*:*:*:*:*:*:*", matchCriteriaId: "DE4FA6B2-CABC-44B8-8BEF-245BB95015B2", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.6.stable15:*:*:*:*:*:*:*", matchCriteriaId: "329A0C99-0475-4118-8E2A-A3F995952EFF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.6.stable16:*:*:*:*:*:*:*", matchCriteriaId: "F2B427C2-15DC-4A49-B0E9-194CA2F8EC7F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.6.stable17:*:*:*:*:*:*:*", matchCriteriaId: "493E5DB0-EFC0-4D16-983E-380FCCEF0ACE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.6.stable18:*:*:*:*:*:*:*", matchCriteriaId: "AFB7FCC8-0C90-49F1-97AD-35BBCB84F282", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.6.stable19:*:*:*:*:*:*:*", matchCriteriaId: "7C2468B0-D8A5-4DE0-B604-B52260833C9E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.6.stable20:*:*:*:*:*:*:*", matchCriteriaId: "599FEFA0-CBA8-4C84-B632-46E3838AD6FF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.6.stable21:*:*:*:*:*:*:*", matchCriteriaId: "90EF0842-FEB5-404C-97C7-FFB2E7FA620E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.6.stable22:*:*:*:*:*:*:*", matchCriteriaId: "FA285976-CD73-4AD7-9F22-A9E0B0D0C876", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.6.stable23:*:*:*:*:*:*:*", matchCriteriaId: "20BD53FF-2712-475E-BE4D-D4A966D792A4", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7.stable1:*:*:*:*:*:*:*", matchCriteriaId: "5EEFEBEE-BA1F-4466-8910-0E643548BC4D", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7.stable2:*:*:*:*:*:*:*", matchCriteriaId: "882B5A39-3C56-4C36-977B-16E684F24F69", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7.stable3:*:*:*:*:*:*:*", matchCriteriaId: "054BB0F6-3438-451C-845E-55F74883EF3D", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7.stable4:*:*:*:*:*:*:*", matchCriteriaId: "C89EF961-A285-43E9-A20F-E0D394CB08D1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7.stable5:*:*:*:*:*:*:*", matchCriteriaId: "0DF54C1E-228E-4EAE-AD2F-50057FCB6AE7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7.stable6:*:*:*:*:*:*:*", matchCriteriaId: "A53A0BE0-2AB4-43A6-A3DB-B8D70FAB1970", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7.stable7:*:*:*:*:*:*:*", matchCriteriaId: "22EB6552-4AD4-42A1-8751-0F222DBBA802", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7.stable8:*:*:*:*:*:*:*", matchCriteriaId: "056A0D7F-8DF5-430E-A9EE-3443E99A2886", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7.stable9:*:*:*:*:*:*:*", matchCriteriaId: "2758C732-401C-4147-AC84-FDD88BBB7E9F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:*:*:*:*:*:*", matchCriteriaId: "62B9F669-6217-498A-902E-22EDEEFC565E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:-:pre1:*:*:*:*:*", matchCriteriaId: "ED54A2B3-6D36-4016-9BF1-83FAD500103F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:-:pre2:*:*:*:*:*", matchCriteriaId: "C4F368E3-88A6-463C-AA18-8FA1B9E35A84", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:-:pre3:*:*:*:*:*", matchCriteriaId: "1451771E-F456-4631-89C8-0A49F4C8F03B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:-:pre4:*:*:*:*:*", matchCriteriaId: "FC881283-D0DF-482E-8A06-5CFCF0FA0BB6", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:-:pre5:*:*:*:*:*", matchCriteriaId: "E746946A-2D07-402B-A071-9B674F6FEA75", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:-:pre6:*:*:*:*:*", matchCriteriaId: "6B1A697B-3777-492F-BA53-0BA7A9934C03", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:-:pre7:*:*:*:*:*", matchCriteriaId: "1C579925-591E-4BD7-A888-B8D2B0228D34", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:rc4:*:*:*:*:*:*", matchCriteriaId: "131C4C00-3811-42BF-A84A-EB2E5DA156B4", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable1:*:*:*:*:*:*:*", matchCriteriaId: "047EDDD6-02F5-4B53-8FCA-781962392080", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable2:*:*:*:*:*:*:*", matchCriteriaId: "01AD43AB-40BF-449F-A121-A8587E7AE449", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable3:*:*:*:*:*:*:*", matchCriteriaId: "3942285D-E20C-45C5-9EF8-821F6D782CB8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable4:*:*:*:*:*:*:*", matchCriteriaId: "B3FDB45B-4D91-4427-9565-812919086E7E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable5:*:*:*:*:*:*:*", matchCriteriaId: "86C3C8B5-C2A3-4454-9F89-38A860278366", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable6:*:*:*:*:*:*:*", matchCriteriaId: "8B37B7B4-2EAC-4C2A-9526-5C62CBA1DB8B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable7:*:*:*:*:*:*:*", matchCriteriaId: "056EDEEE-A09C-47A2-9217-72E4B8387E00", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable8:*:*:*:*:*:*:*", matchCriteriaId: "2593CB12-03E2-4F98-9B89-C09D5EADE077", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable9:*:*:*:*:*:*:*", matchCriteriaId: "A44B7A4F-3070-4092-B9AF-3A1CD0897CC7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable10:*:*:*:*:*:*:*", matchCriteriaId: "EF79D9A9-9C11-4E6D-81D1-32CA8CA95223", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable11:*:*:*:*:*:*:*", matchCriteriaId: "042FE60B-7239-45C7-8EE3-A036AC7778F8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable11:rc1:*:*:*:*:*:*", matchCriteriaId: "FF5EE89A-720F-456A-BD26-FE46BBA29D9A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable12:*:*:*:*:*:*:*", matchCriteriaId: "ADF61A74-9CF9-413E-B997-4FAE5BA28939", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable13:*:*:*:*:*:*:*", matchCriteriaId: "5605B00F-438B-45CC-A55D-E75E57BC4684", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable14:*:*:*:*:*:*:*", matchCriteriaId: "8316B22E-B016-4F0E-9A3F-383E9B1A85A4", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable15:*:*:*:*:*:*:*", matchCriteriaId: "49A2C5CB-E2F1-4A72-9EA3-912050AFEF7F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable16:*:*:*:*:*:*:*", matchCriteriaId: "574C7DCC-B6E5-42A0-AA44-A0BCD67D1884", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable16:rc1:*:*:*:*:*:*", matchCriteriaId: "4D0DAD04-02C4-4FC4-BE08-3CAA3B85EB0B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable17:*:*:*:*:*:*:*", matchCriteriaId: "A2B1F1A5-B435-4A5C-86DF-EC3F29D94417", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable18:*:*:*:*:*:*:*", matchCriteriaId: "113EF7A6-3B8D-4A50-8873-FD36FCBF284C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable19:*:*:*:*:*:*:*", matchCriteriaId: "DC97E2DA-7378-486B-9178-3B38FF58589B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable20:*:*:*:*:*:*:*", matchCriteriaId: "1F178890-2F7E-43F5-8D6D-5EFCD790E758", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable21:*:*:*:*:*:*:*", matchCriteriaId: "9FA231EB-0F06-4D13-B50D-76FC8393187A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable22:*:*:*:*:*:*:*", matchCriteriaId: "31AB1D33-65EE-46DF-9D29-6B2BFACE7EC8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable23:*:*:*:*:*:*:*", matchCriteriaId: "BDA4744F-5FB2-4DF8-A7B9-A33EAB004CBA", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable24:*:*:*:*:*:*:*", matchCriteriaId: "72023FB9-F081-4F0A-9E81-2AF0470EB278", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable25:*:*:*:*:*:*:*", matchCriteriaId: "2F7D973B-9D57-4F74-89B1-A18CDA388EF4", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1:*:*:*:*:*:*:*", matchCriteriaId: "6A8586AD-E820-4BAE-AAF9-AC7EF2316C06", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "802E3D2B-90B7-4725-854F-4174116BC314", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "7501697A-BCFD-4DC3-8D87-CC9A186D9589", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "0D6C4455-85F4-462D-9FF6-F830ED7D398E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "B600BF4C-8169-4086-BFE6-F066BE5F5406", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "46272D1B-1468-48C0-B37A-7D06FAC39C47", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.6:*:*:*:*:*:*:*", matchCriteriaId: "DA782B4B-486F-4197-BD5D-ABF791D57211", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.7:*:*:*:*:*:*:*", matchCriteriaId: "558D8641-E097-4D91-9B6E-07433844BB82", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.8:*:*:*:*:*:*:*", matchCriteriaId: "0B46F5F1-38FC-4E25-8F04-CA2730561DF8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.9:*:*:*:*:*:*:*", matchCriteriaId: "C69B0A4D-9619-4BEA-A846-C4438C2660F2", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.10:*:*:*:*:*:*:*", matchCriteriaId: "ED17FE35-6B2C-41BF-A7C7-2EECBDB5A934", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.11:*:*:*:*:*:*:*", matchCriteriaId: "78A50750-3A31-482C-B95C-019C8934850E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.12:*:*:*:*:*:*:*", matchCriteriaId: "8FF6AC30-9570-4D4B-835E-CCADEB546F46", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.13:*:*:*:*:*:*:*", matchCriteriaId: "7FB84E4E-6A0A-41C8-9DDF-3C18F526F155", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.14:*:*:*:*:*:*:*", matchCriteriaId: "2E49E5C3-D01F-4DBC-B33A-5495D3EC44F8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.15:*:*:*:*:*:*:*", matchCriteriaId: "79C53B22-9F33-43E7-8D1F-EEB0DEF4B503", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.16:*:*:*:*:*:*:*", matchCriteriaId: "25B60DB2-F50C-42F0-B6C9-B25C34B8F578", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.17:*:*:*:*:*:*:*", matchCriteriaId: "DE973F9E-8387-464F-AFA0-25215B340173", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.18:*:*:*:*:*:*:*", matchCriteriaId: "03D3F0E3-0C50-4A86-87F4-90FC82B312F5", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "CE26BEC0-B9C7-43F0-B0FB-E81870170B29", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "D0778579-A193-4C61-BB1A-6D2E733F3958", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "9ED5DC63-6E9D-4068-95DF-AF8FD9A0A7ED", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.4:*:*:*:*:*:*:*", matchCriteriaId: "8DE890F9-12C0-4D66-B6C1-6A5A87FAD5F0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.5:*:*:*:*:*:*:*", matchCriteriaId: "FB414FE3-3567-474B-B5A7-D3EF5DD63AB8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "AF450F17-12A2-4E33-875A-5F3C2CA4A5C1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.6:*:*:*:*:*:*:*", matchCriteriaId: "E3AB229E-2C32-410B-BFE2-62DCA734C3F3", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "78A6D6B0-9BC0-418E-84EE-23697A0FEC19", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.8:*:*:*:*:*:*:*", matchCriteriaId: "5BF7AFE1-A45A-43B7-B3C7-45C060D046BC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.9:*:*:*:*:*:*:*", matchCriteriaId: "41914354-D5BE-4B1F-BED3-0ECA43586537", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.10:*:*:*:*:*:*:*", matchCriteriaId: "AE9A3716-8670-4847-A6EB-F601184D369E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.11:*:*:*:*:*:*:*", matchCriteriaId: "D0E88EE3-EC00-4F1F-BAEF-4F1F893C5C5F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.12:*:*:*:*:*:*:*", matchCriteriaId: "A330DFA8-BF79-45CC-BF88-6CEA26D7BC9E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.13:*:*:*:*:*:*:*", matchCriteriaId: "679A55F8-34B4-435A-8BCE-8F842F3FB269", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.14:*:*:*:*:*:*:*", matchCriteriaId: "898674F9-6BF7-469F-A74E-558EAFC2CD27", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.15:*:*:*:*:*:*:*", matchCriteriaId: "3F50E718-1CF2-4C8F-A1EA-5F769B203B8A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "6DFAB3BA-BBE9-4CFB-BE6B-BDF3E7772E7F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "C9F523B8-463E-4FB0-ACB6-E36AAAF85CD9", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*", matchCriteriaId: "5BA593D9-907D-4051-A3F2-0F88F01A7C79", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "20D2B364-B98A-4484-A10A-86AF43774096", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*", matchCriteriaId: "0B7BF076-0D43-407A-86DC-D1163922A787", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*", matchCriteriaId: "AA576F49-A7F5-4013-89DF-F6C91C15B547", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*", matchCriteriaId: "5D3F52FE-FFB3-4221-8DC7-3F5680A07429", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*", matchCriteriaId: "604FEF42-ABA7-42C1-8A5F-C3AECFD68481", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*", matchCriteriaId: "DC2568C1-89CB-41C1-9126-A8665614D0B1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*", matchCriteriaId: "C18B5392-3FDB-49E6-89DB-7945D337FBFB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*", matchCriteriaId: "BA9E0E7F-E93C-4DE9-8D91-5EE50BCFAC2A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.12:*:*:*:*:*:*:*", matchCriteriaId: "0BFF9D8B-343B-415D-8AF8-B07AF94CC48B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.13:*:*:*:*:*:*:*", matchCriteriaId: "16F5794B-BBFB-4B12-9A0B-88A0334681C7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.14:*:*:*:*:*:*:*", matchCriteriaId: "17D0083E-8D50-4DC6-979F-685D5CB588AF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.15:*:*:*:*:*:*:*", matchCriteriaId: "138FAD73-1D25-4F46-B9EA-599FF0EDA1AA", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.16:*:*:*:*:*:*:*", matchCriteriaId: "2CE34DC1-F654-474E-B6A3-D81B9BF4D6CF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.17:*:*:*:*:*:*:*", matchCriteriaId: "8A4BF7AC-7D9F-40D8-A5AA-BE1EBF37CF96", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.18:*:*:*:*:*:*:*", matchCriteriaId: "643E8B9B-C3F4-4171-BF67-D9359BDCE5CB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.19:*:*:*:*:*:*:*", matchCriteriaId: "A73CBC60-1EF1-4730-9350-EB51F269695B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.1:*:*:*:*:*:*:*", matchCriteriaId: "2721E403-A553-492F-897F-1CD1E2685139", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.2:*:*:*:*:*:*:*", matchCriteriaId: "85B091C4-8104-4A1E-A09D-EBCD114DC829", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.3:*:*:*:*:*:*:*", matchCriteriaId: "FA2EDF9C-45AD-4980-8DEF-C7F473B22CAF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.4:*:*:*:*:*:*:*", matchCriteriaId: "BE4B8448-49FA-491C-A6A2-040233D670B1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.5:*:*:*:*:*:*:*", matchCriteriaId: "11480BB1-874C-48EB-BB03-081313310608", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.6:*:*:*:*:*:*:*", matchCriteriaId: "1B739890-99E8-434C-97D4-3739E6C31838", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.7:*:*:*:*:*:*:*", matchCriteriaId: "0C7B1871-3C85-4B88-AB42-E60BF5CDFB04", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0A71DCD2-0E54-46A7-8309-CDB0736AD5C1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.9:*:*:*:*:*:*:*", matchCriteriaId: "CD54BDDF-F7A8-4715-BA0E-4E7F741492FE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.10:*:*:*:*:*:*:*", matchCriteriaId: "9A2B9699-6622-4883-BA03-E3374C54871A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.11:*:*:*:*:*:*:*", matchCriteriaId: "78391DAF-2096-4DC4-80E4-D4D2859DCA32", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.12:*:*:*:*:*:*:*", matchCriteriaId: "9B062A06-31C1-4B23-B7BD-9F751ABD6A37", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0:*:*:*:*:*:*:*", matchCriteriaId: "728DD64E-C267-475A-BEA8-C139581DD7A7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "4CE8F3F5-45A2-418A-9D8E-4E6DFC888BC6", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "7F4845D4-40D9-431E-A63C-E949B9D9F959", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.1:*:*:*:*:*:*:*", matchCriteriaId: "9EF070E6-0B73-4F6D-8932-B284697FCD2E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.2:*:*:*:*:*:*:*", matchCriteriaId: "6E07992B-92B4-4307-8DBD-085376C1D6DD", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.3:*:*:*:*:*:*:*", matchCriteriaId: "386550A3-A55B-4F24-9625-6A50260ADA72", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.4:*:*:*:*:*:*:*", matchCriteriaId: "810D1F9E-81E5-45F0-B62B-AB0A797FF8B0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.5:*:*:*:*:*:*:*", matchCriteriaId: "4673327A-1E50-47CC-AD83-6A3D2E687292", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.6:*:*:*:*:*:*:*", matchCriteriaId: "6624AF2D-9EF0-4597-B8B2-20D7A309EA6F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.7:*:*:*:*:*:*:*", matchCriteriaId: "E9F75D13-ED59-42A9-A662-AC77DBA20903", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.8:*:*:*:*:*:*:*", matchCriteriaId: "1D2DEDED-818C-42E4-821C-954CE7406DA8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.9:*:*:*:*:*:*:*", matchCriteriaId: "EEED0A2E-AA5D-4835-A7C6-499325A0EB32", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.10:*:*:*:*:*:*:*", matchCriteriaId: "BEDD0AF5-8252-4548-941B-26581393E918", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.11:*:*:*:*:*:*:*", matchCriteriaId: "3E939AD4-B8F3-4BC0-9948-3C92B88D2593", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.12:*:*:*:*:*:*:*", matchCriteriaId: "73CAD438-969B-4D2E-8A2F-9264AFAD9DE2", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "1DD85E57-9A51-42DF-8BF7-E5701BAA64AE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.2:*:*:*:*:*:*:*", matchCriteriaId: "E983C5C3-C93C-4750-8DC5-31D6206335A8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DEC8D212-6E8B-45F7-B7FB-9FFA64C1DB8F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.1:*:*:*:*:*:*:*", matchCriteriaId: "F03B2A6E-1D63-42F2-BB31-18EC120B6543", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.2:*:*:*:*:*:*:*", matchCriteriaId: "3BC83C4B-7C06-40D7-9EF6-76E752E5724B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.3:*:*:*:*:*:*:*", matchCriteriaId: "5C1E1CC9-81A7-47D5-87AC-86703E257D29", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.4:*:*:*:*:*:*:*", matchCriteriaId: "D716D8C4-2089-4E61-9487-B2085B74B5BF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.5:*:*:*:*:*:*:*", matchCriteriaId: "5332A8F5-8F97-465B-AF24-2FEF0B055006", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.6:*:*:*:*:*:*:*", matchCriteriaId: "6567D19B-DF18-4C52-984A-591524A83AD5", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.7:*:*:*:*:*:*:*", matchCriteriaId: "06832CD3-C761-4941-AFAB-822477C568F6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*", matchCriteriaId: "0B1C288F-326B-497B-B26C-D26E01262DDB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow.", }, { lang: "es", value: "Error de superación de límite (off-by-one) en la función snmpHandleUdp en snmp_core.cc en Squid 2.x y 3.x, cuando un puerto SNMP está configurado, permite a atacantes remotos causar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de una solicitud UDP SNMP manipulada, lo que provoca un desbordamiento de buffer basado en memoria dinámica.", }, ], id: "CVE-2014-6270", lastModified: "2024-11-21T02:14:03.690", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-09-12T14:55:07.907", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", "VDB Entry", ], url: "http://seclists.org/oss-sec/2014/q3/542", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://seclists.org/oss-sec/2014/q3/550", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/69686", }, { source: "cve@mitre.org", url: "http://www.ubuntu.com/usn/USN-2921-1", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.novell.com/show_bug.cgi?id=895773", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1139967", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/95873", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/201607-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", "VDB Entry", ], url: "http://seclists.org/oss-sec/2014/q3/542", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://seclists.org/oss-sec/2014/q3/550", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/69686", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2921-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.novell.com/show_bug.cgi?id=895773", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1139967", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/95873", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/201607-01", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-17 22:15
Modified
2024-11-21 06:34
Severity ?
Summary
In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| debian | debian_linux | 12.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "FC9F2659-B37B-4E7B-AE40-B91BF3CE4E88", versionEndIncluding: "3.5.28", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "AD4A9EF2-CA36-4C09-8A67-6AE01B16E04E", versionEndIncluding: "4.17", versionStartIncluding: "4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "56C44696-C2E8-42DC-877F-B97943F8DD87", versionEndExcluding: "5.6", versionStartIncluding: "5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", matchCriteriaId: "46D69DCC-AE4D-4EA5-861C-D60951444C6C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses.", }, { lang: "es", value: "En Squid versiones 3.x hasta 3.5.28, versiones 4.x hasta 4.17 y versiones 5.x anteriores a 5.6, debido a una administración inapropiada del búfer, puede producirse una denegación de servicio cuando son procesadas respuestas largas del servidor Gopher", }, ], id: "CVE-2021-46784", lastModified: "2024-11-21T06:34:42.853", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-17T22:15:08.737", references: [ { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2023/10/13/1", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2023/10/13/10", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2023/10/21/1", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2021_7.patch", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v5/changesets/SQUID-2021_7.patch", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/commit/5e2ea2b13bd98f53e29964ca26bb0d602a8a12b9", }, { source: "cve@mitre.org", tags: [ "Mitigation", "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-f5cp-6rh3-284w", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security-tracker.debian.org/tracker/CVE-2021-46784", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20221223-0007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2023/10/13/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2023/10/13/10", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2023/10/21/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2021_7.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v5/changesets/SQUID-2021_7.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/commit/5e2ea2b13bd98f53e29964ca26bb0d602a8a12b9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-f5cp-6rh3-284w", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security-tracker.debian.org/tracker/CVE-2021-46784", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20221223-0007/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-617", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-07-11 19:15
Modified
2024-11-21 04:23
Severity ?
Summary
An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user controlled data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| fedoraproject | fedora | 29 | |
| debian | debian_linux | 10.0 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.04 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux_eus | 8.1 | |
| redhat | enterprise_linux_eus | 8.2 | |
| redhat | enterprise_linux_eus | 8.4 | |
| redhat | enterprise_linux_eus | 8.6 | |
| redhat | enterprise_linux_server_aus | 8.2 | |
| redhat | enterprise_linux_server_aus | 8.4 | |
| redhat | enterprise_linux_server_aus | 8.6 | |
| redhat | enterprise_linux_server_tus | 8.2 | |
| redhat | enterprise_linux_server_tus | 8.4 | |
| redhat | enterprise_linux_server_tus | 8.6 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "73EA62F6-6E71-49AE-8435-4C8652BA2E78", versionEndIncluding: "4.7", versionStartIncluding: "4.0.23", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", matchCriteriaId: "CD783B0C-9246-47D9-A937-6144FE8BFF0F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", matchCriteriaId: "92BC9265-6959-4D37-BE5E-8C45E98992F8", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "831F0F47-3565-4763-B16F-C87B1FF2035E", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "0E3F09B5-569F-4C58-9FCA-3C0953D107B5", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "6C3741B8-851F-475D-B428-523F4F722350", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "6897676D-53F9-45B3-B27F-7FF9A4C58D33", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "E28F226A-CBC7-4A32-BE58-398FA5B42481", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "76C24D94-834A-4E9D-8F73-624AFA99AAA2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "B09ACF2D-D83F-4A86-8185-9569605D8EE1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "AC10D919-57FD-4725-B8D2-39ECB476902F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "1272DF03-7674-4BD4-8E64-94004B195448", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user controlled data.", }, { lang: "es", value: "Se detectó un problema en Squid versiones 4.0.23 hasta 4.7. Al comprobar la autenticación básica con la función HttpHeader::getAuth, Squid utiliza un búfer global para almacenar los datos descodificados. Squid no comprueba que la longitud descodificada no sea superior que el búfer, lo que conlleva a un desbordamiento de búfer en la región heap de la memoria con datos controlados por el usuario.", }, ], id: "CVE-2019-12527", lastModified: "2024-11-21T04:23:02.620", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-07-11T19:15:13.097", references: [ { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/109143", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2593", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/commits/v4", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Aug/42", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4065-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4507", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/109143", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2019:2593", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/commits/v4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Aug/42", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4065-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4507", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-02-04 21:15
Modified
2024-11-21 04:23
Severity ?
Summary
An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| opensuse | leap | 15.1 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.10 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "CCB84835-9A10-4970-8A4B-6467A2BD4FCB", versionEndExcluding: "4.10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes.", }, { lang: "es", value: "Se detectó un problema en Squid versiones anteriores a 4.10. Permite a un servidor FTP diseñado desencadenar una divulgación de información confidencial de la memoria de la pila, tal y como la información asociada con las sesiones de otros usuarios o procesos que no son de Squid.", }, ], id: "CVE-2019-12528", lastModified: "2024-11-21T04:23:02.807", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-02-04T21:15:10.807", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2020_2.txt", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202003-34", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4289-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4682", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2020_2.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202003-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4289-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4682", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-11-09 11:29
Modified
2024-11-21 03:57
Severity ?
Summary
Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| debian | debian_linux | 8.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "CA0D3B55-6D37-49A2-93E4-9E227195CBE8", versionEndExcluding: "4.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet.", }, { lang: "es", value: "Squid en versiones anteriores a la 4.4, cuando está habilitado SNMP, permite una denegación de servicio (fuga de memoria) mediante un paquete SNMP.", }, ], id: "CVE-2018-19132", lastModified: "2024-11-21T03:57:23.527", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-11-09T11:29:03.953", references: [ { source: "cve@mitre.org", tags: [ "Mitigation", "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2018_5.txt", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v5/changesets/squid-5-644131ff1e00c1895d77561f561d29c104ba6b11.patch", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/pull/313", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00032.html", }, { source: "cve@mitre.org", url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/4059-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2018_5.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v5/changesets/squid-5-644131ff1e00c1895d77561f561d29c104ba6b11.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/pull/313", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00032.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/4059-1/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-772", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-02-04 20:15
Modified
2024-11-21 05:38
Severity ?
Summary
An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating and a denial of service for all clients using the proxy.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| opensuse | leap | 15.1 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.10 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "CCB84835-9A10-4970-8A4B-6467A2BD4FCB", versionEndExcluding: "4.10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating and a denial of service for all clients using the proxy.", }, { lang: "es", value: "Se detectó un problema en Squid versiones anteriores a 4.10. Debido a una comprobación de entrada incorrecta, el analizador de credenciales de autenticación NTLM en la función ext_lm_group_acl puede escribir en la memoria fuera del búfer de credenciales. En sistemas con protecciones de acceso a la memoria, esto puede resultar en que el proceso auxiliar termine inesperadamente. Esto conlleva a que el proceso de Squid también termine y a una denegación de servicio para todos los clientes que están usando el proxy.", }, ], id: "CVE-2020-8517", lastModified: "2024-11-21T05:38:59.020", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-02-04T20:15:14.857", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2020_3.txt", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-6982f1187a26557e582172965e266f544ea562a5.patch", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202003-34", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210304-0002/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4289-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2020_3.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-6982f1187a26557e582172965e266f544ea562a5.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202003-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210304-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4289-1/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-06-30 19:15
Modified
2024-11-21 05:02
Severity ?
Summary
An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a TLS connection to an attacker-controlled server for HTTPS. This occurs because unrecognized error values are mapped to NULL, but later code expects that each error value is mapped to a valid error string.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| fedoraproject | fedora | 31 | |
| netapp | cloud_manager | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "E3828B8E-1FF7-4707-BB24-6C7CABC37362", versionEndIncluding: "3.5.28", versionStartIncluding: "3.1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "C3430B4A-4E1E-438D-9C84-4CFED6A3F023", versionEndExcluding: "4.12", versionStartIncluding: "4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "137B599B-80D1-4903-8791-40F11BC3FCD9", versionEndExcluding: "5.0.3", versionStartIncluding: "5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "197D0D80-6702-4B61-B681-AFDBA7D69067", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a TLS connection to an attacker-controlled server for HTTPS. This occurs because unrecognized error values are mapped to NULL, but later code expects that each error value is mapped to a valid error string.", }, { lang: "es", value: "Se detectó un problema en Squid versiones anteriores a 4.12 y versiones 5.x anteriores a 5.0.3. Debido al uso de una función potencialmente peligrosa, Squid y el asistente de comprobación de certificados predeterminado son vulnerables a una Denegación de Servicio al abrir una conexión TLS en un servidor controlado por el atacante por HTTPS. Esto ocurre porque los valores de error no reconocidos son asignados a NULL, pero el código posterior espera que cada valor de error sea asignado a una cadena de error válida", }, ], id: "CVE-2020-14058", lastModified: "2024-11-21T05:02:27.447", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-06-30T19:15:11.130", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2020_6.txt", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-93f5fda134a2a010b84ffedbe833d670e63ba4be.patch", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v5/changesets/squid-5-c6d1a4f6a2cbebceebc8a3fcd8f539ceb7b7f723.patch", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3RG5FGSTCAYVIJPJHIY3MRZ7NFT6HDO7/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210312-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2020_6.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-93f5fda134a2a010b84ffedbe833d670e63ba4be.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v5/changesets/squid-5-c6d1a4f6a2cbebceebc8a3fcd8f539ceb7b7f723.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3RG5FGSTCAYVIJPJHIY3MRZ7NFT6HDO7/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210312-0001/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-04-19 21:59
Modified
2024-11-21 02:48
Severity ?
Summary
The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintext HTTP message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | 4.0.4 | |
| squid-cache | squid | 4.0.5 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "9EBF17FC-0EA0-4489-8FC5-FD2CA5CED77E", versionEndIncluding: "3.5.13", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.4:*:*:*:*:*:*:*", matchCriteriaId: "6640F25F-CC8B-4B05-A97A-2186BD0B5ED8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.5:*:*:*:*:*:*:*", matchCriteriaId: "A037F780-6FC9-4130-908F-B5434FA0C7DE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintext HTTP message.", }, { lang: "es", value: "El método FwdState::connectedToPeer en FwdState.cc en Squid en versiones anteriores a 3.5.14 y 4.0.x en versiones anteriores a 4.0.6 no maneja correctamente los errores de apretones de manos SSL cuando se construye con la opción --with-openssl, lo que permite a atacantes remotos causar una denegación de servicio (caída de aplicación) a través de un mensaje HTTP en texto plano.", }, ], id: "CVE-2016-2390", lastModified: "2024-11-21T02:48:22.447", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-04-19T21:59:07.957", references: [ { source: "cve@mitre.org", url: "http://bugs.squid-cache.org/show_bug.cgi?id=4437", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://lists.squid-cache.org/pipermail/squid-announce/2016-February/000037.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://lists.squid-cache.org/pipermail/squid-announce/2016-February/000038.html", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id/1035045", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_1.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://bugs.squid-cache.org/show_bug.cgi?id=4437", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://lists.squid-cache.org/pipermail/squid-announce/2016-February/000037.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://lists.squid-cache.org/pipermail/squid-announce/2016-February/000038.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1035045", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_1.txt", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-19 05:15
Modified
2024-11-21 05:17
Severity ?
Summary
An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 32 | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 | |
| netapp | cloud_manager | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "7B208B84-A890-4495-B7EC-AD1023E9522D", versionEndExcluding: "4.14", versionStartIncluding: "2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "91D0229E-67AA-43EA-9178-5EF50D38F700", versionEndExcluding: "5.0.5", versionStartIncluding: "5.0.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "197D0D80-6702-4B61-B681-AFDBA7D69067", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings.", }, { lang: "es", value: "Se detectó un problema en Squid versiones hasta 4.13 y versiones 5.x hasta 5.0.4. Debido a una comprobación inapropiada de la entrada, permite a un cliente confiable llevar a cabo un Trafico No Autorizado de Peticiones HTTP y acceder a servicios que de otro modo estarían prohibidos por los controles de seguridad. Esto ocurre para determinados ajustes de configuración de uri_whitespace", }, ], id: "CVE-2020-25097", lastModified: "2024-11-21T05:17:19.900", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-19T05:15:12.480", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_11.patch", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v5/changesets/SQUID-2020_11.patch", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-jvf6-h9gj-pmj6", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJMDRVV677AJL4BZAOLCT5LMFCGBZTC2/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FBXFWKIGXPERDVQXG556LLPUOCMQGERC/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3RYBDMJCPYGOSURWDR3WJTE474UFT77/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202105-14", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210727-0010/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4873", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_11.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v5/changesets/SQUID-2020_11.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-jvf6-h9gj-pmj6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJMDRVV677AJL4BZAOLCT5LMFCGBZTC2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FBXFWKIGXPERDVQXG556LLPUOCMQGERC/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3RYBDMJCPYGOSURWDR3WJTE474UFT77/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202105-14", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210727-0010/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4873", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, { lang: "en", value: "CWE-444", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-11-26 17:15
Modified
2024-11-21 04:33
Severity ?
Summary
An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incorrect input validation, there is a heap-based buffer overflow that can result in Denial of Service to all clients using the proxy. Severity is high due to this vulnerability occurring before normal security checks; any remote client that can reach the proxy port can trivially perform the attack via a crafted URI scheme.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.04 | |
| canonical | ubuntu_linux | 19.10 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "FC9F2659-B37B-4E7B-AE40-B91BF3CE4E88", versionEndIncluding: "3.5.28", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "A278895E-7005-4F4B-8649-A013F60E33D4", versionEndIncluding: "4.8", versionStartIncluding: "4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", matchCriteriaId: "CD783B0C-9246-47D9-A937-6144FE8BFF0F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incorrect input validation, there is a heap-based buffer overflow that can result in Denial of Service to all clients using the proxy. Severity is high due to this vulnerability occurring before normal security checks; any remote client that can reach the proxy port can trivially perform the attack via a crafted URI scheme.", }, { lang: "es", value: "Se descubrió un problema en Squid versiones 2.x, 3.x y versiones 4.x hasta 4.8. Debido a una comprobación de entrada incorrecta, hay un desbordamiento del búfer en la región heap de la memoria que puede resultar en una Denegación de Servicio a todos los clientes que usan el proxy. La gravedad es alta debido a que esta vulnerabilidad ocurre antes de las comprobaciones de seguridad normales; cualquier cliente remoto que pueda alcanzar el puerto proxy puede realizar trivialmente el ataque por medio de un esquema de URI especialmente diseñado.", }, ], id: "CVE-2019-18676", lastModified: "2024-11-21T04:33:30.657", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-11-26T17:15:12.843", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2019_8.txt", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-fbbdf75efd7a5cc244b4886a9d42ea458c5a3a73.patch", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1156329", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/pull/275", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4213-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4446-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4682", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2019_8.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-fbbdf75efd7a5cc244b4886a9d42ea458c5a3a73.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1156329", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/pull/275", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4213-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4446-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4682", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-12-20 12:02
Modified
2024-11-21 01:45
Severity ?
Summary
Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:2.0:*:*:*:*:*:*:*", matchCriteriaId: "B7EB3DBC-313E-4F55-90F3-BED0918A4EFE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.1:*:*:*:*:*:*:*", matchCriteriaId: "C3DCC264-510E-43D1-9C13-99CEA54C7940", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.2:*:*:*:*:*:*:*", matchCriteriaId: "ED31C038-4142-4C2C-B540-9223C5C199FB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.3:*:*:*:*:*:*:*", matchCriteriaId: "177060A9-6211-4B6D-96BE-48B4BD1FAFEE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.4:*:*:*:*:*:*:*", matchCriteriaId: "A7E210DD-8EE6-4182-A78E-F791FCFDEFCF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.5:*:*:*:*:*:*:*", matchCriteriaId: "50327E36-756E-434D-804D-1E44A4ABAE1F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.6:*:*:*:*:*:*:*", matchCriteriaId: "3AE100C3-0245-4305-B514-77D0572C2947", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:*:*:*:*:*:*:*", matchCriteriaId: "35C30CB9-FA3A-408D-A8B0-8805E75657BE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable3:*:*:*:*:*:*", matchCriteriaId: "A03692DD-779F-4E3C-861C-29943870A816", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable4:*:*:*:*:*:*", matchCriteriaId: "79FF6B3C-A3CE-4AA2-80F9-44D05A6B2F08", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:*:*:*:*:*:*", matchCriteriaId: "62B9F669-6217-498A-902E-22EDEEFC565E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:-:pre1:*:*:*:*:*", matchCriteriaId: "ED54A2B3-6D36-4016-9BF1-83FAD500103F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:-:pre2:*:*:*:*:*", matchCriteriaId: "C4F368E3-88A6-463C-AA18-8FA1B9E35A84", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:-:pre3:*:*:*:*:*", matchCriteriaId: "1451771E-F456-4631-89C8-0A49F4C8F03B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:-:pre4:*:*:*:*:*", matchCriteriaId: "FC881283-D0DF-482E-8A06-5CFCF0FA0BB6", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:-:pre5:*:*:*:*:*", matchCriteriaId: "E746946A-2D07-402B-A071-9B674F6FEA75", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:-:pre6:*:*:*:*:*", matchCriteriaId: "6B1A697B-3777-492F-BA53-0BA7A9934C03", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:-:pre7:*:*:*:*:*", matchCriteriaId: "1C579925-591E-4BD7-A888-B8D2B0228D34", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:rc4:*:*:*:*:*:*", matchCriteriaId: "131C4C00-3811-42BF-A84A-EB2E5DA156B4", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable1:*:*:*:*:*:*:*", matchCriteriaId: "047EDDD6-02F5-4B53-8FCA-781962392080", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable2:*:*:*:*:*:*:*", matchCriteriaId: "01AD43AB-40BF-449F-A121-A8587E7AE449", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable3:*:*:*:*:*:*:*", matchCriteriaId: "3942285D-E20C-45C5-9EF8-821F6D782CB8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable4:*:*:*:*:*:*:*", matchCriteriaId: "B3FDB45B-4D91-4427-9565-812919086E7E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable5:*:*:*:*:*:*:*", matchCriteriaId: "86C3C8B5-C2A3-4454-9F89-38A860278366", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable6:*:*:*:*:*:*:*", matchCriteriaId: "8B37B7B4-2EAC-4C2A-9526-5C62CBA1DB8B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable7:*:*:*:*:*:*:*", matchCriteriaId: "056EDEEE-A09C-47A2-9217-72E4B8387E00", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable8:*:*:*:*:*:*:*", matchCriteriaId: "2593CB12-03E2-4F98-9B89-C09D5EADE077", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable9:*:*:*:*:*:*:*", matchCriteriaId: "A44B7A4F-3070-4092-B9AF-3A1CD0897CC7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable10:*:*:*:*:*:*:*", matchCriteriaId: "EF79D9A9-9C11-4E6D-81D1-32CA8CA95223", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable11:*:*:*:*:*:*:*", matchCriteriaId: "042FE60B-7239-45C7-8EE3-A036AC7778F8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable11:rc1:*:*:*:*:*:*", matchCriteriaId: "FF5EE89A-720F-456A-BD26-FE46BBA29D9A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable12:*:*:*:*:*:*:*", matchCriteriaId: "ADF61A74-9CF9-413E-B997-4FAE5BA28939", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable13:*:*:*:*:*:*:*", matchCriteriaId: "5605B00F-438B-45CC-A55D-E75E57BC4684", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable14:*:*:*:*:*:*:*", matchCriteriaId: "8316B22E-B016-4F0E-9A3F-383E9B1A85A4", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable15:*:*:*:*:*:*:*", matchCriteriaId: "49A2C5CB-E2F1-4A72-9EA3-912050AFEF7F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable16:*:*:*:*:*:*:*", matchCriteriaId: "574C7DCC-B6E5-42A0-AA44-A0BCD67D1884", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable16:rc1:*:*:*:*:*:*", matchCriteriaId: "4D0DAD04-02C4-4FC4-BE08-3CAA3B85EB0B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable17:*:*:*:*:*:*:*", matchCriteriaId: "A2B1F1A5-B435-4A5C-86DF-EC3F29D94417", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable18:*:*:*:*:*:*:*", matchCriteriaId: "113EF7A6-3B8D-4A50-8873-FD36FCBF284C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable19:*:*:*:*:*:*:*", matchCriteriaId: "DC97E2DA-7378-486B-9178-3B38FF58589B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable20:*:*:*:*:*:*:*", matchCriteriaId: "1F178890-2F7E-43F5-8D6D-5EFCD790E758", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable21:*:*:*:*:*:*:*", matchCriteriaId: "9FA231EB-0F06-4D13-B50D-76FC8393187A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable22:*:*:*:*:*:*:*", matchCriteriaId: "31AB1D33-65EE-46DF-9D29-6B2BFACE7EC8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable23:*:*:*:*:*:*:*", matchCriteriaId: "BDA4744F-5FB2-4DF8-A7B9-A33EAB004CBA", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable24:*:*:*:*:*:*:*", matchCriteriaId: "72023FB9-F081-4F0A-9E81-2AF0470EB278", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable25:*:*:*:*:*:*:*", matchCriteriaId: "2F7D973B-9D57-4F74-89B1-A18CDA388EF4", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1:*:*:*:*:*:*:*", matchCriteriaId: "6A8586AD-E820-4BAE-AAF9-AC7EF2316C06", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "802E3D2B-90B7-4725-854F-4174116BC314", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "7501697A-BCFD-4DC3-8D87-CC9A186D9589", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "0D6C4455-85F4-462D-9FF6-F830ED7D398E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "B600BF4C-8169-4086-BFE6-F066BE5F5406", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "46272D1B-1468-48C0-B37A-7D06FAC39C47", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.6:*:*:*:*:*:*:*", matchCriteriaId: "DA782B4B-486F-4197-BD5D-ABF791D57211", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.7:*:*:*:*:*:*:*", matchCriteriaId: "558D8641-E097-4D91-9B6E-07433844BB82", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.8:*:*:*:*:*:*:*", matchCriteriaId: "0B46F5F1-38FC-4E25-8F04-CA2730561DF8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.9:*:*:*:*:*:*:*", matchCriteriaId: "C69B0A4D-9619-4BEA-A846-C4438C2660F2", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.10:*:*:*:*:*:*:*", matchCriteriaId: "ED17FE35-6B2C-41BF-A7C7-2EECBDB5A934", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.11:*:*:*:*:*:*:*", matchCriteriaId: "78A50750-3A31-482C-B95C-019C8934850E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.12:*:*:*:*:*:*:*", matchCriteriaId: "8FF6AC30-9570-4D4B-835E-CCADEB546F46", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.13:*:*:*:*:*:*:*", matchCriteriaId: "7FB84E4E-6A0A-41C8-9DDF-3C18F526F155", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.14:*:*:*:*:*:*:*", matchCriteriaId: "2E49E5C3-D01F-4DBC-B33A-5495D3EC44F8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.15:*:*:*:*:*:*:*", matchCriteriaId: "79C53B22-9F33-43E7-8D1F-EEB0DEF4B503", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.16:*:*:*:*:*:*:*", matchCriteriaId: "25B60DB2-F50C-42F0-B6C9-B25C34B8F578", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.17:*:*:*:*:*:*:*", matchCriteriaId: "DE973F9E-8387-464F-AFA0-25215B340173", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.18:*:*:*:*:*:*:*", matchCriteriaId: "03D3F0E3-0C50-4A86-87F4-90FC82B312F5", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "CE26BEC0-B9C7-43F0-B0FB-E81870170B29", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "D0778579-A193-4C61-BB1A-6D2E733F3958", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.10:*:*:*:*:*:*:*", matchCriteriaId: "AE9A3716-8670-4847-A6EB-F601184D369E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.11:*:*:*:*:*:*:*", matchCriteriaId: "D0E88EE3-EC00-4F1F-BAEF-4F1F893C5C5F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.12:*:*:*:*:*:*:*", matchCriteriaId: "A330DFA8-BF79-45CC-BF88-6CEA26D7BC9E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.13:*:*:*:*:*:*:*", matchCriteriaId: "679A55F8-34B4-435A-8BCE-8F842F3FB269", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.14:*:*:*:*:*:*:*", matchCriteriaId: "898674F9-6BF7-469F-A74E-558EAFC2CD27", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.15:*:*:*:*:*:*:*", matchCriteriaId: "3F50E718-1CF2-4C8F-A1EA-5F769B203B8A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.16:*:*:*:*:*:*:*", matchCriteriaId: "290D66F4-D27F-4E86-AC95-05082F3C2E36", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.17:*:*:*:*:*:*:*", matchCriteriaId: "A8CD6A42-2C79-48EB-8F6C-0A7CE0C6AAAA", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.18:*:*:*:*:*:*:*", matchCriteriaId: "ABBA9A61-2B05-4527-A49D-425AD5FD863B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.19:*:*:*:*:*:*:*", matchCriteriaId: "E893D7A8-9C39-438C-8EF2-9573EEDC884A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.20:*:*:*:*:*:*:*", matchCriteriaId: "0B707451-BF0E-4F79-A348-B1141ABA6EF8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.21:*:*:*:*:*:*:*", matchCriteriaId: "810AAA9D-F4B2-4F0A-89DD-2D9378516481", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "6DFAB3BA-BBE9-4CFB-BE6B-BDF3E7772E7F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "C9F523B8-463E-4FB0-ACB6-E36AAAF85CD9", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*", matchCriteriaId: "5BA593D9-907D-4051-A3F2-0F88F01A7C79", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "20D2B364-B98A-4484-A10A-86AF43774096", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*", matchCriteriaId: "0B7BF076-0D43-407A-86DC-D1163922A787", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*", matchCriteriaId: "AA576F49-A7F5-4013-89DF-F6C91C15B547", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*", matchCriteriaId: "5D3F52FE-FFB3-4221-8DC7-3F5680A07429", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*", matchCriteriaId: "604FEF42-ABA7-42C1-8A5F-C3AECFD68481", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*", matchCriteriaId: "DC2568C1-89CB-41C1-9126-A8665614D0B1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*", matchCriteriaId: "C18B5392-3FDB-49E6-89DB-7945D337FBFB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*", matchCriteriaId: "BA9E0E7F-E93C-4DE9-8D91-5EE50BCFAC2A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.12:*:*:*:*:*:*:*", matchCriteriaId: "0BFF9D8B-343B-415D-8AF8-B07AF94CC48B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.13:*:*:*:*:*:*:*", matchCriteriaId: "16F5794B-BBFB-4B12-9A0B-88A0334681C7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.14:*:*:*:*:*:*:*", matchCriteriaId: "17D0083E-8D50-4DC6-979F-685D5CB588AF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.15:*:*:*:*:*:*:*", matchCriteriaId: "138FAD73-1D25-4F46-B9EA-599FF0EDA1AA", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.16:*:*:*:*:*:*:*", matchCriteriaId: "2CE34DC1-F654-474E-B6A3-D81B9BF4D6CF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.17:*:*:*:*:*:*:*", matchCriteriaId: "8A4BF7AC-7D9F-40D8-A5AA-BE1EBF37CF96", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.18:*:*:*:*:*:*:*", matchCriteriaId: "643E8B9B-C3F4-4171-BF67-D9359BDCE5CB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.19:*:*:*:*:*:*:*", matchCriteriaId: "A73CBC60-1EF1-4730-9350-EB51F269695B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.1:*:*:*:*:*:*:*", matchCriteriaId: "2721E403-A553-492F-897F-1CD1E2685139", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.2:*:*:*:*:*:*:*", matchCriteriaId: "85B091C4-8104-4A1E-A09D-EBCD114DC829", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.3:*:*:*:*:*:*:*", matchCriteriaId: "FA2EDF9C-45AD-4980-8DEF-C7F473B22CAF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A7A83183-74B1-4041-A961-D9F382AAC7E5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials.", }, { lang: "es", value: "Varias fugas de memoria en tools/cachemgr.cc en cachemgr.cgi en Squid v2.x y v3.x antes de v3.1.22, v3.2.x antes de v3.2.4 y v3.3.x antes de v3.3.0.2 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de (1) cabeceras Content-Length no válidas, (2) largas peticiones POST, o (3) credenciales de autenticación manipuladas.", }, ], id: "CVE-2012-5643", lastModified: "2024-11-21T01:45:01.867", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-12-20T12:02:19.840", references: [ { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00052.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00075.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-updates/2013-09/msg00025.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-updates/2013-09/msg00032.html", }, { source: "secalert@redhat.com", url: "http://openwall.com/lists/oss-security/2012/12/17/4", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2013-0505.html", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/52024", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/54839", }, { source: "secalert@redhat.com", url: "http://ubuntu.com/usn/usn-1713-1", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2013/dsa-2631", }, { source: "secalert@redhat.com", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2013:129", }, { source: "secalert@redhat.com", url: "http://www.securitytracker.com/id?1027890", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2012_1.txt", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10479.patch", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11714.patch", }, { source: "secalert@redhat.com", url: "https://bugs.gentoo.org/show_bug.cgi?id=447596", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=887962", }, { source: "secalert@redhat.com", url: "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0368", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00052.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00075.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2013-09/msg00025.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2013-09/msg00032.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://openwall.com/lists/oss-security/2012/12/17/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2013-0505.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/52024", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/54839", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://ubuntu.com/usn/usn-1713-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2013/dsa-2631", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2013:129", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1027890", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2012_1.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10479.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11714.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugs.gentoo.org/show_bug.cgi?id=447596", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=887962", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0368", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2009-08-18 21:00
Modified
2024-11-21 01:05
Severity ?
Summary
The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:2.7:*:*:*:*:*:*:*", matchCriteriaId: "35C30CB9-FA3A-408D-A8B0-8805E75657BE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable3:*:*:*:*:*:*", matchCriteriaId: "A03692DD-779F-4E3C-861C-29943870A816", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable4:*:*:*:*:*:*", matchCriteriaId: "79FF6B3C-A3CE-4AA2-80F9-44D05A6B2F08", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function.", }, { lang: "es", value: "La función strListGetItem en src/HttpHeaderTools.c en Squid v2.7 a permite a los atacantes remotos causar una denegación de servicio a través de una cabecera auth manipulada con ciertos delimitadores coma que lanzan un bucle infinito de llamadas a la función strcspn.", }, ], id: "CVE-2009-2855", lastModified: "2024-11-21T01:05:54.650", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2009-08-18T21:00:00.640", references: [ { source: "cve@mitre.org", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534982", }, { source: "cve@mitre.org", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=31%3Bfilename=diff%3Batt=1%3Bbug=534982", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2009/07/20/10", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2009/08/03/3", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2009/08/04/6", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/36091", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id?1022757", }, { source: "cve@mitre.org", url: "http://www.squid-cache.org/bugs/show_bug.cgi?id=2541", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/bugs/show_bug.cgi?id=2704", }, { source: "cve@mitre.org", url: "https://bugzilla.redhat.com/show_bug.cgi?id=518182", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/52610", }, { source: "cve@mitre.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10592", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534982", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=31%3Bfilename=diff%3Batt=1%3Bbug=534982", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2009/07/20/10", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2009/08/03/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2009/08/04/6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/36091", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1022757", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.squid-cache.org/bugs/show_bug.cgi?id=2541", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/bugs/show_bug.cgi?id=2704", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=518182", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/52610", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10592", }, ], sourceIdentifier: "cve@mitre.org", vendorComments: [ { comment: "This issue did not affect the versions of the squid packages, as shipped with Red Hat Enterprise Linux 3 and 4.\n\nThe issue was addressed in the squid packages as shipped with Red Hat Enterprise Linux 5 via:\nhttps://rhn.redhat.com/errata/RHSA-2010-0221.html\n", lastModified: "2010-03-31T00:00:00", organization: "Red Hat", }, ], vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-02-27 05:59
Modified
2024-11-21 02:48
Severity ?
Summary
http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:*:*:*:*:*:*", matchCriteriaId: "62B9F669-6217-498A-902E-22EDEEFC565E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:-:pre1:*:*:*:*:*", matchCriteriaId: "ED54A2B3-6D36-4016-9BF1-83FAD500103F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:-:pre2:*:*:*:*:*", matchCriteriaId: "C4F368E3-88A6-463C-AA18-8FA1B9E35A84", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:-:pre3:*:*:*:*:*", matchCriteriaId: "1451771E-F456-4631-89C8-0A49F4C8F03B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:-:pre4:*:*:*:*:*", matchCriteriaId: "FC881283-D0DF-482E-8A06-5CFCF0FA0BB6", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:-:pre5:*:*:*:*:*", matchCriteriaId: "E746946A-2D07-402B-A071-9B674F6FEA75", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:-:pre6:*:*:*:*:*", matchCriteriaId: "6B1A697B-3777-492F-BA53-0BA7A9934C03", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:-:pre7:*:*:*:*:*", matchCriteriaId: "1C579925-591E-4BD7-A888-B8D2B0228D34", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:rc4:*:*:*:*:*:*", matchCriteriaId: "131C4C00-3811-42BF-A84A-EB2E5DA156B4", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable1:*:*:*:*:*:*:*", matchCriteriaId: "047EDDD6-02F5-4B53-8FCA-781962392080", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable2:*:*:*:*:*:*:*", matchCriteriaId: "01AD43AB-40BF-449F-A121-A8587E7AE449", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable3:*:*:*:*:*:*:*", matchCriteriaId: "3942285D-E20C-45C5-9EF8-821F6D782CB8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable4:*:*:*:*:*:*:*", matchCriteriaId: "B3FDB45B-4D91-4427-9565-812919086E7E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable5:*:*:*:*:*:*:*", matchCriteriaId: "86C3C8B5-C2A3-4454-9F89-38A860278366", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable6:*:*:*:*:*:*:*", matchCriteriaId: "8B37B7B4-2EAC-4C2A-9526-5C62CBA1DB8B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable7:*:*:*:*:*:*:*", matchCriteriaId: "056EDEEE-A09C-47A2-9217-72E4B8387E00", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable8:*:*:*:*:*:*:*", matchCriteriaId: "2593CB12-03E2-4F98-9B89-C09D5EADE077", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable9:*:*:*:*:*:*:*", matchCriteriaId: "A44B7A4F-3070-4092-B9AF-3A1CD0897CC7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable10:*:*:*:*:*:*:*", matchCriteriaId: "EF79D9A9-9C11-4E6D-81D1-32CA8CA95223", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable11:*:*:*:*:*:*:*", matchCriteriaId: "042FE60B-7239-45C7-8EE3-A036AC7778F8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable11:rc1:*:*:*:*:*:*", matchCriteriaId: "FF5EE89A-720F-456A-BD26-FE46BBA29D9A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable12:*:*:*:*:*:*:*", matchCriteriaId: "ADF61A74-9CF9-413E-B997-4FAE5BA28939", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable13:*:*:*:*:*:*:*", matchCriteriaId: "5605B00F-438B-45CC-A55D-E75E57BC4684", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable14:*:*:*:*:*:*:*", matchCriteriaId: "8316B22E-B016-4F0E-9A3F-383E9B1A85A4", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable15:*:*:*:*:*:*:*", matchCriteriaId: "49A2C5CB-E2F1-4A72-9EA3-912050AFEF7F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable16:*:*:*:*:*:*:*", matchCriteriaId: "574C7DCC-B6E5-42A0-AA44-A0BCD67D1884", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable16:rc1:*:*:*:*:*:*", matchCriteriaId: "4D0DAD04-02C4-4FC4-BE08-3CAA3B85EB0B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable17:*:*:*:*:*:*:*", matchCriteriaId: "A2B1F1A5-B435-4A5C-86DF-EC3F29D94417", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable18:*:*:*:*:*:*:*", matchCriteriaId: "113EF7A6-3B8D-4A50-8873-FD36FCBF284C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable19:*:*:*:*:*:*:*", matchCriteriaId: "DC97E2DA-7378-486B-9178-3B38FF58589B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable20:*:*:*:*:*:*:*", matchCriteriaId: "1F178890-2F7E-43F5-8D6D-5EFCD790E758", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable21:*:*:*:*:*:*:*", matchCriteriaId: "9FA231EB-0F06-4D13-B50D-76FC8393187A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable22:*:*:*:*:*:*:*", matchCriteriaId: "31AB1D33-65EE-46DF-9D29-6B2BFACE7EC8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable23:*:*:*:*:*:*:*", matchCriteriaId: "BDA4744F-5FB2-4DF8-A7B9-A33EAB004CBA", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable24:*:*:*:*:*:*:*", matchCriteriaId: "72023FB9-F081-4F0A-9E81-2AF0470EB278", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable25:*:*:*:*:*:*:*", matchCriteriaId: "2F7D973B-9D57-4F74-89B1-A18CDA388EF4", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1:*:*:*:*:*:*:*", matchCriteriaId: "6A8586AD-E820-4BAE-AAF9-AC7EF2316C06", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "802E3D2B-90B7-4725-854F-4174116BC314", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "7501697A-BCFD-4DC3-8D87-CC9A186D9589", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "0D6C4455-85F4-462D-9FF6-F830ED7D398E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "B600BF4C-8169-4086-BFE6-F066BE5F5406", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "46272D1B-1468-48C0-B37A-7D06FAC39C47", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.6:*:*:*:*:*:*:*", matchCriteriaId: "DA782B4B-486F-4197-BD5D-ABF791D57211", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.7:*:*:*:*:*:*:*", matchCriteriaId: "558D8641-E097-4D91-9B6E-07433844BB82", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.8:*:*:*:*:*:*:*", matchCriteriaId: "0B46F5F1-38FC-4E25-8F04-CA2730561DF8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.9:*:*:*:*:*:*:*", matchCriteriaId: "C69B0A4D-9619-4BEA-A846-C4438C2660F2", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.10:*:*:*:*:*:*:*", matchCriteriaId: "ED17FE35-6B2C-41BF-A7C7-2EECBDB5A934", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.11:*:*:*:*:*:*:*", matchCriteriaId: "78A50750-3A31-482C-B95C-019C8934850E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.12:*:*:*:*:*:*:*", matchCriteriaId: "8FF6AC30-9570-4D4B-835E-CCADEB546F46", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.13:*:*:*:*:*:*:*", matchCriteriaId: "7FB84E4E-6A0A-41C8-9DDF-3C18F526F155", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.14:*:*:*:*:*:*:*", matchCriteriaId: "2E49E5C3-D01F-4DBC-B33A-5495D3EC44F8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.15:*:*:*:*:*:*:*", matchCriteriaId: "79C53B22-9F33-43E7-8D1F-EEB0DEF4B503", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.16:*:*:*:*:*:*:*", matchCriteriaId: "25B60DB2-F50C-42F0-B6C9-B25C34B8F578", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.17:*:*:*:*:*:*:*", matchCriteriaId: "DE973F9E-8387-464F-AFA0-25215B340173", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.18:*:*:*:*:*:*:*", matchCriteriaId: "03D3F0E3-0C50-4A86-87F4-90FC82B312F5", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "CE26BEC0-B9C7-43F0-B0FB-E81870170B29", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "D0778579-A193-4C61-BB1A-6D2E733F3958", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "9ED5DC63-6E9D-4068-95DF-AF8FD9A0A7ED", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.4:*:*:*:*:*:*:*", matchCriteriaId: "8DE890F9-12C0-4D66-B6C1-6A5A87FAD5F0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.5:*:*:*:*:*:*:*", matchCriteriaId: "FB414FE3-3567-474B-B5A7-D3EF5DD63AB8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "AF450F17-12A2-4E33-875A-5F3C2CA4A5C1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.6:*:*:*:*:*:*:*", matchCriteriaId: "E3AB229E-2C32-410B-BFE2-62DCA734C3F3", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "78A6D6B0-9BC0-418E-84EE-23697A0FEC19", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.8:*:*:*:*:*:*:*", matchCriteriaId: "5BF7AFE1-A45A-43B7-B3C7-45C060D046BC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.9:*:*:*:*:*:*:*", matchCriteriaId: "41914354-D5BE-4B1F-BED3-0ECA43586537", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.10:*:*:*:*:*:*:*", matchCriteriaId: "AE9A3716-8670-4847-A6EB-F601184D369E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.11:*:*:*:*:*:*:*", matchCriteriaId: "D0E88EE3-EC00-4F1F-BAEF-4F1F893C5C5F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.12:*:*:*:*:*:*:*", matchCriteriaId: "A330DFA8-BF79-45CC-BF88-6CEA26D7BC9E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.13:*:*:*:*:*:*:*", matchCriteriaId: "679A55F8-34B4-435A-8BCE-8F842F3FB269", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.14:*:*:*:*:*:*:*", matchCriteriaId: "898674F9-6BF7-469F-A74E-558EAFC2CD27", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.15:*:*:*:*:*:*:*", matchCriteriaId: "3F50E718-1CF2-4C8F-A1EA-5F769B203B8A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "6DFAB3BA-BBE9-4CFB-BE6B-BDF3E7772E7F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "C9F523B8-463E-4FB0-ACB6-E36AAAF85CD9", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*", matchCriteriaId: "5BA593D9-907D-4051-A3F2-0F88F01A7C79", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "20D2B364-B98A-4484-A10A-86AF43774096", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*", matchCriteriaId: "0B7BF076-0D43-407A-86DC-D1163922A787", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*", matchCriteriaId: "AA576F49-A7F5-4013-89DF-F6C91C15B547", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*", matchCriteriaId: "5D3F52FE-FFB3-4221-8DC7-3F5680A07429", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*", matchCriteriaId: "604FEF42-ABA7-42C1-8A5F-C3AECFD68481", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*", matchCriteriaId: "DC2568C1-89CB-41C1-9126-A8665614D0B1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*", matchCriteriaId: "C18B5392-3FDB-49E6-89DB-7945D337FBFB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*", matchCriteriaId: "BA9E0E7F-E93C-4DE9-8D91-5EE50BCFAC2A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.12:*:*:*:*:*:*:*", matchCriteriaId: "0BFF9D8B-343B-415D-8AF8-B07AF94CC48B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.13:*:*:*:*:*:*:*", matchCriteriaId: "16F5794B-BBFB-4B12-9A0B-88A0334681C7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.14:*:*:*:*:*:*:*", matchCriteriaId: "17D0083E-8D50-4DC6-979F-685D5CB588AF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.15:*:*:*:*:*:*:*", matchCriteriaId: "138FAD73-1D25-4F46-B9EA-599FF0EDA1AA", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.16:*:*:*:*:*:*:*", matchCriteriaId: "2CE34DC1-F654-474E-B6A3-D81B9BF4D6CF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.17:*:*:*:*:*:*:*", matchCriteriaId: "8A4BF7AC-7D9F-40D8-A5AA-BE1EBF37CF96", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.18:*:*:*:*:*:*:*", matchCriteriaId: "643E8B9B-C3F4-4171-BF67-D9359BDCE5CB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.19:*:*:*:*:*:*:*", matchCriteriaId: "A73CBC60-1EF1-4730-9350-EB51F269695B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.1:*:*:*:*:*:*:*", matchCriteriaId: "2721E403-A553-492F-897F-1CD1E2685139", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.2:*:*:*:*:*:*:*", matchCriteriaId: "85B091C4-8104-4A1E-A09D-EBCD114DC829", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.3:*:*:*:*:*:*:*", matchCriteriaId: "FA2EDF9C-45AD-4980-8DEF-C7F473B22CAF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.4:*:*:*:*:*:*:*", matchCriteriaId: "BE4B8448-49FA-491C-A6A2-040233D670B1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.5:*:*:*:*:*:*:*", matchCriteriaId: "11480BB1-874C-48EB-BB03-081313310608", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.6:*:*:*:*:*:*:*", matchCriteriaId: "1B739890-99E8-434C-97D4-3739E6C31838", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.7:*:*:*:*:*:*:*", matchCriteriaId: "0C7B1871-3C85-4B88-AB42-E60BF5CDFB04", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0A71DCD2-0E54-46A7-8309-CDB0736AD5C1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.9:*:*:*:*:*:*:*", matchCriteriaId: "CD54BDDF-F7A8-4715-BA0E-4E7F741492FE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.10:*:*:*:*:*:*:*", matchCriteriaId: "9A2B9699-6622-4883-BA03-E3374C54871A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.11:*:*:*:*:*:*:*", matchCriteriaId: "78391DAF-2096-4DC4-80E4-D4D2859DCA32", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.12:*:*:*:*:*:*:*", matchCriteriaId: "9B062A06-31C1-4B23-B7BD-9F751ABD6A37", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.13:*:*:*:*:*:*:*", matchCriteriaId: "DE426934-A9E2-4019-99EA-5A76EA7CDF5C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0:*:*:*:*:*:*:*", matchCriteriaId: "728DD64E-C267-475A-BEA8-C139581DD7A7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "4CE8F3F5-45A2-418A-9D8E-4E6DFC888BC6", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "7F4845D4-40D9-431E-A63C-E949B9D9F959", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.1:*:*:*:*:*:*:*", matchCriteriaId: "9EF070E6-0B73-4F6D-8932-B284697FCD2E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.2:*:*:*:*:*:*:*", matchCriteriaId: "6E07992B-92B4-4307-8DBD-085376C1D6DD", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.3:*:*:*:*:*:*:*", matchCriteriaId: "386550A3-A55B-4F24-9625-6A50260ADA72", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.4:*:*:*:*:*:*:*", matchCriteriaId: "810D1F9E-81E5-45F0-B62B-AB0A797FF8B0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.5:*:*:*:*:*:*:*", matchCriteriaId: "4673327A-1E50-47CC-AD83-6A3D2E687292", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.6:*:*:*:*:*:*:*", matchCriteriaId: "6624AF2D-9EF0-4597-B8B2-20D7A309EA6F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.7:*:*:*:*:*:*:*", matchCriteriaId: "E9F75D13-ED59-42A9-A662-AC77DBA20903", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.8:*:*:*:*:*:*:*", matchCriteriaId: "1D2DEDED-818C-42E4-821C-954CE7406DA8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.9:*:*:*:*:*:*:*", matchCriteriaId: "EEED0A2E-AA5D-4835-A7C6-499325A0EB32", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.10:*:*:*:*:*:*:*", matchCriteriaId: "BEDD0AF5-8252-4548-941B-26581393E918", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.11:*:*:*:*:*:*:*", matchCriteriaId: "3E939AD4-B8F3-4BC0-9948-3C92B88D2593", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.12:*:*:*:*:*:*:*", matchCriteriaId: "73CAD438-969B-4D2E-8A2F-9264AFAD9DE2", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.13:*:*:*:*:*:*:*", matchCriteriaId: "87259A2E-E132-45BA-8AC4-8CC50B1F659A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "1DD85E57-9A51-42DF-8BF7-E5701BAA64AE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.2:*:*:*:*:*:*:*", matchCriteriaId: "E983C5C3-C93C-4750-8DC5-31D6206335A8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DEC8D212-6E8B-45F7-B7FB-9FFA64C1DB8F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.1:*:*:*:*:*:*:*", matchCriteriaId: "F03B2A6E-1D63-42F2-BB31-18EC120B6543", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.2:*:*:*:*:*:*:*", matchCriteriaId: "3BC83C4B-7C06-40D7-9EF6-76E752E5724B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.3:*:*:*:*:*:*:*", matchCriteriaId: "5C1E1CC9-81A7-47D5-87AC-86703E257D29", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.4:*:*:*:*:*:*:*", matchCriteriaId: "D716D8C4-2089-4E61-9487-B2085B74B5BF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.8:*:*:*:*:*:*:*", matchCriteriaId: "40507A48-FD3B-4309-B017-A1644C5C3520", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.9:*:*:*:*:*:*:*", matchCriteriaId: "0211EBCA-144F-4BDD-8F0C-E5F7BDF96E7A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.10:*:*:*:*:*:*:*", matchCriteriaId: "7A52E699-6C08-4324-AD38-E8D40A02701F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.11:*:*:*:*:*:*:*", matchCriteriaId: "94C493CA-CBF0-4D15-8D1A-0E972E31F7A6", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.12:*:*:*:*:*:*:*", matchCriteriaId: "C398219E-503D-4DE5-85E8-5570536D6FB9", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.13:*:*:*:*:*:*:*", matchCriteriaId: "BBF91088-0BD3-48EB-8D19-C05F156D4A19", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.1:*:*:*:*:*:*:*", matchCriteriaId: "E0868B12-EDF9-42D9-BB43-15F623A3310B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.2:*:*:*:*:*:*:*", matchCriteriaId: "F710949D-F0FE-43F4-ADB3-6EB679A70280", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DCB75144-2437-40A8-8CA3-A487B603F7DE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.4:*:*:*:*:*:*:*", matchCriteriaId: "6CED2CB3-BE78-4818-A6D7-847A1ACE74DC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.1:*:*:*:*:*:*:*", matchCriteriaId: "705D8320-A278-483A-AE47-802044CE685E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "060FCBEA-DEAA-42FB-88C9-4B78136B172F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.2:*:*:*:*:*:*:*", matchCriteriaId: "74987102-8CA8-4120-B686-F18579A96A46", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DA7828AA-48B6-44CD-8507-345A4F0A25BC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.4:*:*:*:*:*:*:*", matchCriteriaId: "6640F25F-CC8B-4B05-A97A-2186BD0B5ED8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.5:*:*:*:*:*:*:*", matchCriteriaId: "A037F780-6FC9-4130-908F-B5434FA0C7DE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.6:*:*:*:*:*:*:*", matchCriteriaId: "1DDEB455-F082-44E4-8CEA-019C0084BF05", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.", }, { lang: "es", value: "http.cc en Squid 3.x en versiones anteriores a 3.5.15 y 4.x en versiones anteriores a 4.0.7 procede con el almacenamiento de ciertos datos después de un fallo de respuesta de análisis, lo que permite a servidores HTTP remotos provocar una denegación de servicio (fallo de aserción y salida de demonio) a través de una respuesta mal formada.", }, ], id: "CVE-2016-2571", lastModified: "2024-11-21T02:48:43.643", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-02-27T05:59:05.797", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { source: "cve@mitre.org", url: "http://rhn.redhat.com/errata/RHSA-2016-2600.html", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2016/dsa-3522", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2016/02/26/2", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id/1035101", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_2.txt", }, { source: "cve@mitre.org", url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13990.patch", }, { source: "cve@mitre.org", url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-14548.patch", }, { source: "cve@mitre.org", url: "http://www.ubuntu.com/usn/USN-2921-1", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/201607-01", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/3557-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-2600.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2016/dsa-3522", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2016/02/26/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1035101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_2.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13990.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-14548.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2921-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/201607-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/3557-1/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2010-02-03 18:30
Modified
2024-11-21 01:11
Severity ?
Summary
lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:2.0:*:*:*:*:*:*:*", matchCriteriaId: "B7EB3DBC-313E-4F55-90F3-BED0918A4EFE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.1:*:*:*:*:*:*:*", matchCriteriaId: "C3DCC264-510E-43D1-9C13-99CEA54C7940", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.2:*:*:*:*:*:*:*", matchCriteriaId: "ED31C038-4142-4C2C-B540-9223C5C199FB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.3:*:*:*:*:*:*:*", matchCriteriaId: "177060A9-6211-4B6D-96BE-48B4BD1FAFEE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.4:*:*:*:*:*:*:*", matchCriteriaId: "A7E210DD-8EE6-4182-A78E-F791FCFDEFCF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.5:*:*:*:*:*:*:*", matchCriteriaId: "50327E36-756E-434D-804D-1E44A4ABAE1F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.6:*:*:*:*:*:*:*", matchCriteriaId: "3AE100C3-0245-4305-B514-77D0572C2947", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:*:*:*:*:*:*:*", matchCriteriaId: "35C30CB9-FA3A-408D-A8B0-8805E75657BE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:*:*:*:*:*:*", matchCriteriaId: "62B9F669-6217-498A-902E-22EDEEFC565E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable1:*:*:*:*:*:*:*", matchCriteriaId: "047EDDD6-02F5-4B53-8FCA-781962392080", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable2:*:*:*:*:*:*:*", matchCriteriaId: "01AD43AB-40BF-449F-A121-A8587E7AE449", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable3:*:*:*:*:*:*:*", matchCriteriaId: "3942285D-E20C-45C5-9EF8-821F6D782CB8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable4:*:*:*:*:*:*:*", matchCriteriaId: "B3FDB45B-4D91-4427-9565-812919086E7E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable5:*:*:*:*:*:*:*", matchCriteriaId: "86C3C8B5-C2A3-4454-9F89-38A860278366", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable6:*:*:*:*:*:*:*", matchCriteriaId: "8B37B7B4-2EAC-4C2A-9526-5C62CBA1DB8B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable7:*:*:*:*:*:*:*", matchCriteriaId: "056EDEEE-A09C-47A2-9217-72E4B8387E00", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable8:*:*:*:*:*:*:*", matchCriteriaId: "2593CB12-03E2-4F98-9B89-C09D5EADE077", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable9:*:*:*:*:*:*:*", matchCriteriaId: "A44B7A4F-3070-4092-B9AF-3A1CD0897CC7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable11:*:*:*:*:*:*:*", matchCriteriaId: "042FE60B-7239-45C7-8EE3-A036AC7778F8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable12:*:*:*:*:*:*:*", matchCriteriaId: "ADF61A74-9CF9-413E-B997-4FAE5BA28939", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable13:*:*:*:*:*:*:*", matchCriteriaId: "5605B00F-438B-45CC-A55D-E75E57BC4684", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable14:*:*:*:*:*:*:*", matchCriteriaId: "8316B22E-B016-4F0E-9A3F-383E9B1A85A4", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable15:*:*:*:*:*:*:*", matchCriteriaId: "49A2C5CB-E2F1-4A72-9EA3-912050AFEF7F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable16:*:*:*:*:*:*:*", matchCriteriaId: "574C7DCC-B6E5-42A0-AA44-A0BCD67D1884", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable17:*:*:*:*:*:*:*", matchCriteriaId: "A2B1F1A5-B435-4A5C-86DF-EC3F29D94417", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable18:*:*:*:*:*:*:*", matchCriteriaId: "113EF7A6-3B8D-4A50-8873-FD36FCBF284C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable19:*:*:*:*:*:*:*", matchCriteriaId: "DC97E2DA-7378-486B-9178-3B38FF58589B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable20:*:*:*:*:*:*:*", matchCriteriaId: "1F178890-2F7E-43F5-8D6D-5EFCD790E758", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable21:*:*:*:*:*:*:*", matchCriteriaId: "9FA231EB-0F06-4D13-B50D-76FC8393187A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable22:*:*:*:*:*:*:*", matchCriteriaId: "31AB1D33-65EE-46DF-9D29-6B2BFACE7EC8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1:*:*:*:*:*:*:*", matchCriteriaId: "6A8586AD-E820-4BAE-AAF9-AC7EF2316C06", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "802E3D2B-90B7-4725-854F-4174116BC314", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "7501697A-BCFD-4DC3-8D87-CC9A186D9589", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "0D6C4455-85F4-462D-9FF6-F830ED7D398E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "B600BF4C-8169-4086-BFE6-F066BE5F5406", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "46272D1B-1468-48C0-B37A-7D06FAC39C47", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.6:*:*:*:*:*:*:*", matchCriteriaId: "DA782B4B-486F-4197-BD5D-ABF791D57211", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.7:*:*:*:*:*:*:*", matchCriteriaId: "558D8641-E097-4D91-9B6E-07433844BB82", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.8:*:*:*:*:*:*:*", matchCriteriaId: "0B46F5F1-38FC-4E25-8F04-CA2730561DF8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.9:*:*:*:*:*:*:*", matchCriteriaId: "C69B0A4D-9619-4BEA-A846-C4438C2660F2", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.10:*:*:*:*:*:*:*", matchCriteriaId: "ED17FE35-6B2C-41BF-A7C7-2EECBDB5A934", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.11:*:*:*:*:*:*:*", matchCriteriaId: "78A50750-3A31-482C-B95C-019C8934850E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.12:*:*:*:*:*:*:*", matchCriteriaId: "8FF6AC30-9570-4D4B-835E-CCADEB546F46", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.13:*:*:*:*:*:*:*", matchCriteriaId: "7FB84E4E-6A0A-41C8-9DDF-3C18F526F155", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.14:*:*:*:*:*:*:*", matchCriteriaId: "2E49E5C3-D01F-4DBC-B33A-5495D3EC44F8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.15:*:*:*:*:*:*:*", matchCriteriaId: "79C53B22-9F33-43E7-8D1F-EEB0DEF4B503", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header.", }, { lang: "es", value: "lib/rfc1035.c en Squid 2.x, desde v3.0 hasta v3.0.STABLE22, y desde v3.1 hasta v3.1.0.15 permite a atacantes remotos producir una denegación de servicio (fallo de aserción) a través de un paquete DNS manipulado que unicamente contiene una cabecera.", }, ], id: "CVE-2010-0308", lastModified: "2024-11-21T01:11:56.890", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2010-02-03T18:30:00.767", references: [ { source: "secalert@redhat.com", url: "http://events.ccc.de/congress/2009/Fahrplan/attachments/1483_26c3_ipv4_fuckups.pdf", }, { source: "secalert@redhat.com", url: "http://osvdb.org/62044", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/38451", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/38455", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/37522", }, { source: "secalert@redhat.com", url: "http://www.securitytracker.com/id?1023520", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2010_1.txt", }, { source: "secalert@redhat.com", url: "http://www.squid-cache.org/Versions/v2/HEAD/changesets/12597.patch", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9163.patch", }, { source: "secalert@redhat.com", url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-9853.patch", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2010/0260", }, { source: "secalert@redhat.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/56001", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11270", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://events.ccc.de/congress/2009/Fahrplan/attachments/1483_26c3_ipv4_fuckups.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/62044", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/38451", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/38455", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/37522", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1023520", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2010_1.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.squid-cache.org/Versions/v2/HEAD/changesets/12597.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9163.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-9853.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2010/0260", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/56001", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11270", }, ], sourceIdentifier: "secalert@redhat.com", vendorComments: [ { comment: "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0308\n\nThis issue was addressed in the squid packages as shipped with Red Hat Enterprise Linux 5 via:\nhttps://rhn.redhat.com/errata/RHSA-2010-0221.html\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future squid update may address this flaw in Red Hat Enterprise Linux 3 and 4.", lastModified: "2010-03-31T00:00:00", organization: "Red Hat", }, ], vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-07-11 19:15
Modified
2024-11-21 04:23
Severity ?
Summary
An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token's value starts with a quote and ends with one. If so, it performs a memcpy of its length minus 2. Squid never checks whether the value is just a single quote (which would satisfy its requirements), leading to a memcpy of its length minus 1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 15.1 | |
| fedoraproject | fedora | 29 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.04 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "C22F49A6-5B88-473B-8E37-BF77C57D85EB", versionEndIncluding: "3.5.28", versionStartIncluding: "3.3.9", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "61861774-A71F-48CB-B6B2-0489C57E4E66", versionEndIncluding: "4.7", versionStartIncluding: "4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", matchCriteriaId: "CB66DB75-2B16-4EBF-9B93-CE49D8086E41", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", matchCriteriaId: "CD783B0C-9246-47D9-A937-6144FE8BFF0F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token's value starts with a quote and ends with one. If so, it performs a memcpy of its length minus 2. Squid never checks whether the value is just a single quote (which would satisfy its requirements), leading to a memcpy of its length minus 1.", }, { lang: "es", value: "Se detectó un problema en Squid versiones 3.3.9 hasta 3.5.28 y versiones 4.x hasta 4.7. Cuando Squid está configurado para utilizar la autenticación implícita, analiza el encabezado Proxy-Authorization. Busca ciertos tokens como domain, uri y qop. Squid comprueba si el valor de este token comienza con una comilla y termina con uno. Si es así, realiza un memcpy de su longitud menos 2. Squid nunca comprueba si el valor es sólo una sola comilla (lo que satisfaría sus requisitos), lo que conlleva a un memcpy de su longitud menos 1.", }, ], id: "CVE-2019-12525", lastModified: "2024-11-21T04:23:02.257", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-07-11T19:15:13.000", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/commits/v4", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00018.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Aug/42", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4065-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4065-2/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4507", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/commits/v4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00018.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Aug/42", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4065-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4065-2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4507", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-07-05 16:15
Modified
2024-11-21 04:24
Severity ?
Summary
The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| debian | debian_linux | 8.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "A5584C95-5CB1-4D45-8C05-633746AE2AB4", versionEndIncluding: "4.7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter.", }, { lang: "es", value: "El modulo web del archivo cachemgr.cgi de Squid hasta versión 4.7, presenta un problema de tipo XSS por medio del parámetro user_name o auth.", }, ], id: "CVE-2019-13345", lastModified: "2024-11-21T04:24:45.567", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-07-05T16:15:11.747", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00067.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/109095", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2019:3476", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugs.squid-cache.org/show_bug.cgi?id=4957", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/pull/429", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00006.html", }, { source: "cve@mitre.org", url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X2ERPHSPUGOYVVRPQRASQBFGS2EJISFC/", }, { source: "cve@mitre.org", url: "https://seclists.org/bugtraq/2019/Aug/42", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/4059-1/", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/4059-2/", }, { source: "cve@mitre.org", url: "https://www.debian.org/security/2019/dsa-4507", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00067.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/109095", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2019:3476", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugs.squid-cache.org/show_bug.cgi?id=4957", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/pull/429", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00006.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X2ERPHSPUGOYVVRPQRASQBFGS2EJISFC/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://seclists.org/bugtraq/2019/Aug/42", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/4059-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/4059-2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.debian.org/security/2019/dsa-4507", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-05-16 21:29
Modified
2024-11-21 03:59
Severity ?
Summary
This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCheck(). A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition to users of the system. Was ZDI-CAN-6088.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| zdi-disclosures@trendmicro.com | http://www.squid-cache.org/Advisories/SQUID-2018_3.txt | Vendor Advisory | |
| zdi-disclosures@trendmicro.com | https://zerodayinitiative.com/advisories/ZDI-18-309 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.squid-cache.org/Advisories/SQUID-2018_3.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://zerodayinitiative.com/advisories/ZDI-18-309 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | 3.5.27 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:3.5.27:*:*:*:*:*:*:*", matchCriteriaId: "D83BE9E6-CEAF-47B8-9501-68FC6AB94BB8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCheck(). A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition to users of the system. Was ZDI-CAN-6088.", }, { lang: "es", value: "Esta vulnerabilidad permite que atacantes remotos denieguen el servicio de instalaciones vulnerables de The Squid Software Foundation Squid 3.5.27-20180318. No se requiere autenticación para explotar esta vulnerabilidad. Este error en concreto existe en ClientRequestContext::sslBumpAccessCheck(). Una petición manipulada puede desencadenar la desreferencia de un puntero NULL. Un atacante puede aprovechar esta vulnerabilidad para crear una condición de denegación de servicio (DoS) a los usuarios del sistema. Anteriormente era ZDI-CAN-6088.", }, ], id: "CVE-2018-1172", lastModified: "2024-11-21T03:59:19.947", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-05-16T21:29:00.280", references: [ { source: "zdi-disclosures@trendmicro.com", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2018_3.txt", }, { source: "zdi-disclosures@trendmicro.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://zerodayinitiative.com/advisories/ZDI-18-309", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2018_3.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://zerodayinitiative.com/advisories/ZDI-18-309", }, ], sourceIdentifier: "zdi-disclosures@trendmicro.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "zdi-disclosures@trendmicro.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-15 20:15
Modified
2024-11-21 04:23
Severity ?
Summary
An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers the request. The absolute URL can include the decoded UserInfo (username and password) for certain protocols. This decoded info is prepended to the domain. This allows an attacker to provide a username that has special characters to delimit the domain, and treat the rest of the URL as a path or query string. An attacker could first make a request to their domain using an encoded username, then when a request for the target domain comes in that decodes to the exact URL, it will serve the attacker's HTML instead of the real HTML. On Squid servers that also act as reverse proxies, this allows an attacker to gain access to features that only reverse proxies can use, such as ESI.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "A5584C95-5CB1-4D45-8C05-633746AE2AB4", versionEndIncluding: "4.7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers the request. The absolute URL can include the decoded UserInfo (username and password) for certain protocols. This decoded info is prepended to the domain. This allows an attacker to provide a username that has special characters to delimit the domain, and treat the rest of the URL as a path or query string. An attacker could first make a request to their domain using an encoded username, then when a request for the target domain comes in that decodes to the exact URL, it will serve the attacker's HTML instead of the real HTML. On Squid servers that also act as reverse proxies, this allows an attacker to gain access to features that only reverse proxies can use, such as ESI.", }, { lang: "es", value: "Se descubrió un problema en Squid versiones hasta 4.7 y 5. Cuando se recibe una petición, Squid comprueba su memoria caché para visualizar si puede servir una respuesta. Lo hace al realizar un hash MD5 de la URL absoluta de la petición. Si se encuentra, sirve la petición. La URL absoluta puede incluir la UserInfo decodificada (nombre de usuario y contraseña) para determinados protocolos. Esta información decodificada se antepone al dominio. Esto permite a un atacante proporcionar un nombre de usuario que tenga caracteres especiales para delimitar el dominio y tratar el resto de la URL como una ruta o cadena de consulta. Un atacante podría primero hacer una petición a su dominio usando un nombre de usuario codificado, luego, cuando llega una petición para el dominio objetivo que decodifica a la URL exacta, servirá el HTML del atacante en lugar del HTML real. En los servidores de Squid que también actúan como proxies inversos, esto permite a un atacante conseguir acceso a funcionalidades que solo los proxies inversos pueden utilizar, tal y como ESI.", }, ], id: "CVE-2019-12520", lastModified: "2024-11-21T04:23:01.370", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-15T20:15:13.520", references: [ { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/commits/v4", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12520.txt", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210205-0006/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4446-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4682", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/commits/v4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12520.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210205-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4446-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4682", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-11-01 20:15
Modified
2025-02-13 18:15
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "E8CC0157-8647-4BC3-AD22-4325B85D8A78", versionEndExcluding: "6.4", versionStartIncluding: "3.3.0.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages.", }, { lang: "es", value: "Squid es un proxy de almacenamiento en caché para la Web. Debido a un error de validación incorrecta del índice especificado, las versiones de Squid 3.3.0.1 a 5.9 y 6.0 anteriores a 6.4 compiladas usando `--with-openssl` son vulnerables a un ataque de Denegación de Servicio contra la validación del certificado SSL. Este problema permite que un servidor remoto realice una denegación de servicio contra Squid Proxy iniciando un protocolo de enlace TLS con un certificado SSL especialmente manipulado en una cadena de certificados de servidor. Este ataque se limita a HTTPS y SSL-Bump. Este error se solucionó en la versión 6.4 de Squid. Además, los parches que solucionan este problema para las versiones estables se pueden encontrar en los archivos de parches de Squid. Aquellos que utilicen una versión empaquetada de Squid deben consultar al proveedor del paquete para obtener información sobre la disponibilidad de paquetes actualizados.", }, ], id: "CVE-2023-46724", lastModified: "2025-02-13T18:15:36.657", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-11-01T20:15:08.800", references: [ { source: "security-advisories@github.com", tags: [ "Mailing List", "Patch", ], url: "http://www.squid-cache.org/Versions/v5/SQUID-2023_4.patch", }, { source: "security-advisories@github.com", tags: [ "Mailing List", "Patch", ], url: "http://www.squid-cache.org/Versions/v6/SQUID-2023_4.patch", }, { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/squid-cache/squid/commit/b70f864940225dfe69f9f653f948e787f99c3810", }, { source: "security-advisories@github.com", tags: [ "Vendor Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/", }, { source: "security-advisories@github.com", url: "https://security.netapp.com/advisory/ntap-20231208-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", ], url: "http://www.squid-cache.org/Versions/v5/SQUID-2023_4.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", ], url: "http://www.squid-cache.org/Versions/v6/SQUID-2023_4.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/squid-cache/squid/commit/b70f864940225dfe69f9f653f948e787f99c3810", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20231208-0001/", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, { lang: "en", value: "CWE-129", }, { lang: "en", value: "CWE-786", }, { lang: "en", value: "CWE-823", }, { lang: "en", value: "CWE-1285", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-295", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-11-03 08:15
Modified
2024-11-21 08:29
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| redhat | enterprise_linux | 9.0 | |
| redhat | enterprise_linux_eus | 9.2 | |
| redhat | enterprise_linux_server_aus | 9.2 | |
| redhat | enterprise_linux_server_tus | 9.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "7C0AA52A-5ECA-40E8-A911-CA0946A01660", versionEndExcluding: "6.4", versionStartIncluding: "5.0.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "3C74F6FA-FA6C-4648-9079-91446E45EE47", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "F32CA554-F9D7-425B-8F1C-89678507F28C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "647A34CD-AB8C-44DD-8FD7-03315633FF1B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.", }, { lang: "es", value: "Squid es vulnerable a la Denegación de Servicio, donde un atacante remoto puede realizar DoS enviando URL ftp:// en mensajes de solicitud HTTP o construyendo URL ftp:// a partir de una entrada nativa FTP.", }, ], id: "CVE-2023-46848", lastModified: "2024-11-21T08:29:25.190", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-11-03T08:15:08.117", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6266", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6268", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6748", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-46848", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2245919", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-2g3c-pg7q-g59w", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6266", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6268", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6748", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-46848", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2245919", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-2g3c-pg7q-g59w", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20231214-0005/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-681", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-681", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2015-02-20 11:59
Modified
2024-11-21 02:23
Severity ?
Summary
CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN64455813/index.html | Vendor Advisory | |
| vultures@jpcert.or.jp | http://jvndb.jvn.jp/jvndb/JVNDB-2015-000019 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN64455813/index.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvndb.jvn.jp/jvndb/JVNDB-2015-000019 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "29017047-581E-4A88-8160-A2A97E9E7F89", versionEndIncluding: "3.1.0.18", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response.", }, { lang: "es", value: "Una vulnerabilidad de inyección CRLF en Squid anterior a versión 3.1.1, permite a los atacantes remotos inyectar encabezados HTTP arbitrarios y conducir ataques de división de respuesta HTTP por medio de un encabezado diseñado en una respuesta.", }, ], evaluatorComment: "<a href=\"http://cwe.mitre.org/data/definitions/93.html\" target=\"_blank\">CWE-93: CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')</a>", id: "CVE-2015-0881", lastModified: "2024-11-21T02:23:54.703", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2015-02-20T11:59:04.840", references: [ { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "http://jvn.jp/en/jp/JVN64455813/index.html", }, { source: "vultures@jpcert.or.jp", tags: [ "Vendor Advisory", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000019", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://jvn.jp/en/jp/JVN64455813/index.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000019", }, ], sourceIdentifier: "vultures@jpcert.or.jp", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-02-27 05:59
Modified
2024-11-21 02:48
Severity ?
Summary
The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:*:*:*:*:*:*", matchCriteriaId: "62B9F669-6217-498A-902E-22EDEEFC565E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:-:pre1:*:*:*:*:*", matchCriteriaId: "ED54A2B3-6D36-4016-9BF1-83FAD500103F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:-:pre2:*:*:*:*:*", matchCriteriaId: "C4F368E3-88A6-463C-AA18-8FA1B9E35A84", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:-:pre3:*:*:*:*:*", matchCriteriaId: "1451771E-F456-4631-89C8-0A49F4C8F03B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:-:pre4:*:*:*:*:*", matchCriteriaId: "FC881283-D0DF-482E-8A06-5CFCF0FA0BB6", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:-:pre5:*:*:*:*:*", matchCriteriaId: "E746946A-2D07-402B-A071-9B674F6FEA75", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:-:pre6:*:*:*:*:*", matchCriteriaId: "6B1A697B-3777-492F-BA53-0BA7A9934C03", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:-:pre7:*:*:*:*:*", matchCriteriaId: "1C579925-591E-4BD7-A888-B8D2B0228D34", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:rc4:*:*:*:*:*:*", matchCriteriaId: "131C4C00-3811-42BF-A84A-EB2E5DA156B4", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable1:*:*:*:*:*:*:*", matchCriteriaId: "047EDDD6-02F5-4B53-8FCA-781962392080", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable2:*:*:*:*:*:*:*", matchCriteriaId: "01AD43AB-40BF-449F-A121-A8587E7AE449", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable3:*:*:*:*:*:*:*", matchCriteriaId: "3942285D-E20C-45C5-9EF8-821F6D782CB8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable4:*:*:*:*:*:*:*", matchCriteriaId: "B3FDB45B-4D91-4427-9565-812919086E7E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable5:*:*:*:*:*:*:*", matchCriteriaId: "86C3C8B5-C2A3-4454-9F89-38A860278366", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable6:*:*:*:*:*:*:*", matchCriteriaId: "8B37B7B4-2EAC-4C2A-9526-5C62CBA1DB8B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable7:*:*:*:*:*:*:*", matchCriteriaId: "056EDEEE-A09C-47A2-9217-72E4B8387E00", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable8:*:*:*:*:*:*:*", matchCriteriaId: "2593CB12-03E2-4F98-9B89-C09D5EADE077", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable9:*:*:*:*:*:*:*", matchCriteriaId: "A44B7A4F-3070-4092-B9AF-3A1CD0897CC7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable10:*:*:*:*:*:*:*", matchCriteriaId: "EF79D9A9-9C11-4E6D-81D1-32CA8CA95223", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable11:*:*:*:*:*:*:*", matchCriteriaId: "042FE60B-7239-45C7-8EE3-A036AC7778F8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable11:rc1:*:*:*:*:*:*", matchCriteriaId: "FF5EE89A-720F-456A-BD26-FE46BBA29D9A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable12:*:*:*:*:*:*:*", matchCriteriaId: "ADF61A74-9CF9-413E-B997-4FAE5BA28939", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable13:*:*:*:*:*:*:*", matchCriteriaId: "5605B00F-438B-45CC-A55D-E75E57BC4684", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable14:*:*:*:*:*:*:*", matchCriteriaId: "8316B22E-B016-4F0E-9A3F-383E9B1A85A4", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable15:*:*:*:*:*:*:*", matchCriteriaId: "49A2C5CB-E2F1-4A72-9EA3-912050AFEF7F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable16:*:*:*:*:*:*:*", matchCriteriaId: "574C7DCC-B6E5-42A0-AA44-A0BCD67D1884", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable16:rc1:*:*:*:*:*:*", matchCriteriaId: "4D0DAD04-02C4-4FC4-BE08-3CAA3B85EB0B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable17:*:*:*:*:*:*:*", matchCriteriaId: "A2B1F1A5-B435-4A5C-86DF-EC3F29D94417", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable18:*:*:*:*:*:*:*", matchCriteriaId: "113EF7A6-3B8D-4A50-8873-FD36FCBF284C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable19:*:*:*:*:*:*:*", matchCriteriaId: "DC97E2DA-7378-486B-9178-3B38FF58589B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable20:*:*:*:*:*:*:*", matchCriteriaId: "1F178890-2F7E-43F5-8D6D-5EFCD790E758", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable21:*:*:*:*:*:*:*", matchCriteriaId: "9FA231EB-0F06-4D13-B50D-76FC8393187A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable22:*:*:*:*:*:*:*", matchCriteriaId: "31AB1D33-65EE-46DF-9D29-6B2BFACE7EC8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable23:*:*:*:*:*:*:*", matchCriteriaId: "BDA4744F-5FB2-4DF8-A7B9-A33EAB004CBA", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable24:*:*:*:*:*:*:*", matchCriteriaId: "72023FB9-F081-4F0A-9E81-2AF0470EB278", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable25:*:*:*:*:*:*:*", matchCriteriaId: "2F7D973B-9D57-4F74-89B1-A18CDA388EF4", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1:*:*:*:*:*:*:*", matchCriteriaId: "6A8586AD-E820-4BAE-AAF9-AC7EF2316C06", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "802E3D2B-90B7-4725-854F-4174116BC314", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "7501697A-BCFD-4DC3-8D87-CC9A186D9589", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "0D6C4455-85F4-462D-9FF6-F830ED7D398E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "B600BF4C-8169-4086-BFE6-F066BE5F5406", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "46272D1B-1468-48C0-B37A-7D06FAC39C47", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.6:*:*:*:*:*:*:*", matchCriteriaId: "DA782B4B-486F-4197-BD5D-ABF791D57211", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.7:*:*:*:*:*:*:*", matchCriteriaId: "558D8641-E097-4D91-9B6E-07433844BB82", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.8:*:*:*:*:*:*:*", matchCriteriaId: "0B46F5F1-38FC-4E25-8F04-CA2730561DF8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.9:*:*:*:*:*:*:*", matchCriteriaId: "C69B0A4D-9619-4BEA-A846-C4438C2660F2", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.10:*:*:*:*:*:*:*", matchCriteriaId: "ED17FE35-6B2C-41BF-A7C7-2EECBDB5A934", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.11:*:*:*:*:*:*:*", matchCriteriaId: "78A50750-3A31-482C-B95C-019C8934850E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.12:*:*:*:*:*:*:*", matchCriteriaId: "8FF6AC30-9570-4D4B-835E-CCADEB546F46", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.13:*:*:*:*:*:*:*", matchCriteriaId: "7FB84E4E-6A0A-41C8-9DDF-3C18F526F155", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.14:*:*:*:*:*:*:*", matchCriteriaId: "2E49E5C3-D01F-4DBC-B33A-5495D3EC44F8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.15:*:*:*:*:*:*:*", matchCriteriaId: "79C53B22-9F33-43E7-8D1F-EEB0DEF4B503", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.16:*:*:*:*:*:*:*", matchCriteriaId: "25B60DB2-F50C-42F0-B6C9-B25C34B8F578", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.17:*:*:*:*:*:*:*", matchCriteriaId: "DE973F9E-8387-464F-AFA0-25215B340173", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.18:*:*:*:*:*:*:*", matchCriteriaId: "03D3F0E3-0C50-4A86-87F4-90FC82B312F5", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "CE26BEC0-B9C7-43F0-B0FB-E81870170B29", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "D0778579-A193-4C61-BB1A-6D2E733F3958", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "9ED5DC63-6E9D-4068-95DF-AF8FD9A0A7ED", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.4:*:*:*:*:*:*:*", matchCriteriaId: "8DE890F9-12C0-4D66-B6C1-6A5A87FAD5F0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.5:*:*:*:*:*:*:*", matchCriteriaId: "FB414FE3-3567-474B-B5A7-D3EF5DD63AB8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "AF450F17-12A2-4E33-875A-5F3C2CA4A5C1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.6:*:*:*:*:*:*:*", matchCriteriaId: "E3AB229E-2C32-410B-BFE2-62DCA734C3F3", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "78A6D6B0-9BC0-418E-84EE-23697A0FEC19", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.8:*:*:*:*:*:*:*", matchCriteriaId: "5BF7AFE1-A45A-43B7-B3C7-45C060D046BC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.9:*:*:*:*:*:*:*", matchCriteriaId: "41914354-D5BE-4B1F-BED3-0ECA43586537", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.10:*:*:*:*:*:*:*", matchCriteriaId: "AE9A3716-8670-4847-A6EB-F601184D369E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.11:*:*:*:*:*:*:*", matchCriteriaId: "D0E88EE3-EC00-4F1F-BAEF-4F1F893C5C5F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.12:*:*:*:*:*:*:*", matchCriteriaId: "A330DFA8-BF79-45CC-BF88-6CEA26D7BC9E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.13:*:*:*:*:*:*:*", matchCriteriaId: "679A55F8-34B4-435A-8BCE-8F842F3FB269", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.14:*:*:*:*:*:*:*", matchCriteriaId: "898674F9-6BF7-469F-A74E-558EAFC2CD27", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.15:*:*:*:*:*:*:*", matchCriteriaId: "3F50E718-1CF2-4C8F-A1EA-5F769B203B8A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "6DFAB3BA-BBE9-4CFB-BE6B-BDF3E7772E7F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "C9F523B8-463E-4FB0-ACB6-E36AAAF85CD9", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*", matchCriteriaId: "5BA593D9-907D-4051-A3F2-0F88F01A7C79", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "20D2B364-B98A-4484-A10A-86AF43774096", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*", matchCriteriaId: "0B7BF076-0D43-407A-86DC-D1163922A787", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*", matchCriteriaId: "AA576F49-A7F5-4013-89DF-F6C91C15B547", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*", matchCriteriaId: "5D3F52FE-FFB3-4221-8DC7-3F5680A07429", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*", matchCriteriaId: "604FEF42-ABA7-42C1-8A5F-C3AECFD68481", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*", matchCriteriaId: "DC2568C1-89CB-41C1-9126-A8665614D0B1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*", matchCriteriaId: "C18B5392-3FDB-49E6-89DB-7945D337FBFB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*", matchCriteriaId: "BA9E0E7F-E93C-4DE9-8D91-5EE50BCFAC2A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.12:*:*:*:*:*:*:*", matchCriteriaId: "0BFF9D8B-343B-415D-8AF8-B07AF94CC48B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.13:*:*:*:*:*:*:*", matchCriteriaId: "16F5794B-BBFB-4B12-9A0B-88A0334681C7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.14:*:*:*:*:*:*:*", matchCriteriaId: "17D0083E-8D50-4DC6-979F-685D5CB588AF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.15:*:*:*:*:*:*:*", matchCriteriaId: "138FAD73-1D25-4F46-B9EA-599FF0EDA1AA", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.16:*:*:*:*:*:*:*", matchCriteriaId: "2CE34DC1-F654-474E-B6A3-D81B9BF4D6CF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.17:*:*:*:*:*:*:*", matchCriteriaId: "8A4BF7AC-7D9F-40D8-A5AA-BE1EBF37CF96", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.18:*:*:*:*:*:*:*", matchCriteriaId: "643E8B9B-C3F4-4171-BF67-D9359BDCE5CB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.19:*:*:*:*:*:*:*", matchCriteriaId: "A73CBC60-1EF1-4730-9350-EB51F269695B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.1:*:*:*:*:*:*:*", matchCriteriaId: "2721E403-A553-492F-897F-1CD1E2685139", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.2:*:*:*:*:*:*:*", matchCriteriaId: "85B091C4-8104-4A1E-A09D-EBCD114DC829", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.3:*:*:*:*:*:*:*", matchCriteriaId: "FA2EDF9C-45AD-4980-8DEF-C7F473B22CAF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.4:*:*:*:*:*:*:*", matchCriteriaId: "BE4B8448-49FA-491C-A6A2-040233D670B1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.5:*:*:*:*:*:*:*", matchCriteriaId: "11480BB1-874C-48EB-BB03-081313310608", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.6:*:*:*:*:*:*:*", matchCriteriaId: "1B739890-99E8-434C-97D4-3739E6C31838", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.7:*:*:*:*:*:*:*", matchCriteriaId: "0C7B1871-3C85-4B88-AB42-E60BF5CDFB04", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0A71DCD2-0E54-46A7-8309-CDB0736AD5C1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.9:*:*:*:*:*:*:*", matchCriteriaId: "CD54BDDF-F7A8-4715-BA0E-4E7F741492FE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.10:*:*:*:*:*:*:*", matchCriteriaId: "9A2B9699-6622-4883-BA03-E3374C54871A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.11:*:*:*:*:*:*:*", matchCriteriaId: "78391DAF-2096-4DC4-80E4-D4D2859DCA32", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.12:*:*:*:*:*:*:*", matchCriteriaId: "9B062A06-31C1-4B23-B7BD-9F751ABD6A37", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.13:*:*:*:*:*:*:*", matchCriteriaId: "DE426934-A9E2-4019-99EA-5A76EA7CDF5C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0:*:*:*:*:*:*:*", matchCriteriaId: "728DD64E-C267-475A-BEA8-C139581DD7A7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "4CE8F3F5-45A2-418A-9D8E-4E6DFC888BC6", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "7F4845D4-40D9-431E-A63C-E949B9D9F959", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.1:*:*:*:*:*:*:*", matchCriteriaId: "9EF070E6-0B73-4F6D-8932-B284697FCD2E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.2:*:*:*:*:*:*:*", matchCriteriaId: "6E07992B-92B4-4307-8DBD-085376C1D6DD", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.3:*:*:*:*:*:*:*", matchCriteriaId: "386550A3-A55B-4F24-9625-6A50260ADA72", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.4:*:*:*:*:*:*:*", matchCriteriaId: "810D1F9E-81E5-45F0-B62B-AB0A797FF8B0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.5:*:*:*:*:*:*:*", matchCriteriaId: "4673327A-1E50-47CC-AD83-6A3D2E687292", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.6:*:*:*:*:*:*:*", matchCriteriaId: "6624AF2D-9EF0-4597-B8B2-20D7A309EA6F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.7:*:*:*:*:*:*:*", matchCriteriaId: "E9F75D13-ED59-42A9-A662-AC77DBA20903", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.8:*:*:*:*:*:*:*", matchCriteriaId: "1D2DEDED-818C-42E4-821C-954CE7406DA8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.9:*:*:*:*:*:*:*", matchCriteriaId: "EEED0A2E-AA5D-4835-A7C6-499325A0EB32", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.10:*:*:*:*:*:*:*", matchCriteriaId: "BEDD0AF5-8252-4548-941B-26581393E918", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.11:*:*:*:*:*:*:*", matchCriteriaId: "3E939AD4-B8F3-4BC0-9948-3C92B88D2593", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.12:*:*:*:*:*:*:*", matchCriteriaId: "73CAD438-969B-4D2E-8A2F-9264AFAD9DE2", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.13:*:*:*:*:*:*:*", matchCriteriaId: "87259A2E-E132-45BA-8AC4-8CC50B1F659A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "1DD85E57-9A51-42DF-8BF7-E5701BAA64AE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.2:*:*:*:*:*:*:*", matchCriteriaId: "E983C5C3-C93C-4750-8DC5-31D6206335A8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DEC8D212-6E8B-45F7-B7FB-9FFA64C1DB8F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.1:*:*:*:*:*:*:*", matchCriteriaId: "F03B2A6E-1D63-42F2-BB31-18EC120B6543", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.2:*:*:*:*:*:*:*", matchCriteriaId: "3BC83C4B-7C06-40D7-9EF6-76E752E5724B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.3:*:*:*:*:*:*:*", matchCriteriaId: "5C1E1CC9-81A7-47D5-87AC-86703E257D29", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.4:*:*:*:*:*:*:*", matchCriteriaId: "D716D8C4-2089-4E61-9487-B2085B74B5BF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.8:*:*:*:*:*:*:*", matchCriteriaId: "40507A48-FD3B-4309-B017-A1644C5C3520", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.9:*:*:*:*:*:*:*", matchCriteriaId: "0211EBCA-144F-4BDD-8F0C-E5F7BDF96E7A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.10:*:*:*:*:*:*:*", matchCriteriaId: "7A52E699-6C08-4324-AD38-E8D40A02701F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.11:*:*:*:*:*:*:*", matchCriteriaId: "94C493CA-CBF0-4D15-8D1A-0E972E31F7A6", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.12:*:*:*:*:*:*:*", matchCriteriaId: "C398219E-503D-4DE5-85E8-5570536D6FB9", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.13:*:*:*:*:*:*:*", matchCriteriaId: "BBF91088-0BD3-48EB-8D19-C05F156D4A19", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.1:*:*:*:*:*:*:*", matchCriteriaId: "E0868B12-EDF9-42D9-BB43-15F623A3310B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.2:*:*:*:*:*:*:*", matchCriteriaId: "F710949D-F0FE-43F4-ADB3-6EB679A70280", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DCB75144-2437-40A8-8CA3-A487B603F7DE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.4:*:*:*:*:*:*:*", matchCriteriaId: "6CED2CB3-BE78-4818-A6D7-847A1ACE74DC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.1:*:*:*:*:*:*:*", matchCriteriaId: "705D8320-A278-483A-AE47-802044CE685E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "060FCBEA-DEAA-42FB-88C9-4B78136B172F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.2:*:*:*:*:*:*:*", matchCriteriaId: "74987102-8CA8-4120-B686-F18579A96A46", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DA7828AA-48B6-44CD-8507-345A4F0A25BC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.4:*:*:*:*:*:*:*", matchCriteriaId: "6640F25F-CC8B-4B05-A97A-2186BD0B5ED8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.5:*:*:*:*:*:*:*", matchCriteriaId: "A037F780-6FC9-4130-908F-B5434FA0C7DE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.6:*:*:*:*:*:*:*", matchCriteriaId: "1DDEB455-F082-44E4-8CEA-019C0084BF05", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.", }, { lang: "es", value: "El analizador de Edge Side Includes (ESI) en Squid 3.x en versiones anteriores a 3.5.15 y 4.x en versiones anteriores a 4.0.7 no comprueba los limites del buffer durante el análisis gramatical XML, lo que permite a servidores HTTP remotos provocar una denegación de servicio (fallo de aserción y salida de demonio) a través de un documento XML manipulado, relacionado con esi/CustomParser.cc y esi/CustomParser.h.", }, ], id: "CVE-2016-2570", lastModified: "2024-11-21T02:48:43.470", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-02-27T05:59:04.797", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { source: "cve@mitre.org", url: "http://rhn.redhat.com/errata/RHSA-2016-2600.html", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2016/02/26/2", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id/1035101", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_2.txt", }, { source: "cve@mitre.org", url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13993.patch", }, { source: "cve@mitre.org", url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-14549.patch", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/201607-01", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/3557-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-2600.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2016/02/26/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1035101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_2.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13993.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-14549.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/201607-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/3557-1/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-25 19:15
Modified
2024-11-21 07:23
Severity ?
Summary
A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a client. This is fixed in 5.7.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_2.patch | Patch, Third Party Advisory | |
| cve@mitre.org | http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_2.patch | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/squid-cache/squid/security/advisories/GHSA-394c-rr7q-6g78 | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.openwall.com/lists/oss-security/2022/09/23/2 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_2.patch | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_2.patch | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/squid-cache/squid/security/advisories/GHSA-394c-rr7q-6g78 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2022/09/23/2 | Mailing List, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "88C8B57A-A610-45EE-ABDF-E6D96B2687E3", versionEndExcluding: "5.7", versionStartIncluding: "2.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a client. This is fixed in 5.7.", }, { lang: "es", value: "Se descubrió una lectura excesiva del búfer en libntlmauth en Squid 2.5 a 5.6. Debido a una protección incorrecta contra el desbordamiento de enteros, los asistentes de autenticación SSPI y SMB son vulnerables a la lectura de ubicaciones de memoria no deseadas. En algunas configuraciones, las credenciales en texto sin cifrar de estas ubicaciones se envían a un cliente. Esto se solucionó en 5.7.", }, ], id: "CVE-2022-41318", lastModified: "2024-11-21T07:23:02.240", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-25T19:15:10.820", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_2.patch", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_2.patch", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-394c-rr7q-6g78", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2022/09/23/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_2.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_2.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-394c-rr7q-6g78", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2022/09/23/2", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-11-26 17:15
Modified
2024-11-21 04:33
Severity ?
Summary
An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. The resulting Response messages corrupt caches (between a client and Squid) with attacker-controlled content at arbitrary URLs. Effects are isolated to software between the attacker client and Squid. There are no effects on Squid itself, nor on any upstream servers. The issue is related to a request header containing whitespace between a header name and a colon.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.04 | |
| canonical | ubuntu_linux | 19.10 | |
| debian | debian_linux | 8.0 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "FC9F2659-B37B-4E7B-AE40-B91BF3CE4E88", versionEndIncluding: "3.5.28", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "A278895E-7005-4F4B-8649-A013F60E33D4", versionEndIncluding: "4.8", versionStartIncluding: "4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", matchCriteriaId: "CD783B0C-9246-47D9-A937-6144FE8BFF0F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. The resulting Response messages corrupt caches (between a client and Squid) with attacker-controlled content at arbitrary URLs. Effects are isolated to software between the attacker client and Squid. There are no effects on Squid itself, nor on any upstream servers. The issue is related to a request header containing whitespace between a header name and a colon.", }, { lang: "es", value: "Se descubrió un problema en Squid versiones 2.x, 3.x y versiones 4.x hasta 4.8. Permite a atacantes pasar un trafico no autorizado de peticiones HTTP mediante el software frontend e una instancia de Squid que divide la tubería de la petición HTTP de manera diferente. Los mensajes de respuesta resultantes corrompen las memorias caché (entre un cliente y Squid) con contenido controlado por el atacante en URL arbitrarias. Los efectos son aislados del software entre el cliente atacante y Squid. No existen efectos en Squid en sí, ni en ningún servidor ascendente. El problema está relacionado con un encabezado de petición que contiene espacios en blanco entre un nombre de encabezado y dos puntos.", }, ], id: "CVE-2019-18678", lastModified: "2024-11-21T04:33:30.973", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-11-26T17:15:12.983", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2019_10.txt", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1156323", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/pull/445", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html", }, { source: "cve@mitre.org", url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/202003-34", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4213-1/", }, { source: "cve@mitre.org", url: "https://www.debian.org/security/2020/dsa-4682", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2019_10.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1156323", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/pull/445", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202003-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4213-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.debian.org/security/2020/dsa-4682", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-444", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-04-25 14:59
Modified
2024-11-21 02:51
Severity ?
Summary
Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:*:*:*:*:*:*", matchCriteriaId: "62B9F669-6217-498A-902E-22EDEEFC565E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1:*:*:*:*:*:*:*", matchCriteriaId: "6A8586AD-E820-4BAE-AAF9-AC7EF2316C06", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "802E3D2B-90B7-4725-854F-4174116BC314", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "7501697A-BCFD-4DC3-8D87-CC9A186D9589", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "0D6C4455-85F4-462D-9FF6-F830ED7D398E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "B600BF4C-8169-4086-BFE6-F066BE5F5406", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "46272D1B-1468-48C0-B37A-7D06FAC39C47", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.6:*:*:*:*:*:*:*", matchCriteriaId: "DA782B4B-486F-4197-BD5D-ABF791D57211", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.7:*:*:*:*:*:*:*", matchCriteriaId: "558D8641-E097-4D91-9B6E-07433844BB82", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.8:*:*:*:*:*:*:*", matchCriteriaId: "0B46F5F1-38FC-4E25-8F04-CA2730561DF8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.9:*:*:*:*:*:*:*", matchCriteriaId: "C69B0A4D-9619-4BEA-A846-C4438C2660F2", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.10:*:*:*:*:*:*:*", matchCriteriaId: "ED17FE35-6B2C-41BF-A7C7-2EECBDB5A934", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.11:*:*:*:*:*:*:*", matchCriteriaId: "78A50750-3A31-482C-B95C-019C8934850E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.12:*:*:*:*:*:*:*", matchCriteriaId: "8FF6AC30-9570-4D4B-835E-CCADEB546F46", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.13:*:*:*:*:*:*:*", matchCriteriaId: "7FB84E4E-6A0A-41C8-9DDF-3C18F526F155", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.14:*:*:*:*:*:*:*", matchCriteriaId: "2E49E5C3-D01F-4DBC-B33A-5495D3EC44F8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.15:*:*:*:*:*:*:*", matchCriteriaId: "79C53B22-9F33-43E7-8D1F-EEB0DEF4B503", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.16:*:*:*:*:*:*:*", matchCriteriaId: "25B60DB2-F50C-42F0-B6C9-B25C34B8F578", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.17:*:*:*:*:*:*:*", matchCriteriaId: "DE973F9E-8387-464F-AFA0-25215B340173", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.18:*:*:*:*:*:*:*", matchCriteriaId: "03D3F0E3-0C50-4A86-87F4-90FC82B312F5", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "CE26BEC0-B9C7-43F0-B0FB-E81870170B29", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "D0778579-A193-4C61-BB1A-6D2E733F3958", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "9ED5DC63-6E9D-4068-95DF-AF8FD9A0A7ED", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.4:*:*:*:*:*:*:*", matchCriteriaId: "8DE890F9-12C0-4D66-B6C1-6A5A87FAD5F0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.5:*:*:*:*:*:*:*", matchCriteriaId: "FB414FE3-3567-474B-B5A7-D3EF5DD63AB8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "AF450F17-12A2-4E33-875A-5F3C2CA4A5C1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.6:*:*:*:*:*:*:*", matchCriteriaId: "E3AB229E-2C32-410B-BFE2-62DCA734C3F3", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "78A6D6B0-9BC0-418E-84EE-23697A0FEC19", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.8:*:*:*:*:*:*:*", matchCriteriaId: "5BF7AFE1-A45A-43B7-B3C7-45C060D046BC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.9:*:*:*:*:*:*:*", matchCriteriaId: "41914354-D5BE-4B1F-BED3-0ECA43586537", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.10:*:*:*:*:*:*:*", matchCriteriaId: "AE9A3716-8670-4847-A6EB-F601184D369E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.11:*:*:*:*:*:*:*", matchCriteriaId: "D0E88EE3-EC00-4F1F-BAEF-4F1F893C5C5F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.12:*:*:*:*:*:*:*", matchCriteriaId: "A330DFA8-BF79-45CC-BF88-6CEA26D7BC9E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.12.1:*:*:*:*:*:*:*", matchCriteriaId: "0B218819-0975-4E1F-8F6C-D666655937B0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.12.2:*:*:*:*:*:*:*", matchCriteriaId: "594A05FF-E5D2-4132-BF03-44D6866D8133", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.12.3:*:*:*:*:*:*:*", matchCriteriaId: "3B22C192-02F2-4AD4-A305-BADCC09E8075", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.13:*:*:*:*:*:*:*", matchCriteriaId: "679A55F8-34B4-435A-8BCE-8F842F3FB269", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.14:*:*:*:*:*:*:*", matchCriteriaId: "898674F9-6BF7-469F-A74E-558EAFC2CD27", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.15:*:*:*:*:*:*:*", matchCriteriaId: "3F50E718-1CF2-4C8F-A1EA-5F769B203B8A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.16:*:*:*:*:*:*:*", matchCriteriaId: "290D66F4-D27F-4E86-AC95-05082F3C2E36", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.17:*:*:*:*:*:*:*", matchCriteriaId: "A8CD6A42-2C79-48EB-8F6C-0A7CE0C6AAAA", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.18:*:*:*:*:*:*:*", matchCriteriaId: "ABBA9A61-2B05-4527-A49D-425AD5FD863B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.19:*:*:*:*:*:*:*", matchCriteriaId: "E893D7A8-9C39-438C-8EF2-9573EEDC884A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.20:*:*:*:*:*:*:*", matchCriteriaId: "0B707451-BF0E-4F79-A348-B1141ABA6EF8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.21:*:*:*:*:*:*:*", matchCriteriaId: "810AAA9D-F4B2-4F0A-89DD-2D9378516481", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.22:*:*:*:*:*:*:*", matchCriteriaId: "516F3F77-3AEA-489D-A36F-C502B4D9BF01", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "6DFAB3BA-BBE9-4CFB-BE6B-BDF3E7772E7F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "C9F523B8-463E-4FB0-ACB6-E36AAAF85CD9", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*", matchCriteriaId: "5BA593D9-907D-4051-A3F2-0F88F01A7C79", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "20D2B364-B98A-4484-A10A-86AF43774096", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*", matchCriteriaId: "0B7BF076-0D43-407A-86DC-D1163922A787", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*", matchCriteriaId: "AA576F49-A7F5-4013-89DF-F6C91C15B547", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*", matchCriteriaId: "5D3F52FE-FFB3-4221-8DC7-3F5680A07429", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*", matchCriteriaId: "604FEF42-ABA7-42C1-8A5F-C3AECFD68481", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*", matchCriteriaId: "DC2568C1-89CB-41C1-9126-A8665614D0B1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*", matchCriteriaId: "C18B5392-3FDB-49E6-89DB-7945D337FBFB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*", matchCriteriaId: "BA9E0E7F-E93C-4DE9-8D91-5EE50BCFAC2A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.12:*:*:*:*:*:*:*", matchCriteriaId: "0BFF9D8B-343B-415D-8AF8-B07AF94CC48B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.13:*:*:*:*:*:*:*", matchCriteriaId: "16F5794B-BBFB-4B12-9A0B-88A0334681C7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.14:*:*:*:*:*:*:*", matchCriteriaId: "17D0083E-8D50-4DC6-979F-685D5CB588AF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.15:*:*:*:*:*:*:*", matchCriteriaId: "138FAD73-1D25-4F46-B9EA-599FF0EDA1AA", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.16:*:*:*:*:*:*:*", matchCriteriaId: "2CE34DC1-F654-474E-B6A3-D81B9BF4D6CF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.17:*:*:*:*:*:*:*", matchCriteriaId: "8A4BF7AC-7D9F-40D8-A5AA-BE1EBF37CF96", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.18:*:*:*:*:*:*:*", matchCriteriaId: "643E8B9B-C3F4-4171-BF67-D9359BDCE5CB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.19:*:*:*:*:*:*:*", matchCriteriaId: "A73CBC60-1EF1-4730-9350-EB51F269695B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.1:*:*:*:*:*:*:*", matchCriteriaId: "2721E403-A553-492F-897F-1CD1E2685139", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.2:*:*:*:*:*:*:*", matchCriteriaId: "85B091C4-8104-4A1E-A09D-EBCD114DC829", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.3:*:*:*:*:*:*:*", matchCriteriaId: "FA2EDF9C-45AD-4980-8DEF-C7F473B22CAF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.4:*:*:*:*:*:*:*", matchCriteriaId: "BE4B8448-49FA-491C-A6A2-040233D670B1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.5:*:*:*:*:*:*:*", matchCriteriaId: "11480BB1-874C-48EB-BB03-081313310608", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.6:*:*:*:*:*:*:*", matchCriteriaId: "1B739890-99E8-434C-97D4-3739E6C31838", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.7:*:*:*:*:*:*:*", matchCriteriaId: "0C7B1871-3C85-4B88-AB42-E60BF5CDFB04", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0A71DCD2-0E54-46A7-8309-CDB0736AD5C1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.9:*:*:*:*:*:*:*", matchCriteriaId: "CD54BDDF-F7A8-4715-BA0E-4E7F741492FE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.10:*:*:*:*:*:*:*", matchCriteriaId: "9A2B9699-6622-4883-BA03-E3374C54871A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.11:*:*:*:*:*:*:*", matchCriteriaId: "78391DAF-2096-4DC4-80E4-D4D2859DCA32", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.12:*:*:*:*:*:*:*", matchCriteriaId: "9B062A06-31C1-4B23-B7BD-9F751ABD6A37", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.13:*:*:*:*:*:*:*", matchCriteriaId: "DE426934-A9E2-4019-99EA-5A76EA7CDF5C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0:*:*:*:*:*:*:*", matchCriteriaId: "728DD64E-C267-475A-BEA8-C139581DD7A7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A7A83183-74B1-4041-A961-D9F382AAC7E5", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "4CE8F3F5-45A2-418A-9D8E-4E6DFC888BC6", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "7F4845D4-40D9-431E-A63C-E949B9D9F959", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.1:*:*:*:*:*:*:*", matchCriteriaId: "9EF070E6-0B73-4F6D-8932-B284697FCD2E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.2:*:*:*:*:*:*:*", matchCriteriaId: "6E07992B-92B4-4307-8DBD-085376C1D6DD", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.3:*:*:*:*:*:*:*", matchCriteriaId: "386550A3-A55B-4F24-9625-6A50260ADA72", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.4:*:*:*:*:*:*:*", matchCriteriaId: "810D1F9E-81E5-45F0-B62B-AB0A797FF8B0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.5:*:*:*:*:*:*:*", matchCriteriaId: "4673327A-1E50-47CC-AD83-6A3D2E687292", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.6:*:*:*:*:*:*:*", matchCriteriaId: "6624AF2D-9EF0-4597-B8B2-20D7A309EA6F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.7:*:*:*:*:*:*:*", matchCriteriaId: "E9F75D13-ED59-42A9-A662-AC77DBA20903", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.8:*:*:*:*:*:*:*", matchCriteriaId: "1D2DEDED-818C-42E4-821C-954CE7406DA8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.9:*:*:*:*:*:*:*", matchCriteriaId: "EEED0A2E-AA5D-4835-A7C6-499325A0EB32", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.10:*:*:*:*:*:*:*", matchCriteriaId: "BEDD0AF5-8252-4548-941B-26581393E918", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.11:*:*:*:*:*:*:*", matchCriteriaId: "3E939AD4-B8F3-4BC0-9948-3C92B88D2593", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.12:*:*:*:*:*:*:*", matchCriteriaId: "73CAD438-969B-4D2E-8A2F-9264AFAD9DE2", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.13:*:*:*:*:*:*:*", matchCriteriaId: "87259A2E-E132-45BA-8AC4-8CC50B1F659A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.14:*:*:*:*:*:*:*", matchCriteriaId: "76245991-1D91-4475-87E1-FBB77A1B3CDF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "1DD85E57-9A51-42DF-8BF7-E5701BAA64AE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.2:*:*:*:*:*:*:*", matchCriteriaId: "E983C5C3-C93C-4750-8DC5-31D6206335A8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DEC8D212-6E8B-45F7-B7FB-9FFA64C1DB8F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.1:*:*:*:*:*:*:*", matchCriteriaId: "F03B2A6E-1D63-42F2-BB31-18EC120B6543", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.2:*:*:*:*:*:*:*", matchCriteriaId: "3BC83C4B-7C06-40D7-9EF6-76E752E5724B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.3:*:*:*:*:*:*:*", matchCriteriaId: "5C1E1CC9-81A7-47D5-87AC-86703E257D29", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.4:*:*:*:*:*:*:*", matchCriteriaId: "D716D8C4-2089-4E61-9487-B2085B74B5BF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.4.1:*:*:*:*:*:*:*", matchCriteriaId: "1BBC5AAD-34E1-48A5-972A-A09D66EFE825", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.4.2:*:*:*:*:*:*:*", matchCriteriaId: "79E26DC8-1030-4F3F-96B9-6BF159D86FCE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.8:*:*:*:*:*:*:*", matchCriteriaId: "40507A48-FD3B-4309-B017-A1644C5C3520", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.9:*:*:*:*:*:*:*", matchCriteriaId: "0211EBCA-144F-4BDD-8F0C-E5F7BDF96E7A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.10:*:*:*:*:*:*:*", matchCriteriaId: "7A52E699-6C08-4324-AD38-E8D40A02701F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.11:*:*:*:*:*:*:*", matchCriteriaId: "94C493CA-CBF0-4D15-8D1A-0E972E31F7A6", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.12:*:*:*:*:*:*:*", matchCriteriaId: "C398219E-503D-4DE5-85E8-5570536D6FB9", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.13:*:*:*:*:*:*:*", matchCriteriaId: "BBF91088-0BD3-48EB-8D19-C05F156D4A19", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.14:*:*:*:*:*:*:*", matchCriteriaId: "3441D193-DA62-4AC1-8E50-3AEEF8C659F3", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.1:*:*:*:*:*:*:*", matchCriteriaId: "E0868B12-EDF9-42D9-BB43-15F623A3310B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.2:*:*:*:*:*:*:*", matchCriteriaId: "F710949D-F0FE-43F4-ADB3-6EB679A70280", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DCB75144-2437-40A8-8CA3-A487B603F7DE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.4:*:*:*:*:*:*:*", matchCriteriaId: "6CED2CB3-BE78-4818-A6D7-847A1ACE74DC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.1:*:*:*:*:*:*:*", matchCriteriaId: "705D8320-A278-483A-AE47-802044CE685E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.2:*:*:*:*:*:*:*", matchCriteriaId: "715634E1-F7BE-4106-BDA7-B7D147EEA800", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.3:*:*:*:*:*:*:*", matchCriteriaId: "21E9E155-FC6F-46E7-8BF7-65DF097409D3", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.4:*:*:*:*:*:*:*", matchCriteriaId: "CF72FA7A-E35D-4000-9DDA-71E55EA3A4D4", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.5:*:*:*:*:*:*:*", matchCriteriaId: "26A3F10F-938E-44D6-845D-B66EF9812C21", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.6:*:*:*:*:*:*:*", matchCriteriaId: "B1D82EEE-F65E-4657-B0F7-6CE33D219134", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.7:*:*:*:*:*:*:*", matchCriteriaId: "C9E6A845-B67C-4112-8240-9F61D6AF3B0D", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.8:*:*:*:*:*:*:*", matchCriteriaId: "4BEDD7E3-E263-4A09-9C11-3E008E01BC28", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.9:*:*:*:*:*:*:*", matchCriteriaId: "80E3FF16-A6CD-456C-B58A-381A75D8616C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.10:*:*:*:*:*:*:*", matchCriteriaId: "87D02AB2-AA26-4416-B689-02C5EEF2099C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.11:*:*:*:*:*:*:*", matchCriteriaId: "A134E1F1-AFCC-498B-8840-5884CF858769", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.12:*:*:*:*:*:*:*", matchCriteriaId: "D5F4E7D0-B6F4-476E-A011-55619E91A3B0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.13:*:*:*:*:*:*:*", matchCriteriaId: "95588755-27E8-4DB7-B865-A784D3638FE8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.14:*:*:*:*:*:*:*", matchCriteriaId: "2CD4DDBC-4243-459A-B43D-FF8F0AE0BA3C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.15:*:*:*:*:*:*:*", matchCriteriaId: "0F90E11F-FC03-46D9-A9C4-A578196D59D8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.16:*:*:*:*:*:*:*", matchCriteriaId: "EDC9BEE2-D7E4-4192-963C-E9F2364FC8CE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "060FCBEA-DEAA-42FB-88C9-4B78136B172F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.2:*:*:*:*:*:*:*", matchCriteriaId: "74987102-8CA8-4120-B686-F18579A96A46", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DA7828AA-48B6-44CD-8507-345A4F0A25BC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.4:*:*:*:*:*:*:*", matchCriteriaId: "6640F25F-CC8B-4B05-A97A-2186BD0B5ED8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.5:*:*:*:*:*:*:*", matchCriteriaId: "A037F780-6FC9-4130-908F-B5434FA0C7DE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.6:*:*:*:*:*:*:*", matchCriteriaId: "1DDEB455-F082-44E4-8CEA-019C0084BF05", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.7:*:*:*:*:*:*:*", matchCriteriaId: "49555803-288E-4B0A-B12A-890E5E0AD05F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.8:*:*:*:*:*:*:*", matchCriteriaId: "EBEE374C-365E-49DE-A9F9-6083044C774D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*", matchCriteriaId: "CC7A498A-A669-4C42-8134-86103C799D13", vulnerable: true, }, { criteria: "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", matchCriteriaId: "104DA87B-DEE4-4262-AE50-8E6BC43B228B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", matchCriteriaId: "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", matchCriteriaId: "E88A537F-F4D0-46B9-9E37-965233C2A355", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization.", }, { lang: "es", value: "Squid 3.x en versiones anteriores a 3.5.17 y 4.x en versiones anteriores a 4.0.9 permite a atacantes remotos obtener información sensible sobre la estructura de pila a través de respuestas Edge Side Includes (ESI) manipuladas, relacionado con el uso incorrecto de assert y optimización del compilador.", }, ], id: "CVE-2016-4053", lastModified: "2024-11-21T02:51:14.910", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-04-25T14:59:04.533", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2016/dsa-3625", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/04/20/6", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/04/20/9", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/86788", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/91787", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1035647", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_6.txt", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2995-1", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2016:1138", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2016:1139", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2016:1140", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/201607-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2016/dsa-3625", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/04/20/6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/04/20/9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/86788", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/91787", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1035647", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_6.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2995-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:1138", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:1139", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:1140", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/201607-01", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-20 21:15
Modified
2024-11-21 04:33
Severity ?
Summary
Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.10 | |
| canonical | ubuntu_linux | 20.04 | |
| opensuse | leap | 15.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "2FFB5736-A0F8-4B03-ACAE-ED7CF02ECA9B", versionEndExcluding: "4.9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", matchCriteriaId: "902B8056-9E37-443B-8905-8AA93E2447FB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.", }, { lang: "es", value: "Squid versiones anteriores a 4.9, cuando determinados navegadores web son usados, maneja inapropiadamente HTML en el parámetro host (también se conoce como hostname) en el archivo cachemgr.cgi.", }, ], id: "CVE-2019-18860", lastModified: "2024-11-21T04:33:44.060", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-20T21:15:16.547", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/pull/504", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/pull/505", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4356-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4732", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/pull/504", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/pull/505", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4356-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4732", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-74", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-11-09 11:29
Modified
2024-11-21 03:57
Severity ?
Summary
Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.squid-cache.org/Advisories/SQUID-2018_4.txt | Mitigation, Vendor Advisory | |
| cve@mitre.org | http://www.squid-cache.org/Versions/v5/changesets/squid-5-6feeb15ff312f3e145763adf8d234ed6a0b3f11d.patch | Patch, Vendor Advisory | |
| cve@mitre.org | https://github.com/squid-cache/squid/pull/306 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.squid-cache.org/Advisories/SQUID-2018_4.txt | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.squid-cache.org/Versions/v5/changesets/squid-5-6feeb15ff312f3e145763adf8d234ed6a0b3f11d.patch | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/squid-cache/squid/pull/306 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "CA0D3B55-6D37-49A2-93E4-9E227195CBE8", versionEndExcluding: "4.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors.", }, { lang: "es", value: "Squid en versiones anteriores a la 4.4 tiene Cross-Site Scripting (XSS) mediante un certificado X.509 manipulado durante la generación de la página de error HTTP(S) para los errores de certificado.", }, ], id: "CVE-2018-19131", lastModified: "2024-11-21T03:57:23.373", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-11-09T11:29:03.877", references: [ { source: "cve@mitre.org", tags: [ "Mitigation", "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2018_4.txt", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v5/changesets/squid-5-6feeb15ff312f3e145763adf8d234ed6a0b3f11d.patch", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/pull/306", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2018_4.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v5/changesets/squid-5-6feeb15ff312f3e145763adf8d234ed6a0b3f11d.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/pull/306", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-02-09 23:29
Modified
2024-11-21 03:39
Severity ?
Summary
The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.10 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "07AA78F0-BFDD-4DF6-9B03-D70E23B73E1C", versionEndExcluding: "4.0.23", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", matchCriteriaId: "9070C9D8-A14A-467F-8253-33B966C16886", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later.", }, { lang: "es", value: "Squid Software Foundation Squid HTTP Caching Proxy, en versiones anteriores a la 4.0.23, contiene una vulnerabilidad de desreferencia de puntero NULL en el procesamiento de cabeceras HTTP Response X-Forwarded-For. Esto puede resultar en una denegación de servicio (DoS) para todos los clientes que empleen el proxy. Este ataque parece ser explotable mediante un servidor HTTP remoto que responda con una cabecera X-Forwarded-For a ciertos tipos de petición HTTP. Parece ser que la vulnerabilidad se ha solucionado en la versión 4.0.23 y siguientes.", }, ], id: "CVE-2018-1000027", lastModified: "2024-11-21T03:39:27.673", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-02-09T23:29:00.870", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2018_2.txt", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_2.patch", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2018_2.patch", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/pull/129/files", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/02/msg00001.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/02/msg00002.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3557-1/", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/4059-2/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2018/dsa-4122", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2018_2.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_2.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2018_2.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/pull/129/files", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/02/msg00001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/02/msg00002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3557-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/4059-2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2018/dsa-4122", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-15 19:15
Modified
2024-11-21 04:23
Severity ?
Summary
An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while processing.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.10 | |
| canonical | ubuntu_linux | 20.04 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| opensuse | leap | 15.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "FC9F2659-B37B-4E7B-AE40-B91BF3CE4E88", versionEndIncluding: "3.5.28", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "61861774-A71F-48CB-B6B2-0489C57E4E66", versionEndIncluding: "4.7", versionStartIncluding: "4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "306640BC-6B06-4BEE-BB6E-B7B3A4613DDC", versionEndIncluding: "5.0.1", versionStartIncluding: "5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", matchCriteriaId: "902B8056-9E37-443B-8905-8AA93E2447FB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while processing.", }, { lang: "es", value: "Se detectó un problema en Squid versiones hasta 4.7. Cuando Squid analiza ESI, mantiene los elementos de ESI en ESIContext. ESIContext contiene un búfer para contener una pila de ESIElements. Cuando se analiza un nuevo ESIElement, es agregado por medio de la función addStackElement. addStackElement presenta una comprobación para el número de elementos en este búfer, pero está desactivado por 1, conllevando a un Desbordamiento de la Pila de 1 elemento. El desbordamiento se encuentra dentro de la misma estructura, por lo que no puede afectar a los bloques de memoria adyacentes y, por lo tanto, solo conlleva a un bloqueo mientras se procesa.", }, ], id: "CVE-2019-12521", lastModified: "2024-11-21T04:23:01.553", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-15T19:15:12.393", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2020/04/23/1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12521.txt", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202005-05", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210205-0006/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4356-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4682", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2020/04/23/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12521.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202005-05", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210205-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4356-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4682", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-193", }, { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2011-11-17 19:55
Modified
2024-11-21 01:31
Severity ?
Summary
The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "890BD4A7-0680-4BEF-ABA3-FE02FBB05B07", versionEndIncluding: "3.1.15", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:*:*:*:*:*:*", matchCriteriaId: "62B9F669-6217-498A-902E-22EDEEFC565E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:pre1:*:*:*:*:*", matchCriteriaId: "CF9C0078-D06B-4174-AF2C-599638E5B29D", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:pre2:*:*:*:*:*", matchCriteriaId: "F1DD47BA-EA59-4DCC-BFF3-2DF0BC332CBB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:pre3:*:*:*:*:*", matchCriteriaId: "2BC1746D-BE02-4D04-B31D-95589EBD4C93", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:pre4:*:*:*:*:*", matchCriteriaId: "62C35710-215C-4B80-9304-665451F3C0AB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:pre5:*:*:*:*:*", matchCriteriaId: "76A7416C-64B2-4F52-93FD-9C504B7D4F40", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:pre6:*:*:*:*:*", matchCriteriaId: "17D51261-2071-4E8F-AD75-2ECCBE7F7C04", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:pre7:*:*:*:*:*", matchCriteriaId: "ACD9E084-007E-4C6A-8D30-2DC9B355D7B5", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:stable1:*:*:*:*:*", matchCriteriaId: "95912E0D-FACF-459B-94FB-334FDBCC292B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:stable10:*:*:*:*:*", matchCriteriaId: "2C455506-7FBF-4F0E-92E7-F074B74C10D7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:stable11:*:*:*:*:*", matchCriteriaId: "67288E3E-88BF-44CE-84EF-1BF98E8C38CA", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:stable12:*:*:*:*:*", matchCriteriaId: "B428BDA9-8C83-4DE3-9391-17AFD5D750BB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:stable13:*:*:*:*:*", matchCriteriaId: "DC57EAB8-BFEF-4FE2-8ADB-D196EAE3E51D", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:stable14:*:*:*:*:*", matchCriteriaId: "935F2BDE-7F76-4E13-8318-37CE97B7948F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:stable15:*:*:*:*:*", matchCriteriaId: "354599A2-5FCF-4F5A-85AE-00505D32B9BF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:stable2:*:*:*:*:*", matchCriteriaId: "1F1BC7B9-9CD1-42E9-84BB-BEE3668BAAA6", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:stable3:*:*:*:*:*", matchCriteriaId: "88E3716B-863A-40D4-A7D9-F2A288B87394", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:stable4:*:*:*:*:*", matchCriteriaId: "02FB3C5B-95F1-4839-8F68-649AFA2FEB1C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:stable5:*:*:*:*:*", matchCriteriaId: "631CBA69-B2A1-4522-A330-6A87CCBC682C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:stable6:*:*:*:*:*", matchCriteriaId: "0FE7885D-D1EB-4543-B342-80BC645EE8EC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:stable7:*:*:*:*:*", matchCriteriaId: "B7C4AE0E-9608-4D24-8EA3-0F33A5D95A5E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:stable8:*:*:*:*:*", matchCriteriaId: "628344A8-42AE-4AD7-89A2-66711490AB30", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:stable9:*:*:*:*:*", matchCriteriaId: "3260A290-9F63-4E5C-BEF2-015E9491AD18", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:rc1:stable11:*:*:*:*:*", matchCriteriaId: "4F830353-C4E4-4DAF-B7ED-1B0BAE9F3253", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:rc4:*:*:*:*:*:*", matchCriteriaId: "131C4C00-3811-42BF-A84A-EB2E5DA156B4", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable1:*:*:*:*:*:*:*", matchCriteriaId: "047EDDD6-02F5-4B53-8FCA-781962392080", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable2:*:*:*:*:*:*:*", matchCriteriaId: "01AD43AB-40BF-449F-A121-A8587E7AE449", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable3:*:*:*:*:*:*:*", matchCriteriaId: "3942285D-E20C-45C5-9EF8-821F6D782CB8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable4:*:*:*:*:*:*:*", matchCriteriaId: "B3FDB45B-4D91-4427-9565-812919086E7E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable5:*:*:*:*:*:*:*", matchCriteriaId: "86C3C8B5-C2A3-4454-9F89-38A860278366", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable6:*:*:*:*:*:*:*", matchCriteriaId: "8B37B7B4-2EAC-4C2A-9526-5C62CBA1DB8B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable7:*:*:*:*:*:*:*", matchCriteriaId: "056EDEEE-A09C-47A2-9217-72E4B8387E00", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable8:*:*:*:*:*:*:*", matchCriteriaId: "2593CB12-03E2-4F98-9B89-C09D5EADE077", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable9:*:*:*:*:*:*:*", matchCriteriaId: "A44B7A4F-3070-4092-B9AF-3A1CD0897CC7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable10:*:*:*:*:*:*:*", matchCriteriaId: "EF79D9A9-9C11-4E6D-81D1-32CA8CA95223", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable11:*:*:*:*:*:*:*", matchCriteriaId: "042FE60B-7239-45C7-8EE3-A036AC7778F8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable11:rc1:*:*:*:*:*:*", matchCriteriaId: "FF5EE89A-720F-456A-BD26-FE46BBA29D9A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable12:*:*:*:*:*:*:*", matchCriteriaId: "ADF61A74-9CF9-413E-B997-4FAE5BA28939", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable13:*:*:*:*:*:*:*", matchCriteriaId: "5605B00F-438B-45CC-A55D-E75E57BC4684", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable14:*:*:*:*:*:*:*", matchCriteriaId: "8316B22E-B016-4F0E-9A3F-383E9B1A85A4", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable15:*:*:*:*:*:*:*", matchCriteriaId: "49A2C5CB-E2F1-4A72-9EA3-912050AFEF7F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable16:*:*:*:*:*:*:*", matchCriteriaId: "574C7DCC-B6E5-42A0-AA44-A0BCD67D1884", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable16:rc1:*:*:*:*:*:*", matchCriteriaId: "4D0DAD04-02C4-4FC4-BE08-3CAA3B85EB0B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable17:*:*:*:*:*:*:*", matchCriteriaId: "A2B1F1A5-B435-4A5C-86DF-EC3F29D94417", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable18:*:*:*:*:*:*:*", matchCriteriaId: "113EF7A6-3B8D-4A50-8873-FD36FCBF284C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable19:*:*:*:*:*:*:*", matchCriteriaId: "DC97E2DA-7378-486B-9178-3B38FF58589B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable20:*:*:*:*:*:*:*", matchCriteriaId: "1F178890-2F7E-43F5-8D6D-5EFCD790E758", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable21:*:*:*:*:*:*:*", matchCriteriaId: "9FA231EB-0F06-4D13-B50D-76FC8393187A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable22:*:*:*:*:*:*:*", matchCriteriaId: "31AB1D33-65EE-46DF-9D29-6B2BFACE7EC8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable23:*:*:*:*:*:*:*", matchCriteriaId: "BDA4744F-5FB2-4DF8-A7B9-A33EAB004CBA", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable24:*:*:*:*:*:*:*", matchCriteriaId: "72023FB9-F081-4F0A-9E81-2AF0470EB278", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable25:*:*:*:*:*:*:*", matchCriteriaId: "2F7D973B-9D57-4F74-89B1-A18CDA388EF4", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1:*:*:*:*:*:*:*", matchCriteriaId: "6A8586AD-E820-4BAE-AAF9-AC7EF2316C06", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "802E3D2B-90B7-4725-854F-4174116BC314", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "7501697A-BCFD-4DC3-8D87-CC9A186D9589", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "0D6C4455-85F4-462D-9FF6-F830ED7D398E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "B600BF4C-8169-4086-BFE6-F066BE5F5406", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "46272D1B-1468-48C0-B37A-7D06FAC39C47", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.6:*:*:*:*:*:*:*", matchCriteriaId: "DA782B4B-486F-4197-BD5D-ABF791D57211", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.7:*:*:*:*:*:*:*", matchCriteriaId: "558D8641-E097-4D91-9B6E-07433844BB82", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.8:*:*:*:*:*:*:*", matchCriteriaId: "0B46F5F1-38FC-4E25-8F04-CA2730561DF8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.9:*:*:*:*:*:*:*", matchCriteriaId: "C69B0A4D-9619-4BEA-A846-C4438C2660F2", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.10:*:*:*:*:*:*:*", matchCriteriaId: "ED17FE35-6B2C-41BF-A7C7-2EECBDB5A934", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.11:*:*:*:*:*:*:*", matchCriteriaId: "78A50750-3A31-482C-B95C-019C8934850E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.12:*:*:*:*:*:*:*", matchCriteriaId: "8FF6AC30-9570-4D4B-835E-CCADEB546F46", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.13:*:*:*:*:*:*:*", matchCriteriaId: "7FB84E4E-6A0A-41C8-9DDF-3C18F526F155", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.14:*:*:*:*:*:*:*", matchCriteriaId: "2E49E5C3-D01F-4DBC-B33A-5495D3EC44F8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.15:*:*:*:*:*:*:*", matchCriteriaId: "79C53B22-9F33-43E7-8D1F-EEB0DEF4B503", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.16:*:*:*:*:*:*:*", matchCriteriaId: "25B60DB2-F50C-42F0-B6C9-B25C34B8F578", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.17:*:*:*:*:*:*:*", matchCriteriaId: "DE973F9E-8387-464F-AFA0-25215B340173", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.18:*:*:*:*:*:*:*", matchCriteriaId: "03D3F0E3-0C50-4A86-87F4-90FC82B312F5", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "CE26BEC0-B9C7-43F0-B0FB-E81870170B29", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "D0778579-A193-4C61-BB1A-6D2E733F3958", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "9ED5DC63-6E9D-4068-95DF-AF8FD9A0A7ED", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.4:*:*:*:*:*:*:*", matchCriteriaId: "8DE890F9-12C0-4D66-B6C1-6A5A87FAD5F0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.5:*:*:*:*:*:*:*", matchCriteriaId: "FB414FE3-3567-474B-B5A7-D3EF5DD63AB8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "AF450F17-12A2-4E33-875A-5F3C2CA4A5C1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.6:*:*:*:*:*:*:*", matchCriteriaId: "E3AB229E-2C32-410B-BFE2-62DCA734C3F3", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "78A6D6B0-9BC0-418E-84EE-23697A0FEC19", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.8:*:*:*:*:*:*:*", matchCriteriaId: "5BF7AFE1-A45A-43B7-B3C7-45C060D046BC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.9:*:*:*:*:*:*:*", matchCriteriaId: "41914354-D5BE-4B1F-BED3-0ECA43586537", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.10:*:*:*:*:*:*:*", matchCriteriaId: "AE9A3716-8670-4847-A6EB-F601184D369E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.11:*:*:*:*:*:*:*", matchCriteriaId: "D0E88EE3-EC00-4F1F-BAEF-4F1F893C5C5F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.12:*:*:*:*:*:*:*", matchCriteriaId: "A330DFA8-BF79-45CC-BF88-6CEA26D7BC9E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.13:*:*:*:*:*:*:*", matchCriteriaId: "679A55F8-34B4-435A-8BCE-8F842F3FB269", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.14:*:*:*:*:*:*:*", matchCriteriaId: "898674F9-6BF7-469F-A74E-558EAFC2CD27", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record.", }, { lang: "es", value: "La función idnsGrokReply en Squid anterior a v3.1.16 no adecuada de memoria libre, permite a atacantes remotos provocar una denegación de servicio (daemon abortar) a través de una respuesta DNS que contiene un registro CNAME que hace referencia a otro registro CNAME y este contiene un registro vacío.", }, ], id: "CVE-2011-4096", lastModified: "2024-11-21T01:31:50.260", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2011-11-17T19:55:01.453", references: [ { source: "secalert@redhat.com", url: "http://bugs.squid-cache.org/show_bug.cgi?id=3237#c12", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/46609", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/47459", }, { source: "secalert@redhat.com", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:193", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2011/10/31/5", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2011/11/01/3", }, { source: "secalert@redhat.com", url: "http://www.redhat.com/support/errata/RHSA-2011-1791.html", }, { source: "secalert@redhat.com", url: "http://www.securitytracker.com/id?1026265", }, { source: "secalert@redhat.com", url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID_3_1_16.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://bugs.squid-cache.org/show_bug.cgi?id=3237#c12", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/46609", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/47459", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:193", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2011/10/31/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2011/11/01/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2011-1791.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1026265", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID_3_1_16.html", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-399", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-05-27 12:15
Modified
2024-11-21 06:00
Severity ?
Summary
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unspecified short query string. This attack is limited to clients with Cache Manager API access privilege.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "119FC718-7AE6-43E0-A019-DB4AC5CEFAE5", versionEndExcluding: "4.15", versionStartIncluding: "1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "68801A75-0B13-444A-B88F-8BDD4EE953D3", versionEndExcluding: "5.0.6", versionStartIncluding: "5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unspecified short query string. This attack is limited to clients with Cache Manager API access privilege.", }, { lang: "es", value: "Se detectó un problema en Squid versiones anteriores a 4.15 y versiones 5.x anteriores a 5.0.6. Debido a una comprobación del analizador incorrecta, permite un ataque de Denegación de Servicio contra la API del administrador de caché. Esto permite a un cliente confiable desencadenar filtraciones de memoria. Con el tiempo, conlleva a una Denegación de Servicio por medio de una cadena de consulta corta no especificada. Este ataque está limitado a clientes con privilegios de acceso a la API de Cache Manager", }, ], id: "CVE-2021-28652", lastModified: "2024-11-21T06:00:01.900", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-05-27T12:15:08.230", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2023/Oct/14", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/10/11/3", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugs.squid-cache.org/show_bug.cgi?id=5106", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-m47m-9hvw-7447", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4924", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2023/Oct/14", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/10/11/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugs.squid-cache.org/show_bug.cgi?id=5106", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-m47m-9hvw-7447", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4924", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-401", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-24 00:15
Modified
2024-11-21 08:58
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client Manager reports. Squid older than 5.0.5 have not been tested and should be assumed to be vulnerable. All Squid-5.x up to and including 5.9 are vulnerable. All Squid-6.x up to and including 6.5 are vulnerable. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. As a workaround, prevent access to Cache Manager using Squid's main access control: `http_access deny manager`.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "A3D67FB6-14F1-40C3-B636-ADDF38F94FA9", versionEndIncluding: "5.9", versionStartIncluding: "5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "434DE988-6D70-4BAE-8A1A-D07871424517", versionEndExcluding: "6.6", versionStartIncluding: "6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client Manager reports. Squid older than 5.0.5 have not been tested and should be assumed to be vulnerable. All Squid-5.x up to and including 5.9 are vulnerable. All Squid-6.x up to and including 6.5 are vulnerable. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. As a workaround, prevent access to Cache Manager using Squid's main access control: `http_access deny manager`.", }, { lang: "es", value: "Squid es un proxy de almacenamiento en caché para la Web. Debido a un error de referencia de puntero caducado, Squid anterior a la versión 6.6 es vulnerable a un ataque de denegación de servicio contra las respuestas de error del Administrador de Caché. Este problema permite que un cliente confiable realice una Denegación de Servicio al generar páginas de error para los informes de Client Manager. Los calamares mayores de 5.0.5 no han sido probados y se debe suponer que son vulnerables. Todos los Squid-5.x hasta 5.9 includa, son vulnerables. Todos los Squid-6.x hasta 6.5 includa, son vulnerables. Este error se solucionó con la versión 6.6 de Squid. Además, los parches que solucionan este problema para las versiones estables se pueden encontrar en los archivos de parches de Squid. Como workaround, evite el acceso al Administrador de caché utilizando el control de acceso principal de Squid: `http_access deny manager`.", }, ], id: "CVE-2024-23638", lastModified: "2024-11-21T08:58:03.733", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-24T00:15:08.573", references: [ { source: "security-advisories@github.com", tags: [ "Mailing List", "Patch", ], url: "http://www.squid-cache.org/Versions/v5/SQUID-2023_11.patch", }, { source: "security-advisories@github.com", tags: [ "Mailing List", "Patch", ], url: "http://www.squid-cache.org/Versions/v6/SQUID-2023_11.patch", }, { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/squid-cache/squid/commit/290ae202883ac28a48867079c2fb34c40efd382b", }, { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/squid-cache/squid/commit/e8118a7381213f5cfcdeb4cec1d2d854bfd261c8", }, { source: "security-advisories@github.com", tags: [ "Vendor Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-j49p-553x-48rx", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7R4KPSO3MQT3KAOZV7LC2GG3CYMCGK7H/", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWQHRDRHDM5PQTU6BHH4C5KGL37X6TVI/", }, { source: "security-advisories@github.com", tags: [ "Exploit", ], url: "https://megamansec.github.io/Squid-Security-Audit/stream-assert.html", }, { source: "security-advisories@github.com", url: "https://security.netapp.com/advisory/ntap-20240208-0010/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", ], url: "http://www.squid-cache.org/Versions/v5/SQUID-2023_11.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", ], url: "http://www.squid-cache.org/Versions/v6/SQUID-2023_11.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/squid-cache/squid/commit/290ae202883ac28a48867079c2fb34c40efd382b", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/squid-cache/squid/commit/e8118a7381213f5cfcdeb4cec1d2d854bfd261c8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-j49p-553x-48rx", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7R4KPSO3MQT3KAOZV7LC2GG3CYMCGK7H/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWQHRDRHDM5PQTU6BHH4C5KGL37X6TVI/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://megamansec.github.io/Squid-Security-Audit/stream-assert.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20240208-0010/", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-825", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-672", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-04-14 15:09
Modified
2024-11-21 02:01
Severity ?
Summary
Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:3.1:*:*:*:*:*:*:*", matchCriteriaId: "6A8586AD-E820-4BAE-AAF9-AC7EF2316C06", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "802E3D2B-90B7-4725-854F-4174116BC314", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "7501697A-BCFD-4DC3-8D87-CC9A186D9589", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "0D6C4455-85F4-462D-9FF6-F830ED7D398E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "B600BF4C-8169-4086-BFE6-F066BE5F5406", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "46272D1B-1468-48C0-B37A-7D06FAC39C47", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.6:*:*:*:*:*:*:*", matchCriteriaId: "DA782B4B-486F-4197-BD5D-ABF791D57211", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.7:*:*:*:*:*:*:*", matchCriteriaId: "558D8641-E097-4D91-9B6E-07433844BB82", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.8:*:*:*:*:*:*:*", matchCriteriaId: "0B46F5F1-38FC-4E25-8F04-CA2730561DF8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.9:*:*:*:*:*:*:*", matchCriteriaId: "C69B0A4D-9619-4BEA-A846-C4438C2660F2", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.10:*:*:*:*:*:*:*", matchCriteriaId: "ED17FE35-6B2C-41BF-A7C7-2EECBDB5A934", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.11:*:*:*:*:*:*:*", matchCriteriaId: "78A50750-3A31-482C-B95C-019C8934850E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.12:*:*:*:*:*:*:*", matchCriteriaId: "8FF6AC30-9570-4D4B-835E-CCADEB546F46", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.13:*:*:*:*:*:*:*", matchCriteriaId: "7FB84E4E-6A0A-41C8-9DDF-3C18F526F155", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.14:*:*:*:*:*:*:*", matchCriteriaId: "2E49E5C3-D01F-4DBC-B33A-5495D3EC44F8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.15:*:*:*:*:*:*:*", matchCriteriaId: "79C53B22-9F33-43E7-8D1F-EEB0DEF4B503", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.16:*:*:*:*:*:*:*", matchCriteriaId: "25B60DB2-F50C-42F0-B6C9-B25C34B8F578", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.17:*:*:*:*:*:*:*", matchCriteriaId: "DE973F9E-8387-464F-AFA0-25215B340173", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.18:*:*:*:*:*:*:*", matchCriteriaId: "03D3F0E3-0C50-4A86-87F4-90FC82B312F5", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "CE26BEC0-B9C7-43F0-B0FB-E81870170B29", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "D0778579-A193-4C61-BB1A-6D2E733F3958", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "9ED5DC63-6E9D-4068-95DF-AF8FD9A0A7ED", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.4:*:*:*:*:*:*:*", matchCriteriaId: "8DE890F9-12C0-4D66-B6C1-6A5A87FAD5F0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.5:*:*:*:*:*:*:*", matchCriteriaId: "FB414FE3-3567-474B-B5A7-D3EF5DD63AB8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "AF450F17-12A2-4E33-875A-5F3C2CA4A5C1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.6:*:*:*:*:*:*:*", matchCriteriaId: "E3AB229E-2C32-410B-BFE2-62DCA734C3F3", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "78A6D6B0-9BC0-418E-84EE-23697A0FEC19", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.8:*:*:*:*:*:*:*", matchCriteriaId: "5BF7AFE1-A45A-43B7-B3C7-45C060D046BC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.9:*:*:*:*:*:*:*", matchCriteriaId: "41914354-D5BE-4B1F-BED3-0ECA43586537", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.10:*:*:*:*:*:*:*", matchCriteriaId: "AE9A3716-8670-4847-A6EB-F601184D369E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.11:*:*:*:*:*:*:*", matchCriteriaId: "D0E88EE3-EC00-4F1F-BAEF-4F1F893C5C5F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.12:*:*:*:*:*:*:*", matchCriteriaId: "A330DFA8-BF79-45CC-BF88-6CEA26D7BC9E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.13:*:*:*:*:*:*:*", matchCriteriaId: "679A55F8-34B4-435A-8BCE-8F842F3FB269", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.14:*:*:*:*:*:*:*", matchCriteriaId: "898674F9-6BF7-469F-A74E-558EAFC2CD27", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.15:*:*:*:*:*:*:*", matchCriteriaId: "3F50E718-1CF2-4C8F-A1EA-5F769B203B8A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "6DFAB3BA-BBE9-4CFB-BE6B-BDF3E7772E7F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "C9F523B8-463E-4FB0-ACB6-E36AAAF85CD9", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*", matchCriteriaId: "5BA593D9-907D-4051-A3F2-0F88F01A7C79", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "20D2B364-B98A-4484-A10A-86AF43774096", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*", matchCriteriaId: "0B7BF076-0D43-407A-86DC-D1163922A787", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*", matchCriteriaId: "AA576F49-A7F5-4013-89DF-F6C91C15B547", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*", matchCriteriaId: "5D3F52FE-FFB3-4221-8DC7-3F5680A07429", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*", matchCriteriaId: "604FEF42-ABA7-42C1-8A5F-C3AECFD68481", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*", matchCriteriaId: "DC2568C1-89CB-41C1-9126-A8665614D0B1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*", matchCriteriaId: "C18B5392-3FDB-49E6-89DB-7945D337FBFB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*", matchCriteriaId: "BA9E0E7F-E93C-4DE9-8D91-5EE50BCFAC2A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.12:*:*:*:*:*:*:*", matchCriteriaId: "0BFF9D8B-343B-415D-8AF8-B07AF94CC48B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.13:*:*:*:*:*:*:*", matchCriteriaId: "16F5794B-BBFB-4B12-9A0B-88A0334681C7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.14:*:*:*:*:*:*:*", matchCriteriaId: "17D0083E-8D50-4DC6-979F-685D5CB588AF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.15:*:*:*:*:*:*:*", matchCriteriaId: "138FAD73-1D25-4F46-B9EA-599FF0EDA1AA", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.16:*:*:*:*:*:*:*", matchCriteriaId: "2CE34DC1-F654-474E-B6A3-D81B9BF4D6CF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.17:*:*:*:*:*:*:*", matchCriteriaId: "8A4BF7AC-7D9F-40D8-A5AA-BE1EBF37CF96", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.18:*:*:*:*:*:*:*", matchCriteriaId: "643E8B9B-C3F4-4171-BF67-D9359BDCE5CB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.19:*:*:*:*:*:*:*", matchCriteriaId: "A73CBC60-1EF1-4730-9350-EB51F269695B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.1:*:*:*:*:*:*:*", matchCriteriaId: "2721E403-A553-492F-897F-1CD1E2685139", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.2:*:*:*:*:*:*:*", matchCriteriaId: "85B091C4-8104-4A1E-A09D-EBCD114DC829", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.3:*:*:*:*:*:*:*", matchCriteriaId: "FA2EDF9C-45AD-4980-8DEF-C7F473B22CAF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.4:*:*:*:*:*:*:*", matchCriteriaId: "BE4B8448-49FA-491C-A6A2-040233D670B1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.5:*:*:*:*:*:*:*", matchCriteriaId: "11480BB1-874C-48EB-BB03-081313310608", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.6:*:*:*:*:*:*:*", matchCriteriaId: "1B739890-99E8-434C-97D4-3739E6C31838", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.7:*:*:*:*:*:*:*", matchCriteriaId: "0C7B1871-3C85-4B88-AB42-E60BF5CDFB04", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0A71DCD2-0E54-46A7-8309-CDB0736AD5C1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.9:*:*:*:*:*:*:*", matchCriteriaId: "CD54BDDF-F7A8-4715-BA0E-4E7F741492FE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.10:*:*:*:*:*:*:*", matchCriteriaId: "9A2B9699-6622-4883-BA03-E3374C54871A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.11:*:*:*:*:*:*:*", matchCriteriaId: "78391DAF-2096-4DC4-80E4-D4D2859DCA32", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.12:*:*:*:*:*:*:*", matchCriteriaId: "9B062A06-31C1-4B23-B7BD-9F751ABD6A37", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0:*:*:*:*:*:*:*", matchCriteriaId: "728DD64E-C267-475A-BEA8-C139581DD7A7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "4CE8F3F5-45A2-418A-9D8E-4E6DFC888BC6", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "7F4845D4-40D9-431E-A63C-E949B9D9F959", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.1:*:*:*:*:*:*:*", matchCriteriaId: "9EF070E6-0B73-4F6D-8932-B284697FCD2E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.2:*:*:*:*:*:*:*", matchCriteriaId: "6E07992B-92B4-4307-8DBD-085376C1D6DD", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.3:*:*:*:*:*:*:*", matchCriteriaId: "386550A3-A55B-4F24-9625-6A50260ADA72", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.4:*:*:*:*:*:*:*", matchCriteriaId: "810D1F9E-81E5-45F0-B62B-AB0A797FF8B0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.5:*:*:*:*:*:*:*", matchCriteriaId: "4673327A-1E50-47CC-AD83-6A3D2E687292", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.6:*:*:*:*:*:*:*", matchCriteriaId: "6624AF2D-9EF0-4597-B8B2-20D7A309EA6F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.7:*:*:*:*:*:*:*", matchCriteriaId: "E9F75D13-ED59-42A9-A662-AC77DBA20903", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.8:*:*:*:*:*:*:*", matchCriteriaId: "1D2DEDED-818C-42E4-821C-954CE7406DA8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.9:*:*:*:*:*:*:*", matchCriteriaId: "EEED0A2E-AA5D-4835-A7C6-499325A0EB32", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.10:*:*:*:*:*:*:*", matchCriteriaId: "BEDD0AF5-8252-4548-941B-26581393E918", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.11:*:*:*:*:*:*:*", matchCriteriaId: "3E939AD4-B8F3-4BC0-9948-3C92B88D2593", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "1DD85E57-9A51-42DF-8BF7-E5701BAA64AE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.2:*:*:*:*:*:*:*", matchCriteriaId: "E983C5C3-C93C-4750-8DC5-31D6206335A8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DEC8D212-6E8B-45F7-B7FB-9FFA64C1DB8F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.1:*:*:*:*:*:*:*", matchCriteriaId: "F03B2A6E-1D63-42F2-BB31-18EC120B6543", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.2:*:*:*:*:*:*:*", matchCriteriaId: "3BC83C4B-7C06-40D7-9EF6-76E752E5724B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.3:*:*:*:*:*:*:*", matchCriteriaId: "5C1E1CC9-81A7-47D5-87AC-86703E257D29", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", matchCriteriaId: "DE554781-1EB9-446E-911F-6C11970C47F4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management.", }, { lang: "es", value: "Squid 3.1 anterior a 3.3.12 y 3.4 anterior a 3.4.4, cuando SSL-Bump está habilitado, permite a atacantes remotos causar una denegación de servicio (fallo de aserción) a través de una solicitud de rango manipulada, relacionado con gestión de estado.", }, ], id: "CVE-2014-0128", lastModified: "2024-11-21T02:01:26.307", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-04-14T15:09:05.710", references: [ { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2014-04/msg00030.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-updates/2014-04/msg00060.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/57288", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/57889", }, { source: "secalert@redhat.com", url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/66112", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2014_1.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2014-04/msg00030.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2014-04/msg00060.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/57288", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/57889", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/66112", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2014_1.txt", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-02-08 20:55
Modified
2024-11-21 01:47
Severity ?
Summary
cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect order of arguments or incorrect comparison.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:3.1:*:*:*:*:*:*:*", matchCriteriaId: "6A8586AD-E820-4BAE-AAF9-AC7EF2316C06", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "802E3D2B-90B7-4725-854F-4174116BC314", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "7501697A-BCFD-4DC3-8D87-CC9A186D9589", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "0D6C4455-85F4-462D-9FF6-F830ED7D398E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "B600BF4C-8169-4086-BFE6-F066BE5F5406", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "46272D1B-1468-48C0-B37A-7D06FAC39C47", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.6:*:*:*:*:*:*:*", matchCriteriaId: "DA782B4B-486F-4197-BD5D-ABF791D57211", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.7:*:*:*:*:*:*:*", matchCriteriaId: "558D8641-E097-4D91-9B6E-07433844BB82", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.8:*:*:*:*:*:*:*", matchCriteriaId: "0B46F5F1-38FC-4E25-8F04-CA2730561DF8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.9:*:*:*:*:*:*:*", matchCriteriaId: "C69B0A4D-9619-4BEA-A846-C4438C2660F2", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.10:*:*:*:*:*:*:*", matchCriteriaId: "ED17FE35-6B2C-41BF-A7C7-2EECBDB5A934", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.11:*:*:*:*:*:*:*", matchCriteriaId: "78A50750-3A31-482C-B95C-019C8934850E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.12:*:*:*:*:*:*:*", matchCriteriaId: "8FF6AC30-9570-4D4B-835E-CCADEB546F46", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.13:*:*:*:*:*:*:*", matchCriteriaId: "7FB84E4E-6A0A-41C8-9DDF-3C18F526F155", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.14:*:*:*:*:*:*:*", matchCriteriaId: "2E49E5C3-D01F-4DBC-B33A-5495D3EC44F8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.15:*:*:*:*:*:*:*", matchCriteriaId: "79C53B22-9F33-43E7-8D1F-EEB0DEF4B503", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.16:*:*:*:*:*:*:*", matchCriteriaId: "25B60DB2-F50C-42F0-B6C9-B25C34B8F578", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.17:*:*:*:*:*:*:*", matchCriteriaId: "DE973F9E-8387-464F-AFA0-25215B340173", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.18:*:*:*:*:*:*:*", matchCriteriaId: "03D3F0E3-0C50-4A86-87F4-90FC82B312F5", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "CE26BEC0-B9C7-43F0-B0FB-E81870170B29", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "D0778579-A193-4C61-BB1A-6D2E733F3958", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "9ED5DC63-6E9D-4068-95DF-AF8FD9A0A7ED", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.4:*:*:*:*:*:*:*", matchCriteriaId: "8DE890F9-12C0-4D66-B6C1-6A5A87FAD5F0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.5:*:*:*:*:*:*:*", matchCriteriaId: "FB414FE3-3567-474B-B5A7-D3EF5DD63AB8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "AF450F17-12A2-4E33-875A-5F3C2CA4A5C1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.6:*:*:*:*:*:*:*", matchCriteriaId: "E3AB229E-2C32-410B-BFE2-62DCA734C3F3", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "78A6D6B0-9BC0-418E-84EE-23697A0FEC19", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.8:*:*:*:*:*:*:*", matchCriteriaId: "5BF7AFE1-A45A-43B7-B3C7-45C060D046BC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.9:*:*:*:*:*:*:*", matchCriteriaId: "41914354-D5BE-4B1F-BED3-0ECA43586537", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.10:*:*:*:*:*:*:*", matchCriteriaId: "AE9A3716-8670-4847-A6EB-F601184D369E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.11:*:*:*:*:*:*:*", matchCriteriaId: "D0E88EE3-EC00-4F1F-BAEF-4F1F893C5C5F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.12:*:*:*:*:*:*:*", matchCriteriaId: "A330DFA8-BF79-45CC-BF88-6CEA26D7BC9E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.13:*:*:*:*:*:*:*", matchCriteriaId: "679A55F8-34B4-435A-8BCE-8F842F3FB269", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.14:*:*:*:*:*:*:*", matchCriteriaId: "898674F9-6BF7-469F-A74E-558EAFC2CD27", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.15:*:*:*:*:*:*:*", matchCriteriaId: "3F50E718-1CF2-4C8F-A1EA-5F769B203B8A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.22:*:*:*:*:*:*:*", matchCriteriaId: "516F3F77-3AEA-489D-A36F-C502B4D9BF01", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "6DFAB3BA-BBE9-4CFB-BE6B-BDF3E7772E7F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "C9F523B8-463E-4FB0-ACB6-E36AAAF85CD9", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*", matchCriteriaId: "5BA593D9-907D-4051-A3F2-0F88F01A7C79", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "20D2B364-B98A-4484-A10A-86AF43774096", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*", matchCriteriaId: "0B7BF076-0D43-407A-86DC-D1163922A787", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*", matchCriteriaId: "AA576F49-A7F5-4013-89DF-F6C91C15B547", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*", matchCriteriaId: "5D3F52FE-FFB3-4221-8DC7-3F5680A07429", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*", matchCriteriaId: "604FEF42-ABA7-42C1-8A5F-C3AECFD68481", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*", matchCriteriaId: "DC2568C1-89CB-41C1-9126-A8665614D0B1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*", matchCriteriaId: "C18B5392-3FDB-49E6-89DB-7945D337FBFB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*", matchCriteriaId: "BA9E0E7F-E93C-4DE9-8D91-5EE50BCFAC2A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.12:*:*:*:*:*:*:*", matchCriteriaId: "0BFF9D8B-343B-415D-8AF8-B07AF94CC48B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.13:*:*:*:*:*:*:*", matchCriteriaId: "16F5794B-BBFB-4B12-9A0B-88A0334681C7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.14:*:*:*:*:*:*:*", matchCriteriaId: "17D0083E-8D50-4DC6-979F-685D5CB588AF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.15:*:*:*:*:*:*:*", matchCriteriaId: "138FAD73-1D25-4F46-B9EA-599FF0EDA1AA", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.16:*:*:*:*:*:*:*", matchCriteriaId: "2CE34DC1-F654-474E-B6A3-D81B9BF4D6CF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.17:*:*:*:*:*:*:*", matchCriteriaId: "8A4BF7AC-7D9F-40D8-A5AA-BE1EBF37CF96", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.18:*:*:*:*:*:*:*", matchCriteriaId: "643E8B9B-C3F4-4171-BF67-D9359BDCE5CB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.19:*:*:*:*:*:*:*", matchCriteriaId: "A73CBC60-1EF1-4730-9350-EB51F269695B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.1:*:*:*:*:*:*:*", matchCriteriaId: "2721E403-A553-492F-897F-1CD1E2685139", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.2:*:*:*:*:*:*:*", matchCriteriaId: "85B091C4-8104-4A1E-A09D-EBCD114DC829", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.3:*:*:*:*:*:*:*", matchCriteriaId: "FA2EDF9C-45AD-4980-8DEF-C7F473B22CAF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.4:*:*:*:*:*:*:*", matchCriteriaId: "BE4B8448-49FA-491C-A6A2-040233D670B1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*", matchCriteriaId: "7118F616-25CA-4E34-AA13-4D14BB62419F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", matchCriteriaId: "E4174F4F-149E-41A6-BBCC-D01114C05F38", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*", matchCriteriaId: "F5D324C4-97C7-49D3-A809-9EAD4B690C69", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", matchCriteriaId: "E2076871-2E80-4605-A470-A41C1A8EC7EE", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect order of arguments or incorrect comparison.", }, { lang: "es", value: "cachemgr.cgi en Squid v3.1.x, v3.2.x y posiblemente, v3.1.22, v3.2.4 y otras versiones, permite a atacantes remotos provocar una denegación de servicio (consumo de recursos) a través de una solicitud hecha a mano. NOTA: este problema se debe a una solución incorrecta para CVE-2012-5643, posiblemente con un orden incorrecto de argumentos o de comparación incorrecta.", }, ], evaluatorComment: "Per http://www.ubuntu.com/usn/USN-1713-1/\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\nUbuntu 12.10\r\nUbuntu 12.04 LTS\r\nUbuntu 11.10\r\nUbuntu 10.04 LTS\r\n", id: "CVE-2013-0189", lastModified: "2024-11-21T01:47:01.633", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-02-08T20:55:01.377", references: [ { source: "secalert@redhat.com", url: "http://bazaar.launchpad.net/~squid/squid/3.2/revision/11743", }, { source: "secalert@redhat.com", url: "http://bazaar.launchpad.net/~squid/squid/3.2/revision/11744", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://lists.fedoraproject.org/pipermail/scm-commits/2013-January/934637.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-updates/2013-09/msg00025.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-updates/2013-09/msg00032.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/52024", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/54839", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2013/dsa-2631", }, { source: "secalert@redhat.com", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2013:129", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/57646", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID-2012_1.patch", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.2/changesets/SQUID-2012_1.patch", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-1713-1", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=887962#c9", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=895972", }, { source: "secalert@redhat.com", url: "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0029", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://bazaar.launchpad.net/~squid/squid/3.2/revision/11743", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://bazaar.launchpad.net/~squid/squid/3.2/revision/11744", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://lists.fedoraproject.org/pipermail/scm-commits/2013-January/934637.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2013-09/msg00025.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2013-09/msg00032.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/52024", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/54839", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2013/dsa-2631", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2013:129", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/57646", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID-2012_1.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.2/changesets/SQUID-2012_1.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-1713-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=887962#c9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=895972", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0029", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-11-26 17:15
Modified
2024-11-21 04:33
Severity ?
Summary
An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.04 | |
| canonical | ubuntu_linux | 19.10 | |
| debian | debian_linux | 8.0 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "466DF174-7C87-4D0E-B10D-F3F88014D9F5", versionEndIncluding: "2.7", versionStartIncluding: "2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "FC9F2659-B37B-4E7B-AE40-B91BF3CE4E88", versionEndIncluding: "3.5.28", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "A278895E-7005-4F4B-8649-A013F60E33D4", versionEndIncluding: "4.8", versionStartIncluding: "4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable2:*:*:*:*:*:*", matchCriteriaId: "EFBB466C-C679-4B4B-87C2-E7853E5B3F04", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable3:*:*:*:*:*:*", matchCriteriaId: "A03692DD-779F-4E3C-861C-29943870A816", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable4:*:*:*:*:*:*", matchCriteriaId: "79FF6B3C-A3CE-4AA2-80F9-44D05A6B2F08", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable5:*:*:*:*:*:*", matchCriteriaId: "3CF6E367-D33B-4B60-8C40-4618C47D53E8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable6:*:*:*:*:*:*", matchCriteriaId: "0FA1F4FE-629C-4489-A13C-017A824C840F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable7:*:*:*:*:*:*", matchCriteriaId: "2479C5BF-94E1-4153-9FA3-333BC00F01D6", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable8:*:*:*:*:*:*", matchCriteriaId: "8ABFCCCC-7584-466E-97CC-6EBD3934A70E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable9:*:*:*:*:*:*", matchCriteriaId: "F17E49BF-FB11-4EE6-B6AC-30914F381B2F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", matchCriteriaId: "CD783B0C-9246-47D9-A937-6144FE8BFF0F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks.", }, { lang: "es", value: "Se descubrió un problema en Squid versiones 2.x, 3.x y versiones 4.x hasta 4.8. Debido a una gestión de datos incorrecta, es vulnerable a una divulgación de información cuando se procesa HTTP Digest Authentication. Los tokens Nonce contienen el valor de byte sin procesar de un puntero que se encuentra dentro de la asignación de memoria heap. Esta información reduce las protecciones de ASLR y puede ayudar a atacantes a aislar áreas de memoria para apuntar ataques de ejecución de código remota.", }, ], id: "CVE-2019-18679", lastModified: "2024-11-21T04:33:31.133", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-11-26T17:15:13.047", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2019_11.txt", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1156324", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/pull/491", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html", }, { source: "cve@mitre.org", url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/202003-34", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4213-1/", }, { source: "cve@mitre.org", url: "https://www.debian.org/security/2020/dsa-4682", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2019_11.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1156324", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/pull/491", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202003-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4213-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.debian.org/security/2020/dsa-4682", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-28 15:15
Modified
2025-01-03 12:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the default build configuration of Squid version 6.10.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "269E064C-AAF8-4A48-BBAB-76A37C1A0684", versionEndExcluding: "6.10", versionStartIncluding: "3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the default build configuration of Squid version 6.10.", }, { lang: "es", value: "Squid es un proxy de almacenamiento en caché de código abierto para la Web compatible con HTTP, HTTPS, FTP y más. Debido a errores de validación de entrada, liberación prematura de recursos durante el tiempo de vida útil esperado y falta de liberación de recursos después del tiempo de vida útil efectivo, Squid es vulnerable a ataques de denegación de servicio por parte de un servidor confiable contra todos los clientes que utilicen el proxy. Este error se corrigió en la configuración de compilación predeterminada de la versión 6.10 de Squid.", }, ], id: "CVE-2024-45802", lastModified: "2025-01-03T12:15:26.117", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-10-28T15:15:04.857", references: [ { source: "security-advisories@github.com", tags: [ "Mitigation", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-f975-v7qw-q7hj", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20250103-0004/", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-01-27 17:59
Modified
2024-11-21 02:43
Severity ?
Summary
Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/12/18/1 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/94953 | Broken Link, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1037512 | Broken Link, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.squid-cache.org/Advisories/SQUID-2016_10.txt | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/12/18/1 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94953 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037512 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.squid-cache.org/Advisories/SQUID-2016_10.txt | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "9AE6398D-3000-4C1B-8BB3-37AE280BEDD2", versionEndExcluding: "3.5.23", versionStartIncluding: "3.5.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "32C73B3C-ECDF-450E-A039-9F09A18570E4", versionEndExcluding: "4.0.17", versionStartIncluding: "4.0.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients.", }, { lang: "es", value: "Comparación incorrecta del encabezado de HTTP Request en Squid HTTP Proxy 3.5.0.1 hasta la versión 3.5.22 y 4.0.1 hasta la versión 4.0.16 resulta en que la funcionalidad Collapsed Forwarding identifica de forma equivocada algunas respuestas privadas como adecuadas para la entrega a múltiples clientes.", }, ], id: "CVE-2016-10003", lastModified: "2024-11-21T02:43:04.500", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-01-27T17:59:00.180", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/12/18/1", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94953", }, { source: "cve@mitre.org", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1037512", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_10.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/12/18/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94953", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1037512", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_10.txt", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-697", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-08-09 22:55
Modified
2024-11-21 01:54
Severity ?
Summary
Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server termination) via a long name in a DNS lookup request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| opensuse | opensuse | 11.4 | |
| opensuse | opensuse | 12.2 | |
| opensuse | opensuse | 12.3 | |
| squid-cache | squid | 3.2.0.1 | |
| squid-cache | squid | 3.2.0.2 | |
| squid-cache | squid | 3.2.0.3 | |
| squid-cache | squid | 3.2.0.4 | |
| squid-cache | squid | 3.2.0.5 | |
| squid-cache | squid | 3.2.0.6 | |
| squid-cache | squid | 3.2.0.7 | |
| squid-cache | squid | 3.2.0.8 | |
| squid-cache | squid | 3.2.0.9 | |
| squid-cache | squid | 3.2.0.10 | |
| squid-cache | squid | 3.2.0.11 | |
| squid-cache | squid | 3.3.0 | |
| squid-cache | squid | 3.3.0.2 | |
| squid-cache | squid | 3.3.0.3 | |
| squid-cache | squid | 3.3.1 | |
| squid-cache | squid | 3.3.2 | |
| squid-cache | squid | 3.3.3 | |
| squid-cache | squid | 3.3.4 | |
| squid-cache | squid | 3.3.5 | |
| squid-cache | squid | 3.3.6 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", matchCriteriaId: "DE554781-1EB9-446E-911F-6C11970C47F4", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*", matchCriteriaId: "D806A17E-B8F9-466D-807D-3F1E77603DC8", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", matchCriteriaId: "DFBF430B-0832-44B0-AA0E-BA9E467F7668", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "6DFAB3BA-BBE9-4CFB-BE6B-BDF3E7772E7F", vulnerable: false, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "C9F523B8-463E-4FB0-ACB6-E36AAAF85CD9", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*", matchCriteriaId: "5BA593D9-907D-4051-A3F2-0F88F01A7C79", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "20D2B364-B98A-4484-A10A-86AF43774096", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*", matchCriteriaId: "0B7BF076-0D43-407A-86DC-D1163922A787", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*", matchCriteriaId: "AA576F49-A7F5-4013-89DF-F6C91C15B547", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*", matchCriteriaId: "5D3F52FE-FFB3-4221-8DC7-3F5680A07429", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*", matchCriteriaId: "604FEF42-ABA7-42C1-8A5F-C3AECFD68481", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*", matchCriteriaId: "DC2568C1-89CB-41C1-9126-A8665614D0B1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*", matchCriteriaId: "C18B5392-3FDB-49E6-89DB-7945D337FBFB", vulnerable: false, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*", matchCriteriaId: "BA9E0E7F-E93C-4DE9-8D91-5EE50BCFAC2A", vulnerable: false, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0:*:*:*:*:*:*:*", matchCriteriaId: "728DD64E-C267-475A-BEA8-C139581DD7A7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "4CE8F3F5-45A2-418A-9D8E-4E6DFC888BC6", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "7F4845D4-40D9-431E-A63C-E949B9D9F959", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.1:*:*:*:*:*:*:*", matchCriteriaId: "9EF070E6-0B73-4F6D-8932-B284697FCD2E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.2:*:*:*:*:*:*:*", matchCriteriaId: "6E07992B-92B4-4307-8DBD-085376C1D6DD", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.3:*:*:*:*:*:*:*", matchCriteriaId: "386550A3-A55B-4F24-9625-6A50260ADA72", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.4:*:*:*:*:*:*:*", matchCriteriaId: "810D1F9E-81E5-45F0-B62B-AB0A797FF8B0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.5:*:*:*:*:*:*:*", matchCriteriaId: "4673327A-1E50-47CC-AD83-6A3D2E687292", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.6:*:*:*:*:*:*:*", matchCriteriaId: "6624AF2D-9EF0-4597-B8B2-20D7A309EA6F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server termination) via a long name in a DNS lookup request.", }, { lang: "es", value: "Desbordamiento de búfer en la función idnsALookup en dns_internal.cc en Squid v3.2 hasta v3.2.11 y v3.3 hasta v3.3.6, lo que permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria o finalización de servicio) a través de un nombre largo en una petición “DNS lookup”.", }, ], id: "CVE-2013-4115", lastModified: "2024-11-21T01:54:54.763", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-08-09T22:55:03.747", references: [ { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2013-09/msg00024.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2013-09/msg00025.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2013-09/msg00030.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2013-09/msg00032.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2013-09/msg00033.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/54076", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/54834", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/54839", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2013/07/11/8", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/61111", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2013_2.txt", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9200.patch", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10487.patch", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11823.patch", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12587.patch", }, { source: "secalert@redhat.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/85564", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2013-09/msg00024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2013-09/msg00025.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2013-09/msg00030.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2013-09/msg00032.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://lists.opensuse.org/opensuse-updates/2013-09/msg00033.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/54076", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/54834", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/54839", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2013/07/11/8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/61111", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2013_2.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9200.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10487.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11823.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12587.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/85564", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-07-11 19:15
Modified
2024-11-21 04:23
Severity ?
Summary
An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checking its table. The length is then used to start decoding the string. There are no checks to ensure that the length it calculates isn't greater than the input buffer. This leads to adjacent memory being decoded as well. An attacker would not be able to retrieve the decoded data unless the Squid maintainer had configured the display of usernames on error pages.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 29 | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 15.1 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.04 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "2E2C5F7C-FADE-4A8C-8A7D-7597874B6C9A", versionEndExcluding: "2.7", versionStartIncluding: "2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "FC9F2659-B37B-4E7B-AE40-B91BF3CE4E88", versionEndIncluding: "3.5.28", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "61861774-A71F-48CB-B6B2-0489C57E4E66", versionEndIncluding: "4.7", versionStartIncluding: "4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable1:*:*:*:*:*:*", matchCriteriaId: "01930746-6E15-445F-BD30-C4E83FA9AE25", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable2:*:*:*:*:*:*", matchCriteriaId: "EFBB466C-C679-4B4B-87C2-E7853E5B3F04", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable3:*:*:*:*:*:*", matchCriteriaId: "A03692DD-779F-4E3C-861C-29943870A816", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable4:*:*:*:*:*:*", matchCriteriaId: "79FF6B3C-A3CE-4AA2-80F9-44D05A6B2F08", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable5:*:*:*:*:*:*", matchCriteriaId: "3CF6E367-D33B-4B60-8C40-4618C47D53E8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable6:*:*:*:*:*:*", matchCriteriaId: "0FA1F4FE-629C-4489-A13C-017A824C840F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable7:*:*:*:*:*:*", matchCriteriaId: "2479C5BF-94E1-4153-9FA3-333BC00F01D6", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable8:*:*:*:*:*:*", matchCriteriaId: "8ABFCCCC-7584-466E-97CC-6EBD3934A70E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable9:*:*:*:*:*:*", matchCriteriaId: "F17E49BF-FB11-4EE6-B6AC-30914F381B2F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", matchCriteriaId: "D100F7CE-FC64-4CC6-852A-6136D72DA419", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", matchCriteriaId: "F1E78106-58E6-4D59-990F-75DA575BFAD9", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", matchCriteriaId: "CB66DB75-2B16-4EBF-9B93-CE49D8086E41", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", matchCriteriaId: "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", matchCriteriaId: "CD783B0C-9246-47D9-A937-6144FE8BFF0F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checking its table. The length is then used to start decoding the string. There are no checks to ensure that the length it calculates isn't greater than the input buffer. This leads to adjacent memory being decoded as well. An attacker would not be able to retrieve the decoded data unless the Squid maintainer had configured the display of usernames on error pages.", }, { lang: "es", value: "Se detectó un problema en Squid versiones 2.x hasta 2.7.STABLE9, versiones 3.x hasta 3.5.28 y versiones 4.x hasta 4.7. Cuando Squid se configura para utilizar la autenticación básica, el encabezado Proxy-Authorization se analiza por medio de uudecode. uudecode determina cuántos bytes se descodificarán mediante la iteración sobre la entrada y comprobando su tabla. A continuación, la longitud se utiliza para empezar a decodificar la cadena. No hay comprobaciones para asegurarse de que la longitud que calcula no es mayor que el búfer de entrada. Esto conlleva a que la memoria adyacente esta siendo decodificada también. Un atacante no podría recuperar los datos descodificados a menos que el mantenedor de Squid haya configurado la visualización de nombres de usuario en las páginas de error.", }, ], id: "CVE-2019-12529", lastModified: "2024-11-21T04:23:02.987", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-07-11T19:15:13.157", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-dd46b5417809647f561d8a5e0e74c3aacd235258.patch", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/commits/v4", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00018.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Aug/42", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4065-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4065-2/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4507", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-dd46b5417809647f561d8a5e0e74c3aacd235258.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/commits/v4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00018.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://seclists.org/bugtraq/2019/Aug/42", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4065-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4065-2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2019/dsa-4507", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-09 22:15
Modified
2024-11-21 05:59
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "08C691FC-146C-47D0-8FAD-FA7C5A8A2800", versionEndIncluding: "4.14", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "ABD26F61-9933-44D9-9F99-5A4702D90A56", versionEndIncluding: "5.0.5", versionStartIncluding: "5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody.", }, { lang: "es", value: "Squid versiones hasta 4.14 y 5.xa 5.0.5, en algunas configuraciones, permite la divulgación de información debido a una lectura fuera de límites en los datos del protocolo WCCP. Esto puede ser aprovechado como parte de una cadena para la ejecución remota de código como nobody", }, ], id: "CVE-2021-28116", lastModified: "2024-11-21T05:59:06.753", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 1.4, source: "cve@mitre.org", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-09T22:15:12.880", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/10/04/1", }, { source: "cve@mitre.org", tags: [ "Product", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-rgf3-9v3p-qp82", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202105-14", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5171", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-157/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/10/04/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-rgf3-9v3p-qp82", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202105-14", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5171", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-157/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-04-28 10:06
Modified
2024-11-21 01:38
Severity ?
Summary
Squid 3.1.9 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher is unable to provide a squid.conf file for a vulnerable system, and the observed behavior is consistent with a squid.conf file that was (perhaps inadvertently) designed to allow access based on a "req_header Host" acl regex that matches www.uol.com.br
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | 3.1.9 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:3.1.9:*:*:*:*:*:*:*", matchCriteriaId: "41914354-D5BE-4B1F-BED3-0ECA43586537", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [ { sourceIdentifier: "cve@mitre.org", tags: [ "disputed", ], }, ], descriptions: [ { lang: "en", value: "Squid 3.1.9 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher is unable to provide a squid.conf file for a vulnerable system, and the observed behavior is consistent with a squid.conf file that was (perhaps inadvertently) designed to allow access based on a \"req_header Host\" acl regex that matches www.uol.com.br", }, { lang: "es", value: "** EN DISPUTA ** Squid v3.1.9 permite a atacantes remotos evitar la configuración de acceso para el método CONNECT, proporcionando un nombre de host arbitrario en la cabecera 'host HTTP'. NOTA: este problema no puede ser reproducible, porque el investigador es incapaz de proporcionar un archivo squid.conf de un sistema vulnerable, y el comportamiento observado es consistente con un archivo squid.conf que fue (tal vez sin darse cuenta), diseñado para permitir el acceso basado en una expresión regular de ACL \"host req_header\" que coincide con www.uol.com.br.", }, ], id: "CVE-2012-2213", lastModified: "2024-11-21T01:38:43.070", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2012-04-28T10:06:13.273", references: [ { source: "cve@mitre.org", url: "http://archives.neohapsis.com/archives/bugtraq/2012-04/0117.html", }, { source: "cve@mitre.org", url: "http://archives.neohapsis.com/archives/bugtraq/2012-04/0131.html", }, { source: "cve@mitre.org", url: "http://archives.neohapsis.com/archives/bugtraq/2012-04/0140.html", }, { source: "cve@mitre.org", url: "http://archives.neohapsis.com/archives/bugtraq/2012-04/0146.html", }, { source: "cve@mitre.org", url: "http://archives.neohapsis.com/archives/bugtraq/2012-04/0163.html", }, { source: "cve@mitre.org", url: "http://archives.neohapsis.com/archives/bugtraq/2012-04/0165.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/bugtraq/2012-04/0117.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/bugtraq/2012-04/0131.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/bugtraq/2012-04/0140.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/bugtraq/2012-04/0146.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/bugtraq/2012-04/0163.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/bugtraq/2012-04/0165.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-12-25 19:15
Modified
2024-11-21 07:23
Severity ?
Summary
An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "12D3C02F-A954-4850-BF8E-B1C57531AD1E", versionEndIncluding: "4.17", versionStartIncluding: "4.9", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "0AA329B0-3111-4416-A9F0-32ED782323ED", versionEndExcluding: "5.7", versionStartIncluding: "5.0.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7.", }, { lang: "es", value: "Se descubrió un problema en Squid 4.9 a 4.17 y 5.0.6 a 5.6. Debido al manejo inconsistente de los URI internos, puede haber exposición de información confidencial sobre los clientes que usan el proxy a través de una solicitud HTTPS a una URL del administrador de caché interno. Esto se solucionó en 5.7.", }, ], id: "CVE-2022-41317", lastModified: "2024-11-21T07:23:02.073", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-12-25T19:15:10.767", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_1.patch", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_1.patch", }, { source: "cve@mitre.org", tags: [ "Mitigation", "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-rcg9-7fqm-83mq", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Mitigation", "Patch", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2022/09/23/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_1.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_1.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-rcg9-7fqm-83mq", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Mitigation", "Patch", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2022/09/23/1", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-697", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-05-27 13:15
Modified
2024-11-21 06:06
Severity ?
Summary
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 | |
| netapp | cloud_manager | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "32AC0EE8-444B-447A-98E9-C22F82A6203C", versionEndExcluding: "4.15", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "68801A75-0B13-444A-B88F-8BDD4EE953D3", versionEndExcluding: "5.0.6", versionStartIncluding: "5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "197D0D80-6702-4B61-B681-AFDBA7D69067", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing.", }, { lang: "es", value: "Se detectó un problema en Squid versiones anteriores a 4.15 y versiones 5.x anteriores a 5.0.6. Debido a un bug de administración de la memoria, es vulnerable a un ataque de Denegación de Servicio (contra todos los clientes que usan el proxy) por medio del procesamiento de peticiones HTTP Range", }, ], id: "CVE-2021-31806", lastModified: "2024-11-21T06:06:15.823", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-05-27T13:15:08.270", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2023/Oct/14", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/10/11/3", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210716-0007/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4924", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2023/Oct/14", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/10/11/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210716-0007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4924", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-116", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-11-26 15:59
Modified
2024-11-21 02:16
Severity ?
Summary
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*", matchCriteriaId: "0B1C288F-326B-497B-B26C-D26E01262DDB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", matchCriteriaId: "49A63F39-30BE-443F-AF10-6245587D3359", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "CE26BEC0-B9C7-43F0-B0FB-E81870170B29", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "D0778579-A193-4C61-BB1A-6D2E733F3958", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "9ED5DC63-6E9D-4068-95DF-AF8FD9A0A7ED", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.4:*:*:*:*:*:*:*", matchCriteriaId: "8DE890F9-12C0-4D66-B6C1-6A5A87FAD5F0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.5:*:*:*:*:*:*:*", matchCriteriaId: "FB414FE3-3567-474B-B5A7-D3EF5DD63AB8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "AF450F17-12A2-4E33-875A-5F3C2CA4A5C1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.6:*:*:*:*:*:*:*", matchCriteriaId: "E3AB229E-2C32-410B-BFE2-62DCA734C3F3", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "78A6D6B0-9BC0-418E-84EE-23697A0FEC19", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.8:*:*:*:*:*:*:*", matchCriteriaId: "5BF7AFE1-A45A-43B7-B3C7-45C060D046BC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.9:*:*:*:*:*:*:*", matchCriteriaId: "41914354-D5BE-4B1F-BED3-0ECA43586537", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.10:*:*:*:*:*:*:*", matchCriteriaId: "AE9A3716-8670-4847-A6EB-F601184D369E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.11:*:*:*:*:*:*:*", matchCriteriaId: "D0E88EE3-EC00-4F1F-BAEF-4F1F893C5C5F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.12:*:*:*:*:*:*:*", matchCriteriaId: "A330DFA8-BF79-45CC-BF88-6CEA26D7BC9E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.13:*:*:*:*:*:*:*", matchCriteriaId: "679A55F8-34B4-435A-8BCE-8F842F3FB269", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.14:*:*:*:*:*:*:*", matchCriteriaId: "898674F9-6BF7-469F-A74E-558EAFC2CD27", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.15:*:*:*:*:*:*:*", matchCriteriaId: "3F50E718-1CF2-4C8F-A1EA-5F769B203B8A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.16:*:*:*:*:*:*:*", matchCriteriaId: "290D66F4-D27F-4E86-AC95-05082F3C2E36", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.17:*:*:*:*:*:*:*", matchCriteriaId: "A8CD6A42-2C79-48EB-8F6C-0A7CE0C6AAAA", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.18:*:*:*:*:*:*:*", matchCriteriaId: "ABBA9A61-2B05-4527-A49D-425AD5FD863B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.19:*:*:*:*:*:*:*", matchCriteriaId: "E893D7A8-9C39-438C-8EF2-9573EEDC884A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.20:*:*:*:*:*:*:*", matchCriteriaId: "0B707451-BF0E-4F79-A348-B1141ABA6EF8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.21:*:*:*:*:*:*:*", matchCriteriaId: "810AAA9D-F4B2-4F0A-89DD-2D9378516481", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.22:*:*:*:*:*:*:*", matchCriteriaId: "516F3F77-3AEA-489D-A36F-C502B4D9BF01", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "6DFAB3BA-BBE9-4CFB-BE6B-BDF3E7772E7F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "C9F523B8-463E-4FB0-ACB6-E36AAAF85CD9", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*", matchCriteriaId: "5BA593D9-907D-4051-A3F2-0F88F01A7C79", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "20D2B364-B98A-4484-A10A-86AF43774096", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*", matchCriteriaId: "0B7BF076-0D43-407A-86DC-D1163922A787", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*", matchCriteriaId: "AA576F49-A7F5-4013-89DF-F6C91C15B547", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*", matchCriteriaId: "5D3F52FE-FFB3-4221-8DC7-3F5680A07429", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*", matchCriteriaId: "604FEF42-ABA7-42C1-8A5F-C3AECFD68481", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*", matchCriteriaId: "DC2568C1-89CB-41C1-9126-A8665614D0B1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*", matchCriteriaId: "C18B5392-3FDB-49E6-89DB-7945D337FBFB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*", matchCriteriaId: "BA9E0E7F-E93C-4DE9-8D91-5EE50BCFAC2A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.12:*:*:*:*:*:*:*", matchCriteriaId: "0BFF9D8B-343B-415D-8AF8-B07AF94CC48B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.13:*:*:*:*:*:*:*", matchCriteriaId: "16F5794B-BBFB-4B12-9A0B-88A0334681C7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.14:*:*:*:*:*:*:*", matchCriteriaId: "17D0083E-8D50-4DC6-979F-685D5CB588AF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.15:*:*:*:*:*:*:*", matchCriteriaId: "138FAD73-1D25-4F46-B9EA-599FF0EDA1AA", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.16:*:*:*:*:*:*:*", matchCriteriaId: "2CE34DC1-F654-474E-B6A3-D81B9BF4D6CF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.17:*:*:*:*:*:*:*", matchCriteriaId: "8A4BF7AC-7D9F-40D8-A5AA-BE1EBF37CF96", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.18:*:*:*:*:*:*:*", matchCriteriaId: "643E8B9B-C3F4-4171-BF67-D9359BDCE5CB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.19:*:*:*:*:*:*:*", matchCriteriaId: "A73CBC60-1EF1-4730-9350-EB51F269695B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.1:*:*:*:*:*:*:*", matchCriteriaId: "2721E403-A553-492F-897F-1CD1E2685139", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.2:*:*:*:*:*:*:*", matchCriteriaId: "85B091C4-8104-4A1E-A09D-EBCD114DC829", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.3:*:*:*:*:*:*:*", matchCriteriaId: "FA2EDF9C-45AD-4980-8DEF-C7F473B22CAF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.4:*:*:*:*:*:*:*", matchCriteriaId: "BE4B8448-49FA-491C-A6A2-040233D670B1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.5:*:*:*:*:*:*:*", matchCriteriaId: "11480BB1-874C-48EB-BB03-081313310608", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.6:*:*:*:*:*:*:*", matchCriteriaId: "1B739890-99E8-434C-97D4-3739E6C31838", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.7:*:*:*:*:*:*:*", matchCriteriaId: "0C7B1871-3C85-4B88-AB42-E60BF5CDFB04", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0A71DCD2-0E54-46A7-8309-CDB0736AD5C1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.9:*:*:*:*:*:*:*", matchCriteriaId: "CD54BDDF-F7A8-4715-BA0E-4E7F741492FE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.10:*:*:*:*:*:*:*", matchCriteriaId: "9A2B9699-6622-4883-BA03-E3374C54871A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.11:*:*:*:*:*:*:*", matchCriteriaId: "78391DAF-2096-4DC4-80E4-D4D2859DCA32", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.12:*:*:*:*:*:*:*", matchCriteriaId: "9B062A06-31C1-4B23-B7BD-9F751ABD6A37", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0:*:*:*:*:*:*:*", matchCriteriaId: "728DD64E-C267-475A-BEA8-C139581DD7A7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A7A83183-74B1-4041-A961-D9F382AAC7E5", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "4CE8F3F5-45A2-418A-9D8E-4E6DFC888BC6", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "7F4845D4-40D9-431E-A63C-E949B9D9F959", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.1:*:*:*:*:*:*:*", matchCriteriaId: "9EF070E6-0B73-4F6D-8932-B284697FCD2E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.2:*:*:*:*:*:*:*", matchCriteriaId: "6E07992B-92B4-4307-8DBD-085376C1D6DD", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.3:*:*:*:*:*:*:*", matchCriteriaId: "386550A3-A55B-4F24-9625-6A50260ADA72", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.4:*:*:*:*:*:*:*", matchCriteriaId: "810D1F9E-81E5-45F0-B62B-AB0A797FF8B0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.5:*:*:*:*:*:*:*", matchCriteriaId: "4673327A-1E50-47CC-AD83-6A3D2E687292", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.6:*:*:*:*:*:*:*", matchCriteriaId: "6624AF2D-9EF0-4597-B8B2-20D7A309EA6F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.7:*:*:*:*:*:*:*", matchCriteriaId: "E9F75D13-ED59-42A9-A662-AC77DBA20903", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.8:*:*:*:*:*:*:*", matchCriteriaId: "1D2DEDED-818C-42E4-821C-954CE7406DA8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.9:*:*:*:*:*:*:*", matchCriteriaId: "EEED0A2E-AA5D-4835-A7C6-499325A0EB32", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.10:*:*:*:*:*:*:*", matchCriteriaId: "BEDD0AF5-8252-4548-941B-26581393E918", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.11:*:*:*:*:*:*:*", matchCriteriaId: "3E939AD4-B8F3-4BC0-9948-3C92B88D2593", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.12:*:*:*:*:*:*:*", matchCriteriaId: "73CAD438-969B-4D2E-8A2F-9264AFAD9DE2", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "1DD85E57-9A51-42DF-8BF7-E5701BAA64AE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.2:*:*:*:*:*:*:*", matchCriteriaId: "E983C5C3-C93C-4750-8DC5-31D6206335A8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DEC8D212-6E8B-45F7-B7FB-9FFA64C1DB8F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.1:*:*:*:*:*:*:*", matchCriteriaId: "F03B2A6E-1D63-42F2-BB31-18EC120B6543", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.2:*:*:*:*:*:*:*", matchCriteriaId: "3BC83C4B-7C06-40D7-9EF6-76E752E5724B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.3:*:*:*:*:*:*:*", matchCriteriaId: "5C1E1CC9-81A7-47D5-87AC-86703E257D29", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.4:*:*:*:*:*:*:*", matchCriteriaId: "D716D8C4-2089-4E61-9487-B2085B74B5BF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.5:*:*:*:*:*:*:*", matchCriteriaId: "5332A8F5-8F97-465B-AF24-2FEF0B055006", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.6:*:*:*:*:*:*:*", matchCriteriaId: "6567D19B-DF18-4C52-984A-591524A83AD5", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.7:*:*:*:*:*:*:*", matchCriteriaId: "06832CD3-C761-4941-AFAB-822477C568F6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.", }, { lang: "es", value: "El módulo pinger en Squid 3.x anterior a 3.4.8 permite a atacantes remotos obtener información sensible o causar una denegación de servicio (caída) a través de un tamaño de paquete (1) ICMP o (2) ICMP6 manipulado.", }, ], id: "CVE-2014-7142", lastModified: "2024-11-21T02:16:24.693", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-11-26T15:59:04.950", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://seclists.org/oss-sec/2014/q3/539", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://seclists.org/oss-sec/2014/q3/613", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://seclists.org/oss-sec/2014/q3/626", }, { source: "cve@mitre.org", tags: [ "Permissions Required", "Third Party Advisory", ], url: "http://secunia.com/advisories/60242", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://ubuntu.com/usn/usn-2422-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/70022", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2014_4.txt", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.novell.com/show_bug.cgi?id=891268", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://seclists.org/oss-sec/2014/q3/539", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://seclists.org/oss-sec/2014/q3/613", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://seclists.org/oss-sec/2014/q3/626", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "Third Party Advisory", ], url: "http://secunia.com/advisories/60242", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://ubuntu.com/usn/usn-2422-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/70022", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2014_4.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.novell.com/show_bug.cgi?id=891268", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-04-25 14:59
Modified
2024-11-21 02:51
Severity ?
Summary
Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", matchCriteriaId: "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", matchCriteriaId: "E88A537F-F4D0-46B9-9E37-965233C2A355", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*", matchCriteriaId: "CC7A498A-A669-4C42-8134-86103C799D13", vulnerable: true, }, { criteria: "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", matchCriteriaId: "104DA87B-DEE4-4262-AE50-8E6BC43B228B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:2.0:*:*:*:*:*:*:*", matchCriteriaId: "B7EB3DBC-313E-4F55-90F3-BED0918A4EFE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.1:*:*:*:*:*:*:*", matchCriteriaId: "C3DCC264-510E-43D1-9C13-99CEA54C7940", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.2:*:*:*:*:*:*:*", matchCriteriaId: "ED31C038-4142-4C2C-B540-9223C5C199FB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.3:*:*:*:*:*:*:*", matchCriteriaId: "177060A9-6211-4B6D-96BE-48B4BD1FAFEE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.4:*:*:*:*:*:*:*", matchCriteriaId: "A7E210DD-8EE6-4182-A78E-F791FCFDEFCF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.5:*:*:*:*:*:*:*", matchCriteriaId: "50327E36-756E-434D-804D-1E44A4ABAE1F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.6:*:*:*:*:*:*:*", matchCriteriaId: "3AE100C3-0245-4305-B514-77D0572C2947", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:*:*:*:*:*:*:*", matchCriteriaId: "35C30CB9-FA3A-408D-A8B0-8805E75657BE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:*:*:*:*:*:*", matchCriteriaId: "62B9F669-6217-498A-902E-22EDEEFC565E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1:*:*:*:*:*:*:*", matchCriteriaId: "6A8586AD-E820-4BAE-AAF9-AC7EF2316C06", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "802E3D2B-90B7-4725-854F-4174116BC314", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "7501697A-BCFD-4DC3-8D87-CC9A186D9589", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "0D6C4455-85F4-462D-9FF6-F830ED7D398E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "B600BF4C-8169-4086-BFE6-F066BE5F5406", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "46272D1B-1468-48C0-B37A-7D06FAC39C47", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.6:*:*:*:*:*:*:*", matchCriteriaId: "DA782B4B-486F-4197-BD5D-ABF791D57211", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.7:*:*:*:*:*:*:*", matchCriteriaId: "558D8641-E097-4D91-9B6E-07433844BB82", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.8:*:*:*:*:*:*:*", matchCriteriaId: "0B46F5F1-38FC-4E25-8F04-CA2730561DF8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.9:*:*:*:*:*:*:*", matchCriteriaId: "C69B0A4D-9619-4BEA-A846-C4438C2660F2", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.10:*:*:*:*:*:*:*", matchCriteriaId: "ED17FE35-6B2C-41BF-A7C7-2EECBDB5A934", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.11:*:*:*:*:*:*:*", matchCriteriaId: "78A50750-3A31-482C-B95C-019C8934850E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.12:*:*:*:*:*:*:*", matchCriteriaId: "8FF6AC30-9570-4D4B-835E-CCADEB546F46", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.13:*:*:*:*:*:*:*", matchCriteriaId: "7FB84E4E-6A0A-41C8-9DDF-3C18F526F155", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.14:*:*:*:*:*:*:*", matchCriteriaId: "2E49E5C3-D01F-4DBC-B33A-5495D3EC44F8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.15:*:*:*:*:*:*:*", matchCriteriaId: "79C53B22-9F33-43E7-8D1F-EEB0DEF4B503", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.16:*:*:*:*:*:*:*", matchCriteriaId: "25B60DB2-F50C-42F0-B6C9-B25C34B8F578", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.17:*:*:*:*:*:*:*", matchCriteriaId: "DE973F9E-8387-464F-AFA0-25215B340173", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.18:*:*:*:*:*:*:*", matchCriteriaId: "03D3F0E3-0C50-4A86-87F4-90FC82B312F5", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "CE26BEC0-B9C7-43F0-B0FB-E81870170B29", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "D0778579-A193-4C61-BB1A-6D2E733F3958", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "9ED5DC63-6E9D-4068-95DF-AF8FD9A0A7ED", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.4:*:*:*:*:*:*:*", matchCriteriaId: "8DE890F9-12C0-4D66-B6C1-6A5A87FAD5F0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.5:*:*:*:*:*:*:*", matchCriteriaId: "FB414FE3-3567-474B-B5A7-D3EF5DD63AB8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "AF450F17-12A2-4E33-875A-5F3C2CA4A5C1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.6:*:*:*:*:*:*:*", matchCriteriaId: "E3AB229E-2C32-410B-BFE2-62DCA734C3F3", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "78A6D6B0-9BC0-418E-84EE-23697A0FEC19", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.8:*:*:*:*:*:*:*", matchCriteriaId: "5BF7AFE1-A45A-43B7-B3C7-45C060D046BC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.9:*:*:*:*:*:*:*", matchCriteriaId: "41914354-D5BE-4B1F-BED3-0ECA43586537", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.10:*:*:*:*:*:*:*", matchCriteriaId: "AE9A3716-8670-4847-A6EB-F601184D369E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.11:*:*:*:*:*:*:*", matchCriteriaId: "D0E88EE3-EC00-4F1F-BAEF-4F1F893C5C5F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.12:*:*:*:*:*:*:*", matchCriteriaId: "A330DFA8-BF79-45CC-BF88-6CEA26D7BC9E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.12.1:*:*:*:*:*:*:*", matchCriteriaId: "0B218819-0975-4E1F-8F6C-D666655937B0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.12.2:*:*:*:*:*:*:*", matchCriteriaId: "594A05FF-E5D2-4132-BF03-44D6866D8133", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.12.3:*:*:*:*:*:*:*", matchCriteriaId: "3B22C192-02F2-4AD4-A305-BADCC09E8075", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.13:*:*:*:*:*:*:*", matchCriteriaId: "679A55F8-34B4-435A-8BCE-8F842F3FB269", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.14:*:*:*:*:*:*:*", matchCriteriaId: "898674F9-6BF7-469F-A74E-558EAFC2CD27", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.15:*:*:*:*:*:*:*", matchCriteriaId: "3F50E718-1CF2-4C8F-A1EA-5F769B203B8A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.16:*:*:*:*:*:*:*", matchCriteriaId: "290D66F4-D27F-4E86-AC95-05082F3C2E36", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.17:*:*:*:*:*:*:*", matchCriteriaId: "A8CD6A42-2C79-48EB-8F6C-0A7CE0C6AAAA", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.18:*:*:*:*:*:*:*", matchCriteriaId: "ABBA9A61-2B05-4527-A49D-425AD5FD863B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.19:*:*:*:*:*:*:*", matchCriteriaId: "E893D7A8-9C39-438C-8EF2-9573EEDC884A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.20:*:*:*:*:*:*:*", matchCriteriaId: "0B707451-BF0E-4F79-A348-B1141ABA6EF8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.21:*:*:*:*:*:*:*", matchCriteriaId: "810AAA9D-F4B2-4F0A-89DD-2D9378516481", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.22:*:*:*:*:*:*:*", matchCriteriaId: "516F3F77-3AEA-489D-A36F-C502B4D9BF01", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "6DFAB3BA-BBE9-4CFB-BE6B-BDF3E7772E7F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "C9F523B8-463E-4FB0-ACB6-E36AAAF85CD9", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*", matchCriteriaId: "5BA593D9-907D-4051-A3F2-0F88F01A7C79", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "20D2B364-B98A-4484-A10A-86AF43774096", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*", matchCriteriaId: "0B7BF076-0D43-407A-86DC-D1163922A787", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*", matchCriteriaId: "AA576F49-A7F5-4013-89DF-F6C91C15B547", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*", matchCriteriaId: "5D3F52FE-FFB3-4221-8DC7-3F5680A07429", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*", matchCriteriaId: "604FEF42-ABA7-42C1-8A5F-C3AECFD68481", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*", matchCriteriaId: "DC2568C1-89CB-41C1-9126-A8665614D0B1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*", matchCriteriaId: "C18B5392-3FDB-49E6-89DB-7945D337FBFB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*", matchCriteriaId: "BA9E0E7F-E93C-4DE9-8D91-5EE50BCFAC2A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.12:*:*:*:*:*:*:*", matchCriteriaId: "0BFF9D8B-343B-415D-8AF8-B07AF94CC48B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.13:*:*:*:*:*:*:*", matchCriteriaId: "16F5794B-BBFB-4B12-9A0B-88A0334681C7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.14:*:*:*:*:*:*:*", matchCriteriaId: "17D0083E-8D50-4DC6-979F-685D5CB588AF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.15:*:*:*:*:*:*:*", matchCriteriaId: "138FAD73-1D25-4F46-B9EA-599FF0EDA1AA", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.16:*:*:*:*:*:*:*", matchCriteriaId: "2CE34DC1-F654-474E-B6A3-D81B9BF4D6CF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.17:*:*:*:*:*:*:*", matchCriteriaId: "8A4BF7AC-7D9F-40D8-A5AA-BE1EBF37CF96", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.18:*:*:*:*:*:*:*", matchCriteriaId: "643E8B9B-C3F4-4171-BF67-D9359BDCE5CB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.19:*:*:*:*:*:*:*", matchCriteriaId: "A73CBC60-1EF1-4730-9350-EB51F269695B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.1:*:*:*:*:*:*:*", matchCriteriaId: "2721E403-A553-492F-897F-1CD1E2685139", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.2:*:*:*:*:*:*:*", matchCriteriaId: "85B091C4-8104-4A1E-A09D-EBCD114DC829", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.3:*:*:*:*:*:*:*", matchCriteriaId: "FA2EDF9C-45AD-4980-8DEF-C7F473B22CAF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.4:*:*:*:*:*:*:*", matchCriteriaId: "BE4B8448-49FA-491C-A6A2-040233D670B1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.5:*:*:*:*:*:*:*", matchCriteriaId: "11480BB1-874C-48EB-BB03-081313310608", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.6:*:*:*:*:*:*:*", matchCriteriaId: "1B739890-99E8-434C-97D4-3739E6C31838", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.7:*:*:*:*:*:*:*", matchCriteriaId: "0C7B1871-3C85-4B88-AB42-E60BF5CDFB04", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0A71DCD2-0E54-46A7-8309-CDB0736AD5C1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.9:*:*:*:*:*:*:*", matchCriteriaId: "CD54BDDF-F7A8-4715-BA0E-4E7F741492FE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.10:*:*:*:*:*:*:*", matchCriteriaId: "9A2B9699-6622-4883-BA03-E3374C54871A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.11:*:*:*:*:*:*:*", matchCriteriaId: "78391DAF-2096-4DC4-80E4-D4D2859DCA32", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.12:*:*:*:*:*:*:*", matchCriteriaId: "9B062A06-31C1-4B23-B7BD-9F751ABD6A37", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.13:*:*:*:*:*:*:*", matchCriteriaId: "DE426934-A9E2-4019-99EA-5A76EA7CDF5C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0:*:*:*:*:*:*:*", matchCriteriaId: "728DD64E-C267-475A-BEA8-C139581DD7A7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A7A83183-74B1-4041-A961-D9F382AAC7E5", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "4CE8F3F5-45A2-418A-9D8E-4E6DFC888BC6", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "7F4845D4-40D9-431E-A63C-E949B9D9F959", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.1:*:*:*:*:*:*:*", matchCriteriaId: "9EF070E6-0B73-4F6D-8932-B284697FCD2E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.2:*:*:*:*:*:*:*", matchCriteriaId: "6E07992B-92B4-4307-8DBD-085376C1D6DD", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.3:*:*:*:*:*:*:*", matchCriteriaId: "386550A3-A55B-4F24-9625-6A50260ADA72", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.4:*:*:*:*:*:*:*", matchCriteriaId: "810D1F9E-81E5-45F0-B62B-AB0A797FF8B0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.5:*:*:*:*:*:*:*", matchCriteriaId: "4673327A-1E50-47CC-AD83-6A3D2E687292", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.6:*:*:*:*:*:*:*", matchCriteriaId: "6624AF2D-9EF0-4597-B8B2-20D7A309EA6F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.7:*:*:*:*:*:*:*", matchCriteriaId: "E9F75D13-ED59-42A9-A662-AC77DBA20903", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.8:*:*:*:*:*:*:*", matchCriteriaId: "1D2DEDED-818C-42E4-821C-954CE7406DA8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.9:*:*:*:*:*:*:*", matchCriteriaId: "EEED0A2E-AA5D-4835-A7C6-499325A0EB32", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.10:*:*:*:*:*:*:*", matchCriteriaId: "BEDD0AF5-8252-4548-941B-26581393E918", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.11:*:*:*:*:*:*:*", matchCriteriaId: "3E939AD4-B8F3-4BC0-9948-3C92B88D2593", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.12:*:*:*:*:*:*:*", matchCriteriaId: "73CAD438-969B-4D2E-8A2F-9264AFAD9DE2", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.13:*:*:*:*:*:*:*", matchCriteriaId: "87259A2E-E132-45BA-8AC4-8CC50B1F659A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.14:*:*:*:*:*:*:*", matchCriteriaId: "76245991-1D91-4475-87E1-FBB77A1B3CDF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "1DD85E57-9A51-42DF-8BF7-E5701BAA64AE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.2:*:*:*:*:*:*:*", matchCriteriaId: "E983C5C3-C93C-4750-8DC5-31D6206335A8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DEC8D212-6E8B-45F7-B7FB-9FFA64C1DB8F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.1:*:*:*:*:*:*:*", matchCriteriaId: "F03B2A6E-1D63-42F2-BB31-18EC120B6543", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.2:*:*:*:*:*:*:*", matchCriteriaId: "3BC83C4B-7C06-40D7-9EF6-76E752E5724B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.3:*:*:*:*:*:*:*", matchCriteriaId: "5C1E1CC9-81A7-47D5-87AC-86703E257D29", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.4:*:*:*:*:*:*:*", matchCriteriaId: "D716D8C4-2089-4E61-9487-B2085B74B5BF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.4.1:*:*:*:*:*:*:*", matchCriteriaId: "1BBC5AAD-34E1-48A5-972A-A09D66EFE825", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.4.2:*:*:*:*:*:*:*", matchCriteriaId: "79E26DC8-1030-4F3F-96B9-6BF159D86FCE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.8:*:*:*:*:*:*:*", matchCriteriaId: "40507A48-FD3B-4309-B017-A1644C5C3520", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.9:*:*:*:*:*:*:*", matchCriteriaId: "0211EBCA-144F-4BDD-8F0C-E5F7BDF96E7A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.10:*:*:*:*:*:*:*", matchCriteriaId: "7A52E699-6C08-4324-AD38-E8D40A02701F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.11:*:*:*:*:*:*:*", matchCriteriaId: "94C493CA-CBF0-4D15-8D1A-0E972E31F7A6", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.12:*:*:*:*:*:*:*", matchCriteriaId: "C398219E-503D-4DE5-85E8-5570536D6FB9", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.13:*:*:*:*:*:*:*", matchCriteriaId: "BBF91088-0BD3-48EB-8D19-C05F156D4A19", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.14:*:*:*:*:*:*:*", matchCriteriaId: "3441D193-DA62-4AC1-8E50-3AEEF8C659F3", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.1:*:*:*:*:*:*:*", matchCriteriaId: "E0868B12-EDF9-42D9-BB43-15F623A3310B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.2:*:*:*:*:*:*:*", matchCriteriaId: "F710949D-F0FE-43F4-ADB3-6EB679A70280", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DCB75144-2437-40A8-8CA3-A487B603F7DE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.4:*:*:*:*:*:*:*", matchCriteriaId: "6CED2CB3-BE78-4818-A6D7-847A1ACE74DC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.1:*:*:*:*:*:*:*", matchCriteriaId: "705D8320-A278-483A-AE47-802044CE685E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.2:*:*:*:*:*:*:*", matchCriteriaId: "715634E1-F7BE-4106-BDA7-B7D147EEA800", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.3:*:*:*:*:*:*:*", matchCriteriaId: "21E9E155-FC6F-46E7-8BF7-65DF097409D3", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.4:*:*:*:*:*:*:*", matchCriteriaId: "CF72FA7A-E35D-4000-9DDA-71E55EA3A4D4", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.5:*:*:*:*:*:*:*", matchCriteriaId: "26A3F10F-938E-44D6-845D-B66EF9812C21", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.6:*:*:*:*:*:*:*", matchCriteriaId: "B1D82EEE-F65E-4657-B0F7-6CE33D219134", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.7:*:*:*:*:*:*:*", matchCriteriaId: "C9E6A845-B67C-4112-8240-9F61D6AF3B0D", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.8:*:*:*:*:*:*:*", matchCriteriaId: "4BEDD7E3-E263-4A09-9C11-3E008E01BC28", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.9:*:*:*:*:*:*:*", matchCriteriaId: "80E3FF16-A6CD-456C-B58A-381A75D8616C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.10:*:*:*:*:*:*:*", matchCriteriaId: "87D02AB2-AA26-4416-B689-02C5EEF2099C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.11:*:*:*:*:*:*:*", matchCriteriaId: "A134E1F1-AFCC-498B-8840-5884CF858769", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.12:*:*:*:*:*:*:*", matchCriteriaId: "D5F4E7D0-B6F4-476E-A011-55619E91A3B0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.13:*:*:*:*:*:*:*", matchCriteriaId: "95588755-27E8-4DB7-B865-A784D3638FE8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.14:*:*:*:*:*:*:*", matchCriteriaId: "2CD4DDBC-4243-459A-B43D-FF8F0AE0BA3C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.15:*:*:*:*:*:*:*", matchCriteriaId: "0F90E11F-FC03-46D9-A9C4-A578196D59D8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.16:*:*:*:*:*:*:*", matchCriteriaId: "EDC9BEE2-D7E4-4192-963C-E9F2364FC8CE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "060FCBEA-DEAA-42FB-88C9-4B78136B172F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.2:*:*:*:*:*:*:*", matchCriteriaId: "74987102-8CA8-4120-B686-F18579A96A46", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DA7828AA-48B6-44CD-8507-345A4F0A25BC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.4:*:*:*:*:*:*:*", matchCriteriaId: "6640F25F-CC8B-4B05-A97A-2186BD0B5ED8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.5:*:*:*:*:*:*:*", matchCriteriaId: "A037F780-6FC9-4130-908F-B5434FA0C7DE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.6:*:*:*:*:*:*:*", matchCriteriaId: "1DDEB455-F082-44E4-8CEA-019C0084BF05", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.7:*:*:*:*:*:*:*", matchCriteriaId: "49555803-288E-4B0A-B12A-890E5E0AD05F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.8:*:*:*:*:*:*:*", matchCriteriaId: "EBEE374C-365E-49DE-A9F9-6083044C774D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data.", }, { lang: "es", value: "Desbordamiento de buffer en cachemgr.cgi en Squid 2.x, 3.x en versiones anteriores a 3.5.17 y 4.x en versiones anteriores a 4.0.9 podría permitir a atacantes remotos provocar una denegación de servicio o ejecutar código arbitrario sembrando informes manager con datos manipulados.", }, ], id: "CVE-2016-4051", lastModified: "2024-11-21T02:51:14.440", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-04-25T14:59:02.267", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2016/dsa-3625", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/04/20/6", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/04/20/9", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/86788", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/91787", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1035646", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_5.txt", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2995-1", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2016:1138", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2016:1139", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2016:1140", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/201607-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2016/dsa-3625", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/04/20/6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/04/20/9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/86788", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/91787", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1035646", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_5.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2995-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:1138", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:1139", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:1140", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/201607-01", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-02-27 05:59
Modified
2024-11-21 02:48
Severity ?
Summary
Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:*:*:*:*:*:*", matchCriteriaId: "62B9F669-6217-498A-902E-22EDEEFC565E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:-:pre1:*:*:*:*:*", matchCriteriaId: "ED54A2B3-6D36-4016-9BF1-83FAD500103F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:-:pre2:*:*:*:*:*", matchCriteriaId: "C4F368E3-88A6-463C-AA18-8FA1B9E35A84", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:-:pre3:*:*:*:*:*", matchCriteriaId: "1451771E-F456-4631-89C8-0A49F4C8F03B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:-:pre4:*:*:*:*:*", matchCriteriaId: "FC881283-D0DF-482E-8A06-5CFCF0FA0BB6", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:-:pre5:*:*:*:*:*", matchCriteriaId: "E746946A-2D07-402B-A071-9B674F6FEA75", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:-:pre6:*:*:*:*:*", matchCriteriaId: "6B1A697B-3777-492F-BA53-0BA7A9934C03", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:-:pre7:*:*:*:*:*", matchCriteriaId: "1C579925-591E-4BD7-A888-B8D2B0228D34", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:rc4:*:*:*:*:*:*", matchCriteriaId: "131C4C00-3811-42BF-A84A-EB2E5DA156B4", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable1:*:*:*:*:*:*:*", matchCriteriaId: "047EDDD6-02F5-4B53-8FCA-781962392080", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable2:*:*:*:*:*:*:*", matchCriteriaId: "01AD43AB-40BF-449F-A121-A8587E7AE449", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable3:*:*:*:*:*:*:*", matchCriteriaId: "3942285D-E20C-45C5-9EF8-821F6D782CB8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable4:*:*:*:*:*:*:*", matchCriteriaId: "B3FDB45B-4D91-4427-9565-812919086E7E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable5:*:*:*:*:*:*:*", matchCriteriaId: "86C3C8B5-C2A3-4454-9F89-38A860278366", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable6:*:*:*:*:*:*:*", matchCriteriaId: "8B37B7B4-2EAC-4C2A-9526-5C62CBA1DB8B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable7:*:*:*:*:*:*:*", matchCriteriaId: "056EDEEE-A09C-47A2-9217-72E4B8387E00", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable8:*:*:*:*:*:*:*", matchCriteriaId: "2593CB12-03E2-4F98-9B89-C09D5EADE077", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable9:*:*:*:*:*:*:*", matchCriteriaId: "A44B7A4F-3070-4092-B9AF-3A1CD0897CC7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable10:*:*:*:*:*:*:*", matchCriteriaId: "EF79D9A9-9C11-4E6D-81D1-32CA8CA95223", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable11:*:*:*:*:*:*:*", matchCriteriaId: "042FE60B-7239-45C7-8EE3-A036AC7778F8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable11:rc1:*:*:*:*:*:*", matchCriteriaId: "FF5EE89A-720F-456A-BD26-FE46BBA29D9A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable12:*:*:*:*:*:*:*", matchCriteriaId: "ADF61A74-9CF9-413E-B997-4FAE5BA28939", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable13:*:*:*:*:*:*:*", matchCriteriaId: "5605B00F-438B-45CC-A55D-E75E57BC4684", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable14:*:*:*:*:*:*:*", matchCriteriaId: "8316B22E-B016-4F0E-9A3F-383E9B1A85A4", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable15:*:*:*:*:*:*:*", matchCriteriaId: "49A2C5CB-E2F1-4A72-9EA3-912050AFEF7F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable16:*:*:*:*:*:*:*", matchCriteriaId: "574C7DCC-B6E5-42A0-AA44-A0BCD67D1884", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable16:rc1:*:*:*:*:*:*", matchCriteriaId: "4D0DAD04-02C4-4FC4-BE08-3CAA3B85EB0B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable17:*:*:*:*:*:*:*", matchCriteriaId: "A2B1F1A5-B435-4A5C-86DF-EC3F29D94417", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable18:*:*:*:*:*:*:*", matchCriteriaId: "113EF7A6-3B8D-4A50-8873-FD36FCBF284C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable19:*:*:*:*:*:*:*", matchCriteriaId: "DC97E2DA-7378-486B-9178-3B38FF58589B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable20:*:*:*:*:*:*:*", matchCriteriaId: "1F178890-2F7E-43F5-8D6D-5EFCD790E758", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable21:*:*:*:*:*:*:*", matchCriteriaId: "9FA231EB-0F06-4D13-B50D-76FC8393187A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable22:*:*:*:*:*:*:*", matchCriteriaId: "31AB1D33-65EE-46DF-9D29-6B2BFACE7EC8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable23:*:*:*:*:*:*:*", matchCriteriaId: "BDA4744F-5FB2-4DF8-A7B9-A33EAB004CBA", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable24:*:*:*:*:*:*:*", matchCriteriaId: "72023FB9-F081-4F0A-9E81-2AF0470EB278", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable25:*:*:*:*:*:*:*", matchCriteriaId: "2F7D973B-9D57-4F74-89B1-A18CDA388EF4", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1:*:*:*:*:*:*:*", matchCriteriaId: "6A8586AD-E820-4BAE-AAF9-AC7EF2316C06", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "802E3D2B-90B7-4725-854F-4174116BC314", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "7501697A-BCFD-4DC3-8D87-CC9A186D9589", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "0D6C4455-85F4-462D-9FF6-F830ED7D398E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "B600BF4C-8169-4086-BFE6-F066BE5F5406", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "46272D1B-1468-48C0-B37A-7D06FAC39C47", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.6:*:*:*:*:*:*:*", matchCriteriaId: "DA782B4B-486F-4197-BD5D-ABF791D57211", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.7:*:*:*:*:*:*:*", matchCriteriaId: "558D8641-E097-4D91-9B6E-07433844BB82", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.8:*:*:*:*:*:*:*", matchCriteriaId: "0B46F5F1-38FC-4E25-8F04-CA2730561DF8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.9:*:*:*:*:*:*:*", matchCriteriaId: "C69B0A4D-9619-4BEA-A846-C4438C2660F2", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.10:*:*:*:*:*:*:*", matchCriteriaId: "ED17FE35-6B2C-41BF-A7C7-2EECBDB5A934", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.11:*:*:*:*:*:*:*", matchCriteriaId: "78A50750-3A31-482C-B95C-019C8934850E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.12:*:*:*:*:*:*:*", matchCriteriaId: "8FF6AC30-9570-4D4B-835E-CCADEB546F46", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.13:*:*:*:*:*:*:*", matchCriteriaId: "7FB84E4E-6A0A-41C8-9DDF-3C18F526F155", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.14:*:*:*:*:*:*:*", matchCriteriaId: "2E49E5C3-D01F-4DBC-B33A-5495D3EC44F8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.15:*:*:*:*:*:*:*", matchCriteriaId: "79C53B22-9F33-43E7-8D1F-EEB0DEF4B503", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.16:*:*:*:*:*:*:*", matchCriteriaId: "25B60DB2-F50C-42F0-B6C9-B25C34B8F578", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.17:*:*:*:*:*:*:*", matchCriteriaId: "DE973F9E-8387-464F-AFA0-25215B340173", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.18:*:*:*:*:*:*:*", matchCriteriaId: "03D3F0E3-0C50-4A86-87F4-90FC82B312F5", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "CE26BEC0-B9C7-43F0-B0FB-E81870170B29", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "D0778579-A193-4C61-BB1A-6D2E733F3958", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "9ED5DC63-6E9D-4068-95DF-AF8FD9A0A7ED", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.4:*:*:*:*:*:*:*", matchCriteriaId: "8DE890F9-12C0-4D66-B6C1-6A5A87FAD5F0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.5:*:*:*:*:*:*:*", matchCriteriaId: "FB414FE3-3567-474B-B5A7-D3EF5DD63AB8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "AF450F17-12A2-4E33-875A-5F3C2CA4A5C1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.6:*:*:*:*:*:*:*", matchCriteriaId: "E3AB229E-2C32-410B-BFE2-62DCA734C3F3", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "78A6D6B0-9BC0-418E-84EE-23697A0FEC19", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.8:*:*:*:*:*:*:*", matchCriteriaId: "5BF7AFE1-A45A-43B7-B3C7-45C060D046BC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.9:*:*:*:*:*:*:*", matchCriteriaId: "41914354-D5BE-4B1F-BED3-0ECA43586537", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.10:*:*:*:*:*:*:*", matchCriteriaId: "AE9A3716-8670-4847-A6EB-F601184D369E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.11:*:*:*:*:*:*:*", matchCriteriaId: "D0E88EE3-EC00-4F1F-BAEF-4F1F893C5C5F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.12:*:*:*:*:*:*:*", matchCriteriaId: "A330DFA8-BF79-45CC-BF88-6CEA26D7BC9E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.13:*:*:*:*:*:*:*", matchCriteriaId: "679A55F8-34B4-435A-8BCE-8F842F3FB269", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.14:*:*:*:*:*:*:*", matchCriteriaId: "898674F9-6BF7-469F-A74E-558EAFC2CD27", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.15:*:*:*:*:*:*:*", matchCriteriaId: "3F50E718-1CF2-4C8F-A1EA-5F769B203B8A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "6DFAB3BA-BBE9-4CFB-BE6B-BDF3E7772E7F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "C9F523B8-463E-4FB0-ACB6-E36AAAF85CD9", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*", matchCriteriaId: "5BA593D9-907D-4051-A3F2-0F88F01A7C79", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "20D2B364-B98A-4484-A10A-86AF43774096", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*", matchCriteriaId: "0B7BF076-0D43-407A-86DC-D1163922A787", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*", matchCriteriaId: "AA576F49-A7F5-4013-89DF-F6C91C15B547", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*", matchCriteriaId: "5D3F52FE-FFB3-4221-8DC7-3F5680A07429", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*", matchCriteriaId: "604FEF42-ABA7-42C1-8A5F-C3AECFD68481", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*", matchCriteriaId: "DC2568C1-89CB-41C1-9126-A8665614D0B1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*", matchCriteriaId: "C18B5392-3FDB-49E6-89DB-7945D337FBFB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*", matchCriteriaId: "BA9E0E7F-E93C-4DE9-8D91-5EE50BCFAC2A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.12:*:*:*:*:*:*:*", matchCriteriaId: "0BFF9D8B-343B-415D-8AF8-B07AF94CC48B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.13:*:*:*:*:*:*:*", matchCriteriaId: "16F5794B-BBFB-4B12-9A0B-88A0334681C7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.14:*:*:*:*:*:*:*", matchCriteriaId: "17D0083E-8D50-4DC6-979F-685D5CB588AF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.15:*:*:*:*:*:*:*", matchCriteriaId: "138FAD73-1D25-4F46-B9EA-599FF0EDA1AA", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.16:*:*:*:*:*:*:*", matchCriteriaId: "2CE34DC1-F654-474E-B6A3-D81B9BF4D6CF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.17:*:*:*:*:*:*:*", matchCriteriaId: "8A4BF7AC-7D9F-40D8-A5AA-BE1EBF37CF96", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.18:*:*:*:*:*:*:*", matchCriteriaId: "643E8B9B-C3F4-4171-BF67-D9359BDCE5CB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.19:*:*:*:*:*:*:*", matchCriteriaId: "A73CBC60-1EF1-4730-9350-EB51F269695B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.1:*:*:*:*:*:*:*", matchCriteriaId: "2721E403-A553-492F-897F-1CD1E2685139", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.2:*:*:*:*:*:*:*", matchCriteriaId: "85B091C4-8104-4A1E-A09D-EBCD114DC829", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.3:*:*:*:*:*:*:*", matchCriteriaId: "FA2EDF9C-45AD-4980-8DEF-C7F473B22CAF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.4:*:*:*:*:*:*:*", matchCriteriaId: "BE4B8448-49FA-491C-A6A2-040233D670B1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.5:*:*:*:*:*:*:*", matchCriteriaId: "11480BB1-874C-48EB-BB03-081313310608", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.6:*:*:*:*:*:*:*", matchCriteriaId: "1B739890-99E8-434C-97D4-3739E6C31838", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.7:*:*:*:*:*:*:*", matchCriteriaId: "0C7B1871-3C85-4B88-AB42-E60BF5CDFB04", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0A71DCD2-0E54-46A7-8309-CDB0736AD5C1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.9:*:*:*:*:*:*:*", matchCriteriaId: "CD54BDDF-F7A8-4715-BA0E-4E7F741492FE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.10:*:*:*:*:*:*:*", matchCriteriaId: "9A2B9699-6622-4883-BA03-E3374C54871A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.11:*:*:*:*:*:*:*", matchCriteriaId: "78391DAF-2096-4DC4-80E4-D4D2859DCA32", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.12:*:*:*:*:*:*:*", matchCriteriaId: "9B062A06-31C1-4B23-B7BD-9F751ABD6A37", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.13:*:*:*:*:*:*:*", matchCriteriaId: "DE426934-A9E2-4019-99EA-5A76EA7CDF5C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0:*:*:*:*:*:*:*", matchCriteriaId: "728DD64E-C267-475A-BEA8-C139581DD7A7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "4CE8F3F5-45A2-418A-9D8E-4E6DFC888BC6", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "7F4845D4-40D9-431E-A63C-E949B9D9F959", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.1:*:*:*:*:*:*:*", matchCriteriaId: "9EF070E6-0B73-4F6D-8932-B284697FCD2E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.2:*:*:*:*:*:*:*", matchCriteriaId: "6E07992B-92B4-4307-8DBD-085376C1D6DD", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.3:*:*:*:*:*:*:*", matchCriteriaId: "386550A3-A55B-4F24-9625-6A50260ADA72", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.4:*:*:*:*:*:*:*", matchCriteriaId: "810D1F9E-81E5-45F0-B62B-AB0A797FF8B0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.5:*:*:*:*:*:*:*", matchCriteriaId: "4673327A-1E50-47CC-AD83-6A3D2E687292", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.6:*:*:*:*:*:*:*", matchCriteriaId: "6624AF2D-9EF0-4597-B8B2-20D7A309EA6F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.7:*:*:*:*:*:*:*", matchCriteriaId: "E9F75D13-ED59-42A9-A662-AC77DBA20903", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.8:*:*:*:*:*:*:*", matchCriteriaId: "1D2DEDED-818C-42E4-821C-954CE7406DA8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.9:*:*:*:*:*:*:*", matchCriteriaId: "EEED0A2E-AA5D-4835-A7C6-499325A0EB32", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.10:*:*:*:*:*:*:*", matchCriteriaId: "BEDD0AF5-8252-4548-941B-26581393E918", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.11:*:*:*:*:*:*:*", matchCriteriaId: "3E939AD4-B8F3-4BC0-9948-3C92B88D2593", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.12:*:*:*:*:*:*:*", matchCriteriaId: "73CAD438-969B-4D2E-8A2F-9264AFAD9DE2", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.13:*:*:*:*:*:*:*", matchCriteriaId: "87259A2E-E132-45BA-8AC4-8CC50B1F659A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "1DD85E57-9A51-42DF-8BF7-E5701BAA64AE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.2:*:*:*:*:*:*:*", matchCriteriaId: "E983C5C3-C93C-4750-8DC5-31D6206335A8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DEC8D212-6E8B-45F7-B7FB-9FFA64C1DB8F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.1:*:*:*:*:*:*:*", matchCriteriaId: "F03B2A6E-1D63-42F2-BB31-18EC120B6543", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.2:*:*:*:*:*:*:*", matchCriteriaId: "3BC83C4B-7C06-40D7-9EF6-76E752E5724B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.3:*:*:*:*:*:*:*", matchCriteriaId: "5C1E1CC9-81A7-47D5-87AC-86703E257D29", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.4:*:*:*:*:*:*:*", matchCriteriaId: "D716D8C4-2089-4E61-9487-B2085B74B5BF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.8:*:*:*:*:*:*:*", matchCriteriaId: "40507A48-FD3B-4309-B017-A1644C5C3520", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.9:*:*:*:*:*:*:*", matchCriteriaId: "0211EBCA-144F-4BDD-8F0C-E5F7BDF96E7A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.10:*:*:*:*:*:*:*", matchCriteriaId: "7A52E699-6C08-4324-AD38-E8D40A02701F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.11:*:*:*:*:*:*:*", matchCriteriaId: "94C493CA-CBF0-4D15-8D1A-0E972E31F7A6", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.12:*:*:*:*:*:*:*", matchCriteriaId: "C398219E-503D-4DE5-85E8-5570536D6FB9", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.13:*:*:*:*:*:*:*", matchCriteriaId: "BBF91088-0BD3-48EB-8D19-C05F156D4A19", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.1:*:*:*:*:*:*:*", matchCriteriaId: "E0868B12-EDF9-42D9-BB43-15F623A3310B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.2:*:*:*:*:*:*:*", matchCriteriaId: "F710949D-F0FE-43F4-ADB3-6EB679A70280", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DCB75144-2437-40A8-8CA3-A487B603F7DE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.4:*:*:*:*:*:*:*", matchCriteriaId: "6CED2CB3-BE78-4818-A6D7-847A1ACE74DC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.1:*:*:*:*:*:*:*", matchCriteriaId: "705D8320-A278-483A-AE47-802044CE685E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "060FCBEA-DEAA-42FB-88C9-4B78136B172F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.2:*:*:*:*:*:*:*", matchCriteriaId: "74987102-8CA8-4120-B686-F18579A96A46", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DA7828AA-48B6-44CD-8507-345A4F0A25BC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.4:*:*:*:*:*:*:*", matchCriteriaId: "6640F25F-CC8B-4B05-A97A-2186BD0B5ED8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.5:*:*:*:*:*:*:*", matchCriteriaId: "A037F780-6FC9-4130-908F-B5434FA0C7DE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.6:*:*:*:*:*:*:*", matchCriteriaId: "1DDEB455-F082-44E4-8CEA-019C0084BF05", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.", }, { lang: "es", value: "Squid 3.x en versiones anteriores a 3.5.15 y 4.x en versiones anteriores a 4.0.7 no añade datos a objetos String adecuadamente, lo que permite a servidores remotos provocar una denegación de servicio (error de aserción y salida de demonio) a través de una cadena larga, según lo demostrado por una cabecera HTTP Vary manipulada.", }, ], id: "CVE-2016-2569", lastModified: "2024-11-21T02:48:43.297", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-02-27T05:59:03.843", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { source: "cve@mitre.org", url: "http://rhn.redhat.com/errata/RHSA-2016-2600.html", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2016/02/26/2", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id/1035101", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_2.txt", }, { source: "cve@mitre.org", url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13991.patch", }, { source: "cve@mitre.org", url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-14552.patch", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/201607-01", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/3557-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-2600.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2016/02/26/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1035101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_2.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13991.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-14552.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/201607-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/3557-1/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-05-27 14:15
Modified
2024-11-21 06:06
Severity ?
Summary
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy). A client sends an HTTP Range request to trigger this.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| netapp | cloud_manager | - | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "32AC0EE8-444B-447A-98E9-C22F82A6203C", versionEndExcluding: "4.15", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "68801A75-0B13-444A-B88F-8BDD4EE953D3", versionEndExcluding: "5.0.6", versionStartIncluding: "5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*", matchCriteriaId: "197D0D80-6702-4B61-B681-AFDBA7D69067", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", matchCriteriaId: "E460AA51-FCDA-46B9-AE97-E6676AA5E194", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy). A client sends an HTTP Range request to trigger this.", }, { lang: "es", value: "Se detectó un problema en Squid versiones anteriores a 4.15 y versiones 5.x anteriores a 5.0.6. Debido a un bug de comprobación de entrada, es vulnerable a ataques de Denegación de Servicio (contra todos los clientes que usan el proxy). Un cliente envía una petición HTTP Range para desencadenar esto", }, ], id: "CVE-2021-31808", lastModified: "2024-11-21T06:06:16.153", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-05-27T14:15:07.500", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2023/Oct/14", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/10/11/3", }, { source: "cve@mitre.org", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210716-0007/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4924", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2023/Oct/14", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/10/11/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210716-0007/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2021/dsa-4924", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-15 19:15
Modified
2024-11-21 04:23
Severity ?
Summary
An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This makes it trivial for an attacker who has compromised the child process to escalate their privileges back to root.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "A5584C95-5CB1-4D45-8C05-633746AE2AB4", versionEndIncluding: "4.7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This makes it trivial for an attacker who has compromised the child process to escalate their privileges back to root.", }, { lang: "es", value: "Se detectó un problema en Squid versiones hasta 4.7. Cuando Squid se ejecuta como root, genera sus procesos hijos como un usuario menor, por defecto el usuario nobody. Esto se realiza por medio de la llamada de leave_suid. leave_suid deja el UID Guardado como 0. Esto hace que sea trivial para un atacante que ha comprometido el proceso hijo escalar sus privilegios de nuevo a root.", }, ], id: "CVE-2019-12522", lastModified: "2024-11-21T04:23:01.737", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 4.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 1, impactScore: 3.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-15T19:15:12.473", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12522.txt", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210205-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12522.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210205-0006/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-269", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-01-27 17:59
Modified
2024-11-21 02:43
Severity ?
Summary
Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:3.1.10:*:*:*:*:*:*:*", matchCriteriaId: "AE9A3716-8670-4847-A6EB-F601184D369E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.11:*:*:*:*:*:*:*", matchCriteriaId: "D0E88EE3-EC00-4F1F-BAEF-4F1F893C5C5F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.12:*:*:*:*:*:*:*", matchCriteriaId: "A330DFA8-BF79-45CC-BF88-6CEA26D7BC9E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.14:*:*:*:*:*:*:*", matchCriteriaId: "898674F9-6BF7-469F-A74E-558EAFC2CD27", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.15:*:*:*:*:*:*:*", matchCriteriaId: "3F50E718-1CF2-4C8F-A1EA-5F769B203B8A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.16:*:*:*:*:*:*:*", matchCriteriaId: "290D66F4-D27F-4E86-AC95-05082F3C2E36", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.17:*:*:*:*:*:*:*", matchCriteriaId: "A8CD6A42-2C79-48EB-8F6C-0A7CE0C6AAAA", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.18:*:*:*:*:*:*:*", matchCriteriaId: "ABBA9A61-2B05-4527-A49D-425AD5FD863B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.19:*:*:*:*:*:*:*", matchCriteriaId: "E893D7A8-9C39-438C-8EF2-9573EEDC884A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.20:*:*:*:*:*:*:*", matchCriteriaId: "0B707451-BF0E-4F79-A348-B1141ABA6EF8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.21:*:*:*:*:*:*:*", matchCriteriaId: "810AAA9D-F4B2-4F0A-89DD-2D9378516481", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.22:*:*:*:*:*:*:*", matchCriteriaId: "516F3F77-3AEA-489D-A36F-C502B4D9BF01", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.23:*:*:*:*:*:*:*", matchCriteriaId: "FE91484C-3E8A-449C-A95D-DFA088D8D1B9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*", matchCriteriaId: "5BA593D9-907D-4051-A3F2-0F88F01A7C79", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "20D2B364-B98A-4484-A10A-86AF43774096", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*", matchCriteriaId: "0B7BF076-0D43-407A-86DC-D1163922A787", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*", matchCriteriaId: "AA576F49-A7F5-4013-89DF-F6C91C15B547", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*", matchCriteriaId: "5D3F52FE-FFB3-4221-8DC7-3F5680A07429", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*", matchCriteriaId: "604FEF42-ABA7-42C1-8A5F-C3AECFD68481", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*", matchCriteriaId: "DC2568C1-89CB-41C1-9126-A8665614D0B1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*", matchCriteriaId: "C18B5392-3FDB-49E6-89DB-7945D337FBFB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*", matchCriteriaId: "BA9E0E7F-E93C-4DE9-8D91-5EE50BCFAC2A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.12:*:*:*:*:*:*:*", matchCriteriaId: "0BFF9D8B-343B-415D-8AF8-B07AF94CC48B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.13:*:*:*:*:*:*:*", matchCriteriaId: "16F5794B-BBFB-4B12-9A0B-88A0334681C7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.14:*:*:*:*:*:*:*", matchCriteriaId: "17D0083E-8D50-4DC6-979F-685D5CB588AF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.15:*:*:*:*:*:*:*", matchCriteriaId: "138FAD73-1D25-4F46-B9EA-599FF0EDA1AA", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.16:*:*:*:*:*:*:*", matchCriteriaId: "2CE34DC1-F654-474E-B6A3-D81B9BF4D6CF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.17:*:*:*:*:*:*:*", matchCriteriaId: "8A4BF7AC-7D9F-40D8-A5AA-BE1EBF37CF96", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.18:*:*:*:*:*:*:*", matchCriteriaId: "643E8B9B-C3F4-4171-BF67-D9359BDCE5CB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.19:*:*:*:*:*:*:*", matchCriteriaId: "A73CBC60-1EF1-4730-9350-EB51F269695B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.1:*:*:*:*:*:*:*", matchCriteriaId: "2721E403-A553-492F-897F-1CD1E2685139", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.2:*:*:*:*:*:*:*", matchCriteriaId: "85B091C4-8104-4A1E-A09D-EBCD114DC829", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.3:*:*:*:*:*:*:*", matchCriteriaId: "FA2EDF9C-45AD-4980-8DEF-C7F473B22CAF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.4:*:*:*:*:*:*:*", matchCriteriaId: "BE4B8448-49FA-491C-A6A2-040233D670B1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.5:*:*:*:*:*:*:*", matchCriteriaId: "11480BB1-874C-48EB-BB03-081313310608", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.6:*:*:*:*:*:*:*", matchCriteriaId: "1B739890-99E8-434C-97D4-3739E6C31838", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.7:*:*:*:*:*:*:*", matchCriteriaId: "0C7B1871-3C85-4B88-AB42-E60BF5CDFB04", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0A71DCD2-0E54-46A7-8309-CDB0736AD5C1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.9:*:*:*:*:*:*:*", matchCriteriaId: "CD54BDDF-F7A8-4715-BA0E-4E7F741492FE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.10:*:*:*:*:*:*:*", matchCriteriaId: "9A2B9699-6622-4883-BA03-E3374C54871A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.11:*:*:*:*:*:*:*", matchCriteriaId: "78391DAF-2096-4DC4-80E4-D4D2859DCA32", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.12:*:*:*:*:*:*:*", matchCriteriaId: "9B062A06-31C1-4B23-B7BD-9F751ABD6A37", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.13:*:*:*:*:*:*:*", matchCriteriaId: "DE426934-A9E2-4019-99EA-5A76EA7CDF5C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.14:*:*:*:*:*:*:*", matchCriteriaId: "B421E821-CB87-4B65-AD64-102C3628DBF9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "A7A83183-74B1-4041-A961-D9F382AAC7E5", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "4CE8F3F5-45A2-418A-9D8E-4E6DFC888BC6", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "7F4845D4-40D9-431E-A63C-E949B9D9F959", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.1:*:*:*:*:*:*:*", matchCriteriaId: "9EF070E6-0B73-4F6D-8932-B284697FCD2E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.2:*:*:*:*:*:*:*", matchCriteriaId: "6E07992B-92B4-4307-8DBD-085376C1D6DD", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.3:*:*:*:*:*:*:*", matchCriteriaId: "386550A3-A55B-4F24-9625-6A50260ADA72", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.4:*:*:*:*:*:*:*", matchCriteriaId: "810D1F9E-81E5-45F0-B62B-AB0A797FF8B0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.5:*:*:*:*:*:*:*", matchCriteriaId: "4673327A-1E50-47CC-AD83-6A3D2E687292", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.6:*:*:*:*:*:*:*", matchCriteriaId: "6624AF2D-9EF0-4597-B8B2-20D7A309EA6F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.7:*:*:*:*:*:*:*", matchCriteriaId: "E9F75D13-ED59-42A9-A662-AC77DBA20903", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.8:*:*:*:*:*:*:*", matchCriteriaId: "1D2DEDED-818C-42E4-821C-954CE7406DA8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.9:*:*:*:*:*:*:*", matchCriteriaId: "EEED0A2E-AA5D-4835-A7C6-499325A0EB32", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.10:*:*:*:*:*:*:*", matchCriteriaId: "BEDD0AF5-8252-4548-941B-26581393E918", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.11:*:*:*:*:*:*:*", matchCriteriaId: "3E939AD4-B8F3-4BC0-9948-3C92B88D2593", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.12:*:*:*:*:*:*:*", matchCriteriaId: "73CAD438-969B-4D2E-8A2F-9264AFAD9DE2", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.13:*:*:*:*:*:*:*", matchCriteriaId: "87259A2E-E132-45BA-8AC4-8CC50B1F659A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.14:*:*:*:*:*:*:*", matchCriteriaId: "76245991-1D91-4475-87E1-FBB77A1B3CDF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "1DD85E57-9A51-42DF-8BF7-E5701BAA64AE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.2:*:*:*:*:*:*:*", matchCriteriaId: "E983C5C3-C93C-4750-8DC5-31D6206335A8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DEC8D212-6E8B-45F7-B7FB-9FFA64C1DB8F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.4:*:*:*:*:*:*:*", matchCriteriaId: "7DA3A67C-A764-4D7B-B795-7E6B05879E21", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.1:*:*:*:*:*:*:*", matchCriteriaId: "F03B2A6E-1D63-42F2-BB31-18EC120B6543", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.2:*:*:*:*:*:*:*", matchCriteriaId: "3BC83C4B-7C06-40D7-9EF6-76E752E5724B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.3:*:*:*:*:*:*:*", matchCriteriaId: "5C1E1CC9-81A7-47D5-87AC-86703E257D29", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.4:*:*:*:*:*:*:*", matchCriteriaId: "D716D8C4-2089-4E61-9487-B2085B74B5BF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.5:*:*:*:*:*:*:*", matchCriteriaId: "5332A8F5-8F97-465B-AF24-2FEF0B055006", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.6:*:*:*:*:*:*:*", matchCriteriaId: "6567D19B-DF18-4C52-984A-591524A83AD5", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.7:*:*:*:*:*:*:*", matchCriteriaId: "06832CD3-C761-4941-AFAB-822477C568F6", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.8:*:*:*:*:*:*:*", matchCriteriaId: "40507A48-FD3B-4309-B017-A1644C5C3520", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.9:*:*:*:*:*:*:*", matchCriteriaId: "0211EBCA-144F-4BDD-8F0C-E5F7BDF96E7A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.10:*:*:*:*:*:*:*", matchCriteriaId: "7A52E699-6C08-4324-AD38-E8D40A02701F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.11:*:*:*:*:*:*:*", matchCriteriaId: "94C493CA-CBF0-4D15-8D1A-0E972E31F7A6", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.12:*:*:*:*:*:*:*", matchCriteriaId: "C398219E-503D-4DE5-85E8-5570536D6FB9", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.13:*:*:*:*:*:*:*", matchCriteriaId: "BBF91088-0BD3-48EB-8D19-C05F156D4A19", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.14:*:*:*:*:*:*:*", matchCriteriaId: "3441D193-DA62-4AC1-8E50-3AEEF8C659F3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.1:*:*:*:*:*:*:*", matchCriteriaId: "E0868B12-EDF9-42D9-BB43-15F623A3310B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.2:*:*:*:*:*:*:*", matchCriteriaId: "F710949D-F0FE-43F4-ADB3-6EB679A70280", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DCB75144-2437-40A8-8CA3-A487B603F7DE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.4:*:*:*:*:*:*:*", matchCriteriaId: "6CED2CB3-BE78-4818-A6D7-847A1ACE74DC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.1:*:*:*:*:*:*:*", matchCriteriaId: "705D8320-A278-483A-AE47-802044CE685E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.2:*:*:*:*:*:*:*", matchCriteriaId: "715634E1-F7BE-4106-BDA7-B7D147EEA800", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.3:*:*:*:*:*:*:*", matchCriteriaId: "21E9E155-FC6F-46E7-8BF7-65DF097409D3", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.4:*:*:*:*:*:*:*", matchCriteriaId: "CF72FA7A-E35D-4000-9DDA-71E55EA3A4D4", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.5:*:*:*:*:*:*:*", matchCriteriaId: "26A3F10F-938E-44D6-845D-B66EF9812C21", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.6:*:*:*:*:*:*:*", matchCriteriaId: "B1D82EEE-F65E-4657-B0F7-6CE33D219134", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.7:*:*:*:*:*:*:*", matchCriteriaId: "C9E6A845-B67C-4112-8240-9F61D6AF3B0D", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.8:*:*:*:*:*:*:*", matchCriteriaId: "4BEDD7E3-E263-4A09-9C11-3E008E01BC28", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.9:*:*:*:*:*:*:*", matchCriteriaId: "80E3FF16-A6CD-456C-B58A-381A75D8616C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.10:*:*:*:*:*:*:*", matchCriteriaId: "87D02AB2-AA26-4416-B689-02C5EEF2099C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.11:*:*:*:*:*:*:*", matchCriteriaId: "A134E1F1-AFCC-498B-8840-5884CF858769", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.12:*:*:*:*:*:*:*", matchCriteriaId: "D5F4E7D0-B6F4-476E-A011-55619E91A3B0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.13:*:*:*:*:*:*:*", matchCriteriaId: "95588755-27E8-4DB7-B865-A784D3638FE8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.14:*:*:*:*:*:*:*", matchCriteriaId: "2CD4DDBC-4243-459A-B43D-FF8F0AE0BA3C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.15:*:*:*:*:*:*:*", matchCriteriaId: "0F90E11F-FC03-46D9-A9C4-A578196D59D8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.16:*:*:*:*:*:*:*", matchCriteriaId: "EDC9BEE2-D7E4-4192-963C-E9F2364FC8CE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.17:*:*:*:*:*:*:*", matchCriteriaId: "CA0BDDAD-2912-480F-8911-8FF94E1A7415", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.18:*:*:*:*:*:*:*", matchCriteriaId: "275C4ED9-0C69-4CFD-9C1D-D734731DD940", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.19:*:*:*:*:*:*:*", matchCriteriaId: "647A80E8-9AA4-41B4-B2F2-9D07D839DFEC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.20:*:*:*:*:*:*:*", matchCriteriaId: "CC3EDC70-9DE3-454E-A90D-7D4A4C082517", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.21:*:*:*:*:*:*:*", matchCriteriaId: "8E397BA5-4FA4-402F-BFCC-9077ED93C438", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.22:*:*:*:*:*:*:*", matchCriteriaId: "4649C5C3-7371-4B92-9E06-73AE4CF39685", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "060FCBEA-DEAA-42FB-88C9-4B78136B172F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.2:*:*:*:*:*:*:*", matchCriteriaId: "74987102-8CA8-4120-B686-F18579A96A46", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DA7828AA-48B6-44CD-8507-345A4F0A25BC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.4:*:*:*:*:*:*:*", matchCriteriaId: "6640F25F-CC8B-4B05-A97A-2186BD0B5ED8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.5:*:*:*:*:*:*:*", matchCriteriaId: "A037F780-6FC9-4130-908F-B5434FA0C7DE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.6:*:*:*:*:*:*:*", matchCriteriaId: "1DDEB455-F082-44E4-8CEA-019C0084BF05", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.7:*:*:*:*:*:*:*", matchCriteriaId: "49555803-288E-4B0A-B12A-890E5E0AD05F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.8:*:*:*:*:*:*:*", matchCriteriaId: "EBEE374C-365E-49DE-A9F9-6083044C774D", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.9:*:*:*:*:*:*:*", matchCriteriaId: "1B6B2A8E-DD81-43CD-9F5B-E8F87498E513", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.10:*:*:*:*:*:*:*", matchCriteriaId: "179ACC3B-D8C8-4CE2-964F-CBF29BBB066A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.11:*:*:*:*:*:*:*", matchCriteriaId: "252E5ABE-5113-4987-931E-16B69C4CE424", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.12:*:*:*:*:*:*:*", matchCriteriaId: "9285C454-7F60-4AEA-A134-124C1E0745FC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.13:*:*:*:*:*:*:*", matchCriteriaId: "2F753944-8EC0-4CE5-98E5-71798F9EC663", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.14:*:*:*:*:*:*:*", matchCriteriaId: "F1BD3131-D4F3-4B29-9408-754B6190DAEE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.15:*:*:*:*:*:*:*", matchCriteriaId: "3F00481A-5E3B-45A1-A2A5-56E63F91C834", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.16:*:*:*:*:*:*:*", matchCriteriaId: "217AB656-D70C-4009-8797-C58002FDB6C0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.", }, { lang: "es", value: "Procesamiento incorrecto de respuestas a peticiones condicionales If-None-Modified HTTP en Squid HTTP Proxy 3.1.10 hasta la versión 3.1.23, 3.2.0.3 hasta la versión 3.5.22 y 4.0.1 hasta la versión 4.0.16 conduce a que datos Cookie de un cliente específico sean filtrados a otros clientes. Peticiones de ataque pueden ser fácilmente manipuladas por un cliente para probar una memoria caché para esta información.", }, ], id: "CVE-2016-10002", lastModified: "2024-11-21T02:43:04.293", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-01-27T17:59:00.133", references: [ { source: "cve@mitre.org", url: "http://rhn.redhat.com/errata/RHSA-2017-0182.html", }, { source: "cve@mitre.org", url: "http://rhn.redhat.com/errata/RHSA-2017-0183.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2016/dsa-3745", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/12/18/1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94953", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1037513", }, { source: "cve@mitre.org", tags: [ "Mitigation", "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_11.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2017-0182.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2017-0183.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2016/dsa-3745", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2016/12/18/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94953", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1037513", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_11.txt", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-12-14 18:15
Modified
2024-11-21 08:36
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to perform Denial of Service attack by sending a large X-Forwarded-For header when the follow_x_forwarded_for feature is configured. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| squid-cache | squid | 2.6 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "1137E216-6CAB-4EFD-9678-AF3BD48B1FA5", versionEndIncluding: "5.9", versionStartIncluding: "3.1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "C0CBB040-FF79-4CD5-B749-A50ADAD82571", versionEndIncluding: "6.5", versionStartIncluding: "6.0.1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.6:*:*:*:*:*:*:*", matchCriteriaId: "3AE100C3-0245-4305-B514-77D0572C2947", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:-:*:*:*:*:*:*", matchCriteriaId: "A4E50120-7298-4BC5-AC36-708EFCCFA1F8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable1:*:*:*:*:*:*", matchCriteriaId: "01930746-6E15-445F-BD30-C4E83FA9AE25", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable2:*:*:*:*:*:*", matchCriteriaId: "EFBB466C-C679-4B4B-87C2-E7853E5B3F04", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable3:*:*:*:*:*:*", matchCriteriaId: "A03692DD-779F-4E3C-861C-29943870A816", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable4:*:*:*:*:*:*", matchCriteriaId: "79FF6B3C-A3CE-4AA2-80F9-44D05A6B2F08", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable5:*:*:*:*:*:*", matchCriteriaId: "3CF6E367-D33B-4B60-8C40-4618C47D53E8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable6:*:*:*:*:*:*", matchCriteriaId: "0FA1F4FE-629C-4489-A13C-017A824C840F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable7:*:*:*:*:*:*", matchCriteriaId: "2479C5BF-94E1-4153-9FA3-333BC00F01D6", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable8:*:*:*:*:*:*", matchCriteriaId: "8ABFCCCC-7584-466E-97CC-6EBD3934A70E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable9:*:*:*:*:*:*", matchCriteriaId: "F17E49BF-FB11-4EE6-B6AC-30914F381B2F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to perform Denial of Service attack by sending a large X-Forwarded-For header when the follow_x_forwarded_for feature is configured. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives.", }, { lang: "es", value: "Squid es un proxy de almacenamiento en caché para la Web. Debido a un error de recursión no controlada en las versiones 2.6 a 2.7.STABLE9, versiones 3.1 a 5.9 y versiones 6.0.1 a 6.5, Squid puede ser vulnerable a un ataque de denegación de servicio contra el análisis de solicitudes HTTP. Este problema permite que un cliente remoto realice un ataque de denegación de servicio enviando un encabezado X-Forwarded-For grande cuando la función follow_x_forwarded_for está configurada. Este error se solucionó con la versión 6.6 de Squid. Además, los parches que solucionan este problema para las versiones estables se pueden encontrar en los archivos de parches de Squid.", }, ], id: "CVE-2023-50269", lastModified: "2024-11-21T08:36:47.383", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-14T18:15:45.070", references: [ { source: "security-advisories@github.com", tags: [ "Broken Link", ], url: "http://www.squid-cache.org/Versions/v5/SQUID-2023_10.patch", }, { source: "security-advisories@github.com", tags: [ "Broken Link", ], url: "http://www.squid-cache.org/Versions/v6/SQUID-2023_10.patch", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-wgq4-4cfg-c4x3", }, { source: "security-advisories@github.com", url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/", }, { source: "security-advisories@github.com", url: "https://security.netapp.com/advisory/ntap-20240119-0005/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.squid-cache.org/Versions/v5/SQUID-2023_10.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.squid-cache.org/Versions/v6/SQUID-2023_10.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-wgq4-4cfg-c4x3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20240119-0005/", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-674", }, ], source: "security-advisories@github.com", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-09-16 19:14
Modified
2024-11-21 01:54
Severity ?
Summary
client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0:*:*:*:*:*:*:*", matchCriteriaId: "728DD64E-C267-475A-BEA8-C139581DD7A7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "4CE8F3F5-45A2-418A-9D8E-4E6DFC888BC6", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "7F4845D4-40D9-431E-A63C-E949B9D9F959", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.1:*:*:*:*:*:*:*", matchCriteriaId: "9EF070E6-0B73-4F6D-8932-B284697FCD2E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.2:*:*:*:*:*:*:*", matchCriteriaId: "6E07992B-92B4-4307-8DBD-085376C1D6DD", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.3:*:*:*:*:*:*:*", matchCriteriaId: "386550A3-A55B-4F24-9625-6A50260ADA72", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.4:*:*:*:*:*:*:*", matchCriteriaId: "810D1F9E-81E5-45F0-B62B-AB0A797FF8B0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.5:*:*:*:*:*:*:*", matchCriteriaId: "4673327A-1E50-47CC-AD83-6A3D2E687292", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.6:*:*:*:*:*:*:*", matchCriteriaId: "6624AF2D-9EF0-4597-B8B2-20D7A309EA6F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.7:*:*:*:*:*:*:*", matchCriteriaId: "E9F75D13-ED59-42A9-A662-AC77DBA20903", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", matchCriteriaId: "DFBF430B-0832-44B0-AA0E-BA9E467F7668", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "6DFAB3BA-BBE9-4CFB-BE6B-BDF3E7772E7F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "C9F523B8-463E-4FB0-ACB6-E36AAAF85CD9", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*", matchCriteriaId: "5BA593D9-907D-4051-A3F2-0F88F01A7C79", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "20D2B364-B98A-4484-A10A-86AF43774096", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*", matchCriteriaId: "0B7BF076-0D43-407A-86DC-D1163922A787", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*", matchCriteriaId: "AA576F49-A7F5-4013-89DF-F6C91C15B547", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*", matchCriteriaId: "5D3F52FE-FFB3-4221-8DC7-3F5680A07429", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*", matchCriteriaId: "604FEF42-ABA7-42C1-8A5F-C3AECFD68481", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*", matchCriteriaId: "DC2568C1-89CB-41C1-9126-A8665614D0B1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*", matchCriteriaId: "C18B5392-3FDB-49E6-89DB-7945D337FBFB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*", matchCriteriaId: "BA9E0E7F-E93C-4DE9-8D91-5EE50BCFAC2A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.12:*:*:*:*:*:*:*", matchCriteriaId: "0BFF9D8B-343B-415D-8AF8-B07AF94CC48B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.13:*:*:*:*:*:*:*", matchCriteriaId: "16F5794B-BBFB-4B12-9A0B-88A0334681C7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.14:*:*:*:*:*:*:*", matchCriteriaId: "17D0083E-8D50-4DC6-979F-685D5CB588AF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.15:*:*:*:*:*:*:*", matchCriteriaId: "138FAD73-1D25-4F46-B9EA-599FF0EDA1AA", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.16:*:*:*:*:*:*:*", matchCriteriaId: "2CE34DC1-F654-474E-B6A3-D81B9BF4D6CF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.17:*:*:*:*:*:*:*", matchCriteriaId: "8A4BF7AC-7D9F-40D8-A5AA-BE1EBF37CF96", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.18:*:*:*:*:*:*:*", matchCriteriaId: "643E8B9B-C3F4-4171-BF67-D9359BDCE5CB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.19:*:*:*:*:*:*:*", matchCriteriaId: "A73CBC60-1EF1-4730-9350-EB51F269695B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.1:*:*:*:*:*:*:*", matchCriteriaId: "2721E403-A553-492F-897F-1CD1E2685139", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.2:*:*:*:*:*:*:*", matchCriteriaId: "85B091C4-8104-4A1E-A09D-EBCD114DC829", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.3:*:*:*:*:*:*:*", matchCriteriaId: "FA2EDF9C-45AD-4980-8DEF-C7F473B22CAF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.4:*:*:*:*:*:*:*", matchCriteriaId: "BE4B8448-49FA-491C-A6A2-040233D670B1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.5:*:*:*:*:*:*:*", matchCriteriaId: "11480BB1-874C-48EB-BB03-081313310608", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.6:*:*:*:*:*:*:*", matchCriteriaId: "1B739890-99E8-434C-97D4-3739E6C31838", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.7:*:*:*:*:*:*:*", matchCriteriaId: "0C7B1871-3C85-4B88-AB42-E60BF5CDFB04", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0A71DCD2-0E54-46A7-8309-CDB0736AD5C1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.9:*:*:*:*:*:*:*", matchCriteriaId: "CD54BDDF-F7A8-4715-BA0E-4E7F741492FE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.10:*:*:*:*:*:*:*", matchCriteriaId: "9A2B9699-6622-4883-BA03-E3374C54871A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.11:*:*:*:*:*:*:*", matchCriteriaId: "78391DAF-2096-4DC4-80E4-D4D2859DCA32", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.12:*:*:*:*:*:*:*", matchCriteriaId: "9B062A06-31C1-4B23-B7BD-9F751ABD6A37", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header.", }, { lang: "es", value: "client_side_request.cc en Squid 3.2.x anteriores a 3.2.13 y 3.3.x anteriores a 3.3.8 permite a un atacante remoto causar una denegación de servicio a través de un número de puerto manipulado en una cabecera HTTP Host.", }, ], id: "CVE-2013-4123", lastModified: "2024-11-21T01:54:55.660", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-09-16T19:14:38.397", references: [ { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-updates/2013-09/msg00024.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/54142", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/54834", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2013_3.txt", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11826.patch", }, { source: "secalert@redhat.com", url: "http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12591.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2013-09/msg00024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/54142", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/54834", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2013_3.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11826.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12591.patch", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-11-03 08:15
Modified
2024-12-18 01:15
Severity ?
9.3 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 | |
| redhat | enterprise_linux_eus | 8.6 | |
| redhat | enterprise_linux_eus | 8.8 | |
| redhat | enterprise_linux_eus | 9.0 | |
| redhat | enterprise_linux_eus | 9.2 | |
| redhat | enterprise_linux_for_arm_64 | 8.0_aarch64 | |
| redhat | enterprise_linux_for_ibm_z_systems | 8.0_s390x | |
| redhat | enterprise_linux_for_power_little_endian | 8.0_ppc64le | |
| redhat | enterprise_linux_server_aus | 8.2 | |
| redhat | enterprise_linux_server_aus | 8.4 | |
| redhat | enterprise_linux_server_aus | 8.6 | |
| redhat | enterprise_linux_server_aus | 9.2 | |
| redhat | enterprise_linux_server_tus | 8.2 | |
| redhat | enterprise_linux_server_tus | 8.4 | |
| redhat | enterprise_linux_server_tus | 8.6 | |
| redhat | enterprise_linux_server_tus | 8.8 | |
| redhat | enterprise_linux_server_tus | 9.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "D68B5D22-7802-4AA1-9835-97208C2DF9BD", versionEndExcluding: "6.4", versionStartIncluding: "2.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "6C3741B8-851F-475D-B428-523F4F722350", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "62C31522-0A17-4025-B269-855C7F4B45C2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*", matchCriteriaId: "4DDA3E5A-8754-4C48-9A27-E2415F8A6000", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "3C74F6FA-FA6C-4648-9079-91446E45EE47", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "5A47EF78-A5B6-4B89-8B74-EEB0647C549F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "32AF225E-94C0-4D07-900C-DD868C05F554", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "23D471AC-7DCA-4425-AD91-E5D928753A8C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "6897676D-53F9-45B3-B27F-7FF9A4C58D33", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "E28F226A-CBC7-4A32-BE58-398FA5B42481", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "76C24D94-834A-4E9D-8F73-624AFA99AAA2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "F32CA554-F9D7-425B-8F1C-89678507F28C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "B09ACF2D-D83F-4A86-8185-9569605D8EE1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "AC10D919-57FD-4725-B8D2-39ECB476902F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "1272DF03-7674-4BD4-8E64-94004B195448", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "F1CA946D-1665-4874-9D41-C7D963DD1F56", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "647A34CD-AB8C-44DD-8FD7-03315633FF1B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.", }, { lang: "es", value: "SQUID es vulnerable al contrabando de solicitudes HTTP, causado por la indulgencia de los decodificadores fragmentados, lo que permite a un atacante remoto realizar el contrabando de solicitudes/respuestas a través del firewall y los sistemas de seguridad frontales.", }, ], id: "CVE-2023-46846", lastModified: "2024-12-18T01:15:06.010", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.3, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4.7, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-11-03T08:15:07.953", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6266", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6267", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6268", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6748", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6801", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6803", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6804", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6810", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7213", }, { source: "secalert@redhat.com", url: "https://access.redhat.com/errata/RHSA-2024:11049", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-46846", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2245910", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-j83v-w3p4-5cqh", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6266", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6267", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6268", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6748", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6801", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6803", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6804", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6810", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7213", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-46846", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2245910", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-j83v-w3p4-5cqh", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00008.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20231130-0002/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-444", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-444", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-09-30 22:55
Modified
2024-11-21 01:50
Severity ?
Summary
The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x before 3.2.9 and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a "," character in an Accept-Language header.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | 3.2.0.1 | |
| squid-cache | squid | 3.2.0.2 | |
| squid-cache | squid | 3.2.0.3 | |
| squid-cache | squid | 3.2.0.4 | |
| squid-cache | squid | 3.2.0.5 | |
| squid-cache | squid | 3.2.0.6 | |
| squid-cache | squid | 3.2.0.7 | |
| squid-cache | squid | 3.2.0.8 | |
| squid-cache | squid | 3.2.0.9 | |
| squid-cache | squid | 3.2.0.10 | |
| squid-cache | squid | 3.2.0.11 | |
| squid-cache | squid | 3.2.0.12 | |
| squid-cache | squid | 3.2.0.13 | |
| squid-cache | squid | 3.2.0.14 | |
| squid-cache | squid | 3.2.0.15 | |
| squid-cache | squid | 3.2.0.16 | |
| squid-cache | squid | 3.2.0.17 | |
| squid-cache | squid | 3.2.0.18 | |
| squid-cache | squid | 3.2.0.19 | |
| squid-cache | squid | 3.2.1 | |
| squid-cache | squid | 3.2.2 | |
| squid-cache | squid | 3.2.3 | |
| squid-cache | squid | 3.2.4 | |
| squid-cache | squid | 3.2.5 | |
| squid-cache | squid | 3.2.6 | |
| squid-cache | squid | 3.2.7 | |
| squid-cache | squid | 3.2.8 | |
| squid-cache | squid | 3.3.0 | |
| squid-cache | squid | 3.3.0.2 | |
| squid-cache | squid | 3.3.0.3 | |
| squid-cache | squid | 3.3.1 | |
| squid-cache | squid | 3.3.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "6DFAB3BA-BBE9-4CFB-BE6B-BDF3E7772E7F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "C9F523B8-463E-4FB0-ACB6-E36AAAF85CD9", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*", matchCriteriaId: "5BA593D9-907D-4051-A3F2-0F88F01A7C79", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "20D2B364-B98A-4484-A10A-86AF43774096", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*", matchCriteriaId: "0B7BF076-0D43-407A-86DC-D1163922A787", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*", matchCriteriaId: "AA576F49-A7F5-4013-89DF-F6C91C15B547", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*", matchCriteriaId: "5D3F52FE-FFB3-4221-8DC7-3F5680A07429", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*", matchCriteriaId: "604FEF42-ABA7-42C1-8A5F-C3AECFD68481", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*", matchCriteriaId: "DC2568C1-89CB-41C1-9126-A8665614D0B1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*", matchCriteriaId: "C18B5392-3FDB-49E6-89DB-7945D337FBFB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*", matchCriteriaId: "BA9E0E7F-E93C-4DE9-8D91-5EE50BCFAC2A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.12:*:*:*:*:*:*:*", matchCriteriaId: "0BFF9D8B-343B-415D-8AF8-B07AF94CC48B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.13:*:*:*:*:*:*:*", matchCriteriaId: "16F5794B-BBFB-4B12-9A0B-88A0334681C7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.14:*:*:*:*:*:*:*", matchCriteriaId: "17D0083E-8D50-4DC6-979F-685D5CB588AF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.15:*:*:*:*:*:*:*", matchCriteriaId: "138FAD73-1D25-4F46-B9EA-599FF0EDA1AA", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.16:*:*:*:*:*:*:*", matchCriteriaId: "2CE34DC1-F654-474E-B6A3-D81B9BF4D6CF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.17:*:*:*:*:*:*:*", matchCriteriaId: "8A4BF7AC-7D9F-40D8-A5AA-BE1EBF37CF96", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.18:*:*:*:*:*:*:*", matchCriteriaId: "643E8B9B-C3F4-4171-BF67-D9359BDCE5CB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.19:*:*:*:*:*:*:*", matchCriteriaId: "A73CBC60-1EF1-4730-9350-EB51F269695B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.1:*:*:*:*:*:*:*", matchCriteriaId: "2721E403-A553-492F-897F-1CD1E2685139", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.2:*:*:*:*:*:*:*", matchCriteriaId: "85B091C4-8104-4A1E-A09D-EBCD114DC829", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.3:*:*:*:*:*:*:*", matchCriteriaId: "FA2EDF9C-45AD-4980-8DEF-C7F473B22CAF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.4:*:*:*:*:*:*:*", matchCriteriaId: "BE4B8448-49FA-491C-A6A2-040233D670B1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.5:*:*:*:*:*:*:*", matchCriteriaId: "11480BB1-874C-48EB-BB03-081313310608", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.6:*:*:*:*:*:*:*", matchCriteriaId: "1B739890-99E8-434C-97D4-3739E6C31838", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.7:*:*:*:*:*:*:*", matchCriteriaId: "0C7B1871-3C85-4B88-AB42-E60BF5CDFB04", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0A71DCD2-0E54-46A7-8309-CDB0736AD5C1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0:*:*:*:*:*:*:*", matchCriteriaId: "728DD64E-C267-475A-BEA8-C139581DD7A7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "4CE8F3F5-45A2-418A-9D8E-4E6DFC888BC6", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "7F4845D4-40D9-431E-A63C-E949B9D9F959", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.1:*:*:*:*:*:*:*", matchCriteriaId: "9EF070E6-0B73-4F6D-8932-B284697FCD2E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.2:*:*:*:*:*:*:*", matchCriteriaId: "6E07992B-92B4-4307-8DBD-085376C1D6DD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x before 3.2.9 and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a \",\" character in an Accept-Language header.", }, { lang: "es", value: "La función strHdrAcptLangGetItem en errorpage.cc de Squid 3.2.x (anteriores a 3.2.9) y 3.3.x (anteriores a 3.3.3) permite a un atacante remoto causar una denegación de servicio (bucle infinito y consumo de CPU) a través de un caracter \",\" en la cabecera Accept-Language.", }, ], id: "CVE-2013-1839", lastModified: "2024-11-21T01:50:29.613", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-09-30T22:55:04.633", references: [ { source: "secalert@redhat.com", url: "http://archives.neohapsis.com/archives/bugtraq/2013-03/0025.html", }, { source: "secalert@redhat.com", url: "http://archives.neohapsis.com/archives/bugtraq/2013-03/0069.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/52588", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2013/03/11/7", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/58316", }, { source: "secalert@redhat.com", url: "http://www.squid-cache.org/Advisories/SQUID-2013_1.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/bugtraq/2013-03/0025.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://archives.neohapsis.com/archives/bugtraq/2013-03/0069.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/52588", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2013/03/11/7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/58316", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.squid-cache.org/Advisories/SQUID-2013_1.txt", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-02-27 05:59
Modified
2024-11-21 02:48
Severity ?
Summary
http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | 4.0.1 | |
| squid-cache | squid | 4.0.2 | |
| squid-cache | squid | 4.0.3 | |
| squid-cache | squid | 4.0.4 | |
| squid-cache | squid | 4.0.5 | |
| squid-cache | squid | 4.0.6 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "060FCBEA-DEAA-42FB-88C9-4B78136B172F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.2:*:*:*:*:*:*:*", matchCriteriaId: "74987102-8CA8-4120-B686-F18579A96A46", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DA7828AA-48B6-44CD-8507-345A4F0A25BC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.4:*:*:*:*:*:*:*", matchCriteriaId: "6640F25F-CC8B-4B05-A97A-2186BD0B5ED8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.5:*:*:*:*:*:*:*", matchCriteriaId: "A037F780-6FC9-4130-908F-B5434FA0C7DE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.6:*:*:*:*:*:*:*", matchCriteriaId: "1DDEB455-F082-44E4-8CEA-019C0084BF05", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.", }, { lang: "es", value: "http.cc en Squid 4.x en versiones anteriores a 4.0.7 confía en el código de estado HTTP después de un fallo de respuesta de análisis, lo que permite a servidores HTTP remotos provocar una denegación de servicio (fallo de aserción y salida de demonio) a través de una respuesta mal formada.", }, ], id: "CVE-2016-2572", lastModified: "2024-11-21T02:48:43.820", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-02-27T05:59:06.797", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { source: "cve@mitre.org", url: "http://rhn.redhat.com/errata/RHSA-2016-2600.html", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2016/02/26/2", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id/1035101", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_2.txt", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-14548.patch", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/201607-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-2600.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2016/02/26/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1035101", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_2.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-14548.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/201607-01", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-12-04 23:15
Modified
2024-11-21 08:33
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "64A6EFAB-804C-4B6B-B609-2F5A797EACB0", versionEndIncluding: "6.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.", }, { lang: "es", value: "Squid es un proxy de almacenamiento en caché para la Web que admite HTTP, HTTPS, FTP y más. Debido a un error de verificación incorrecta del valor de retorno de la función, Squid es vulnerable a un ataque de denegación de servicio contra su gestión de procesos auxiliares. Este error se solucionó con la versión 6.5 de Squid. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad.", }, ], id: "CVE-2023-49286", lastModified: "2024-11-21T08:33:11.347", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-04T23:15:27.243", references: [ { source: "security-advisories@github.com", tags: [ "Broken Link", ], url: "http://www.squid-cache.org/Versions/v6/SQUID-2023_8.patch", }, { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/squid-cache/squid/commit/6014c6648a2a54a4ecb7f952ea1163e0798f9264", }, { source: "security-advisories@github.com", tags: [ "Vendor Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-xggx-9329-3c27", }, { source: "security-advisories@github.com", url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/", }, { source: "security-advisories@github.com", url: "https://security.netapp.com/advisory/ntap-20240119-0004/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.squid-cache.org/Versions/v6/SQUID-2023_8.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/squid-cache/squid/commit/6014c6648a2a54a4ecb7f952ea1163e0798f9264", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-xggx-9329-3c27", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20240119-0004/", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-253", }, { lang: "en", value: "CWE-617", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-617", }, { lang: "en", value: "CWE-754", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-11-26 17:15
Modified
2024-11-21 04:33
Severity ?
Summary
An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be delivered to.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.04 | |
| canonical | ubuntu_linux | 19.10 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "466DF174-7C87-4D0E-B10D-F3F88014D9F5", versionEndIncluding: "2.7", versionStartIncluding: "2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "FC9F2659-B37B-4E7B-AE40-B91BF3CE4E88", versionEndIncluding: "3.5.28", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "A278895E-7005-4F4B-8649-A013F60E33D4", versionEndIncluding: "4.8", versionStartIncluding: "4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable2:*:*:*:*:*:*", matchCriteriaId: "EFBB466C-C679-4B4B-87C2-E7853E5B3F04", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable3:*:*:*:*:*:*", matchCriteriaId: "A03692DD-779F-4E3C-861C-29943870A816", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable4:*:*:*:*:*:*", matchCriteriaId: "79FF6B3C-A3CE-4AA2-80F9-44D05A6B2F08", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable5:*:*:*:*:*:*", matchCriteriaId: "3CF6E367-D33B-4B60-8C40-4618C47D53E8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable6:*:*:*:*:*:*", matchCriteriaId: "0FA1F4FE-629C-4489-A13C-017A824C840F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable7:*:*:*:*:*:*", matchCriteriaId: "2479C5BF-94E1-4153-9FA3-333BC00F01D6", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable8:*:*:*:*:*:*", matchCriteriaId: "8ABFCCCC-7584-466E-97CC-6EBD3934A70E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:2.7:stable9:*:*:*:*:*:*", matchCriteriaId: "F17E49BF-FB11-4EE6-B6AC-30914F381B2F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", matchCriteriaId: "CD783B0C-9246-47D9-A937-6144FE8BFF0F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be delivered to.", }, { lang: "es", value: "Se descubrió un problema en Squid versiones 2.x, 3.x y versiones 4.x hasta 4.8 cuando la configuración append_domain es usada (porque los caracteres añadidos no interactúan apropiadamente con las restricciones de longitud del nombre de host). Debido a un procesamiento incorrecto del mensaje, puede redireccionar inapropiadamente el tráfico a los orígenes a los que no debe ser enviado.", }, ], id: "CVE-2019-18677", lastModified: "2024-11-21T04:33:30.820", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-11-26T17:15:12.923", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2019_9.txt", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-e5f1813a674848dde570f7920873e1071f96e0b4.patch", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-36492033ea4097821a4f7ff3ddcb971fbd1e8ba0.patch", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1156328", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/pull/427", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html", }, { source: "cve@mitre.org", url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4213-1/", }, { source: "cve@mitre.org", url: "https://www.debian.org/security/2020/dsa-4682", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2019_9.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-e5f1813a674848dde570f7920873e1071f96e0b4.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-36492033ea4097821a4f7ff3ddcb971fbd1e8ba0.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1156328", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/pull/427", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4213-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.debian.org/security/2020/dsa-4682", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-09-11 18:55
Modified
2024-11-21 02:08
Severity ?
Summary
HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted "Range headers with unidentifiable byte-range values."
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:3.1:*:*:*:*:*:*:*", matchCriteriaId: "6A8586AD-E820-4BAE-AAF9-AC7EF2316C06", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "802E3D2B-90B7-4725-854F-4174116BC314", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "7501697A-BCFD-4DC3-8D87-CC9A186D9589", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "0D6C4455-85F4-462D-9FF6-F830ED7D398E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "B600BF4C-8169-4086-BFE6-F066BE5F5406", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "46272D1B-1468-48C0-B37A-7D06FAC39C47", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.6:*:*:*:*:*:*:*", matchCriteriaId: "DA782B4B-486F-4197-BD5D-ABF791D57211", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.7:*:*:*:*:*:*:*", matchCriteriaId: "558D8641-E097-4D91-9B6E-07433844BB82", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.8:*:*:*:*:*:*:*", matchCriteriaId: "0B46F5F1-38FC-4E25-8F04-CA2730561DF8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.9:*:*:*:*:*:*:*", matchCriteriaId: "C69B0A4D-9619-4BEA-A846-C4438C2660F2", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.10:*:*:*:*:*:*:*", matchCriteriaId: "ED17FE35-6B2C-41BF-A7C7-2EECBDB5A934", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.11:*:*:*:*:*:*:*", matchCriteriaId: "78A50750-3A31-482C-B95C-019C8934850E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.12:*:*:*:*:*:*:*", matchCriteriaId: "8FF6AC30-9570-4D4B-835E-CCADEB546F46", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.13:*:*:*:*:*:*:*", matchCriteriaId: "7FB84E4E-6A0A-41C8-9DDF-3C18F526F155", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.14:*:*:*:*:*:*:*", matchCriteriaId: "2E49E5C3-D01F-4DBC-B33A-5495D3EC44F8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.15:*:*:*:*:*:*:*", matchCriteriaId: "79C53B22-9F33-43E7-8D1F-EEB0DEF4B503", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.16:*:*:*:*:*:*:*", matchCriteriaId: "25B60DB2-F50C-42F0-B6C9-B25C34B8F578", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.17:*:*:*:*:*:*:*", matchCriteriaId: "DE973F9E-8387-464F-AFA0-25215B340173", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.18:*:*:*:*:*:*:*", matchCriteriaId: "03D3F0E3-0C50-4A86-87F4-90FC82B312F5", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "CE26BEC0-B9C7-43F0-B0FB-E81870170B29", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "D0778579-A193-4C61-BB1A-6D2E733F3958", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "9ED5DC63-6E9D-4068-95DF-AF8FD9A0A7ED", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.4:*:*:*:*:*:*:*", matchCriteriaId: "8DE890F9-12C0-4D66-B6C1-6A5A87FAD5F0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.5:*:*:*:*:*:*:*", matchCriteriaId: "FB414FE3-3567-474B-B5A7-D3EF5DD63AB8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "AF450F17-12A2-4E33-875A-5F3C2CA4A5C1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.6:*:*:*:*:*:*:*", matchCriteriaId: "E3AB229E-2C32-410B-BFE2-62DCA734C3F3", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "78A6D6B0-9BC0-418E-84EE-23697A0FEC19", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.8:*:*:*:*:*:*:*", matchCriteriaId: "5BF7AFE1-A45A-43B7-B3C7-45C060D046BC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.9:*:*:*:*:*:*:*", matchCriteriaId: "41914354-D5BE-4B1F-BED3-0ECA43586537", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.10:*:*:*:*:*:*:*", matchCriteriaId: "AE9A3716-8670-4847-A6EB-F601184D369E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.11:*:*:*:*:*:*:*", matchCriteriaId: "D0E88EE3-EC00-4F1F-BAEF-4F1F893C5C5F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.12:*:*:*:*:*:*:*", matchCriteriaId: "A330DFA8-BF79-45CC-BF88-6CEA26D7BC9E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.13:*:*:*:*:*:*:*", matchCriteriaId: "679A55F8-34B4-435A-8BCE-8F842F3FB269", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.14:*:*:*:*:*:*:*", matchCriteriaId: "898674F9-6BF7-469F-A74E-558EAFC2CD27", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.15:*:*:*:*:*:*:*", matchCriteriaId: "3F50E718-1CF2-4C8F-A1EA-5F769B203B8A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "6DFAB3BA-BBE9-4CFB-BE6B-BDF3E7772E7F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "C9F523B8-463E-4FB0-ACB6-E36AAAF85CD9", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*", matchCriteriaId: "5BA593D9-907D-4051-A3F2-0F88F01A7C79", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "20D2B364-B98A-4484-A10A-86AF43774096", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*", matchCriteriaId: "0B7BF076-0D43-407A-86DC-D1163922A787", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*", matchCriteriaId: "AA576F49-A7F5-4013-89DF-F6C91C15B547", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*", matchCriteriaId: "5D3F52FE-FFB3-4221-8DC7-3F5680A07429", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*", matchCriteriaId: "604FEF42-ABA7-42C1-8A5F-C3AECFD68481", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*", matchCriteriaId: "DC2568C1-89CB-41C1-9126-A8665614D0B1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*", matchCriteriaId: "C18B5392-3FDB-49E6-89DB-7945D337FBFB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*", matchCriteriaId: "BA9E0E7F-E93C-4DE9-8D91-5EE50BCFAC2A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.12:*:*:*:*:*:*:*", matchCriteriaId: "0BFF9D8B-343B-415D-8AF8-B07AF94CC48B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.13:*:*:*:*:*:*:*", matchCriteriaId: "16F5794B-BBFB-4B12-9A0B-88A0334681C7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.14:*:*:*:*:*:*:*", matchCriteriaId: "17D0083E-8D50-4DC6-979F-685D5CB588AF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.15:*:*:*:*:*:*:*", matchCriteriaId: "138FAD73-1D25-4F46-B9EA-599FF0EDA1AA", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.16:*:*:*:*:*:*:*", matchCriteriaId: "2CE34DC1-F654-474E-B6A3-D81B9BF4D6CF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.17:*:*:*:*:*:*:*", matchCriteriaId: "8A4BF7AC-7D9F-40D8-A5AA-BE1EBF37CF96", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.18:*:*:*:*:*:*:*", matchCriteriaId: "643E8B9B-C3F4-4171-BF67-D9359BDCE5CB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.19:*:*:*:*:*:*:*", matchCriteriaId: "A73CBC60-1EF1-4730-9350-EB51F269695B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.1:*:*:*:*:*:*:*", matchCriteriaId: "2721E403-A553-492F-897F-1CD1E2685139", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.2:*:*:*:*:*:*:*", matchCriteriaId: "85B091C4-8104-4A1E-A09D-EBCD114DC829", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.3:*:*:*:*:*:*:*", matchCriteriaId: "FA2EDF9C-45AD-4980-8DEF-C7F473B22CAF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.4:*:*:*:*:*:*:*", matchCriteriaId: "BE4B8448-49FA-491C-A6A2-040233D670B1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.5:*:*:*:*:*:*:*", matchCriteriaId: "11480BB1-874C-48EB-BB03-081313310608", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.6:*:*:*:*:*:*:*", matchCriteriaId: "1B739890-99E8-434C-97D4-3739E6C31838", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.7:*:*:*:*:*:*:*", matchCriteriaId: "0C7B1871-3C85-4B88-AB42-E60BF5CDFB04", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0A71DCD2-0E54-46A7-8309-CDB0736AD5C1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.9:*:*:*:*:*:*:*", matchCriteriaId: "CD54BDDF-F7A8-4715-BA0E-4E7F741492FE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.10:*:*:*:*:*:*:*", matchCriteriaId: "9A2B9699-6622-4883-BA03-E3374C54871A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.11:*:*:*:*:*:*:*", matchCriteriaId: "78391DAF-2096-4DC4-80E4-D4D2859DCA32", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.12:*:*:*:*:*:*:*", matchCriteriaId: "9B062A06-31C1-4B23-B7BD-9F751ABD6A37", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0:*:*:*:*:*:*:*", matchCriteriaId: "728DD64E-C267-475A-BEA8-C139581DD7A7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "4CE8F3F5-45A2-418A-9D8E-4E6DFC888BC6", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "7F4845D4-40D9-431E-A63C-E949B9D9F959", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.1:*:*:*:*:*:*:*", matchCriteriaId: "9EF070E6-0B73-4F6D-8932-B284697FCD2E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.2:*:*:*:*:*:*:*", matchCriteriaId: "6E07992B-92B4-4307-8DBD-085376C1D6DD", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.3:*:*:*:*:*:*:*", matchCriteriaId: "386550A3-A55B-4F24-9625-6A50260ADA72", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.4:*:*:*:*:*:*:*", matchCriteriaId: "810D1F9E-81E5-45F0-B62B-AB0A797FF8B0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.5:*:*:*:*:*:*:*", matchCriteriaId: "4673327A-1E50-47CC-AD83-6A3D2E687292", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.6:*:*:*:*:*:*:*", matchCriteriaId: "6624AF2D-9EF0-4597-B8B2-20D7A309EA6F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.7:*:*:*:*:*:*:*", matchCriteriaId: "E9F75D13-ED59-42A9-A662-AC77DBA20903", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.8:*:*:*:*:*:*:*", matchCriteriaId: "1D2DEDED-818C-42E4-821C-954CE7406DA8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.9:*:*:*:*:*:*:*", matchCriteriaId: "EEED0A2E-AA5D-4835-A7C6-499325A0EB32", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.10:*:*:*:*:*:*:*", matchCriteriaId: "BEDD0AF5-8252-4548-941B-26581393E918", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.11:*:*:*:*:*:*:*", matchCriteriaId: "3E939AD4-B8F3-4BC0-9948-3C92B88D2593", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "1DD85E57-9A51-42DF-8BF7-E5701BAA64AE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.2:*:*:*:*:*:*:*", matchCriteriaId: "E983C5C3-C93C-4750-8DC5-31D6206335A8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DEC8D212-6E8B-45F7-B7FB-9FFA64C1DB8F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.1:*:*:*:*:*:*:*", matchCriteriaId: "F03B2A6E-1D63-42F2-BB31-18EC120B6543", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.2:*:*:*:*:*:*:*", matchCriteriaId: "3BC83C4B-7C06-40D7-9EF6-76E752E5724B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.3:*:*:*:*:*:*:*", matchCriteriaId: "5C1E1CC9-81A7-47D5-87AC-86703E257D29", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.4:*:*:*:*:*:*:*", matchCriteriaId: "D716D8C4-2089-4E61-9487-B2085B74B5BF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.5:*:*:*:*:*:*:*", matchCriteriaId: "5332A8F5-8F97-465B-AF24-2FEF0B055006", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted \"Range headers with unidentifiable byte-range values.\"", }, { lang: "es", value: "HttpHdrRange.cc en Squid 3.x anterior a 3.3.12 y 3.4.x anterior a 3.4.6 permite a atacantes remotos causar una denegación de servicio (caída) a través de una solicitud con ' cabeceras de rango con valores de rango de bytes no identificables' manipuladas.", }, ], id: "CVE-2014-3609", lastModified: "2024-11-21T02:08:29.780", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-09-11T18:55:05.150", references: [ { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00025.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-updates/2014-09/msg00029.html", }, { source: "secalert@redhat.com", url: "http://rhn.redhat.com/errata/RHSA-2014-1147.html", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/60179", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/60334", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/61320", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/61412", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2014/dsa-3014", }, { source: "secalert@redhat.com", url: "http://www.debian.org/security/2015/dsa-3139", }, { source: "secalert@redhat.com", url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/69453", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2014_2.txt", }, { source: "secalert@redhat.com", url: "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9201.patch", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.ubuntu.com/usn/USN-2327-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00025.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2014-09/msg00029.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2014-1147.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/60179", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/60334", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/61320", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/61412", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2014/dsa-3014", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2015/dsa-3139", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/69453", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2014_2.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9201.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.ubuntu.com/usn/USN-2327-1", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-04-07 18:59
Modified
2024-11-21 02:51
Severity ?
Summary
Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:3.0:*:*:*:*:*:*:*", matchCriteriaId: "62B9F669-6217-498A-902E-22EDEEFC565E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:-:pre1:*:*:*:*:*", matchCriteriaId: "ED54A2B3-6D36-4016-9BF1-83FAD500103F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:-:pre2:*:*:*:*:*", matchCriteriaId: "C4F368E3-88A6-463C-AA18-8FA1B9E35A84", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:-:pre3:*:*:*:*:*", matchCriteriaId: "1451771E-F456-4631-89C8-0A49F4C8F03B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:-:pre4:*:*:*:*:*", matchCriteriaId: "FC881283-D0DF-482E-8A06-5CFCF0FA0BB6", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:-:pre5:*:*:*:*:*", matchCriteriaId: "E746946A-2D07-402B-A071-9B674F6FEA75", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:-:pre6:*:*:*:*:*", matchCriteriaId: "6B1A697B-3777-492F-BA53-0BA7A9934C03", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:-:pre7:*:*:*:*:*", matchCriteriaId: "1C579925-591E-4BD7-A888-B8D2B0228D34", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0:rc4:*:*:*:*:*:*", matchCriteriaId: "131C4C00-3811-42BF-A84A-EB2E5DA156B4", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable1:*:*:*:*:*:*:*", matchCriteriaId: "047EDDD6-02F5-4B53-8FCA-781962392080", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable2:*:*:*:*:*:*:*", matchCriteriaId: "01AD43AB-40BF-449F-A121-A8587E7AE449", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable3:*:*:*:*:*:*:*", matchCriteriaId: "3942285D-E20C-45C5-9EF8-821F6D782CB8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable4:*:*:*:*:*:*:*", matchCriteriaId: "B3FDB45B-4D91-4427-9565-812919086E7E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable5:*:*:*:*:*:*:*", matchCriteriaId: "86C3C8B5-C2A3-4454-9F89-38A860278366", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable6:*:*:*:*:*:*:*", matchCriteriaId: "8B37B7B4-2EAC-4C2A-9526-5C62CBA1DB8B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable7:*:*:*:*:*:*:*", matchCriteriaId: "056EDEEE-A09C-47A2-9217-72E4B8387E00", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable8:*:*:*:*:*:*:*", matchCriteriaId: "2593CB12-03E2-4F98-9B89-C09D5EADE077", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable9:*:*:*:*:*:*:*", matchCriteriaId: "A44B7A4F-3070-4092-B9AF-3A1CD0897CC7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable10:*:*:*:*:*:*:*", matchCriteriaId: "EF79D9A9-9C11-4E6D-81D1-32CA8CA95223", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable11:*:*:*:*:*:*:*", matchCriteriaId: "042FE60B-7239-45C7-8EE3-A036AC7778F8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable11:rc1:*:*:*:*:*:*", matchCriteriaId: "FF5EE89A-720F-456A-BD26-FE46BBA29D9A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable12:*:*:*:*:*:*:*", matchCriteriaId: "ADF61A74-9CF9-413E-B997-4FAE5BA28939", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable13:*:*:*:*:*:*:*", matchCriteriaId: "5605B00F-438B-45CC-A55D-E75E57BC4684", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable14:*:*:*:*:*:*:*", matchCriteriaId: "8316B22E-B016-4F0E-9A3F-383E9B1A85A4", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable15:*:*:*:*:*:*:*", matchCriteriaId: "49A2C5CB-E2F1-4A72-9EA3-912050AFEF7F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable16:*:*:*:*:*:*:*", matchCriteriaId: "574C7DCC-B6E5-42A0-AA44-A0BCD67D1884", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable16:rc1:*:*:*:*:*:*", matchCriteriaId: "4D0DAD04-02C4-4FC4-BE08-3CAA3B85EB0B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable17:*:*:*:*:*:*:*", matchCriteriaId: "A2B1F1A5-B435-4A5C-86DF-EC3F29D94417", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable18:*:*:*:*:*:*:*", matchCriteriaId: "113EF7A6-3B8D-4A50-8873-FD36FCBF284C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable19:*:*:*:*:*:*:*", matchCriteriaId: "DC97E2DA-7378-486B-9178-3B38FF58589B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable20:*:*:*:*:*:*:*", matchCriteriaId: "1F178890-2F7E-43F5-8D6D-5EFCD790E758", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable21:*:*:*:*:*:*:*", matchCriteriaId: "9FA231EB-0F06-4D13-B50D-76FC8393187A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable22:*:*:*:*:*:*:*", matchCriteriaId: "31AB1D33-65EE-46DF-9D29-6B2BFACE7EC8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable23:*:*:*:*:*:*:*", matchCriteriaId: "BDA4744F-5FB2-4DF8-A7B9-A33EAB004CBA", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable24:*:*:*:*:*:*:*", matchCriteriaId: "72023FB9-F081-4F0A-9E81-2AF0470EB278", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.0.stable25:*:*:*:*:*:*:*", matchCriteriaId: "2F7D973B-9D57-4F74-89B1-A18CDA388EF4", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1:*:*:*:*:*:*:*", matchCriteriaId: "6A8586AD-E820-4BAE-AAF9-AC7EF2316C06", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:*", matchCriteriaId: "802E3D2B-90B7-4725-854F-4174116BC314", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:*", matchCriteriaId: "7501697A-BCFD-4DC3-8D87-CC9A186D9589", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:*", matchCriteriaId: "0D6C4455-85F4-462D-9FF6-F830ED7D398E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.4:*:*:*:*:*:*:*", matchCriteriaId: "B600BF4C-8169-4086-BFE6-F066BE5F5406", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.5:*:*:*:*:*:*:*", matchCriteriaId: "46272D1B-1468-48C0-B37A-7D06FAC39C47", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.6:*:*:*:*:*:*:*", matchCriteriaId: "DA782B4B-486F-4197-BD5D-ABF791D57211", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.7:*:*:*:*:*:*:*", matchCriteriaId: "558D8641-E097-4D91-9B6E-07433844BB82", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.8:*:*:*:*:*:*:*", matchCriteriaId: "0B46F5F1-38FC-4E25-8F04-CA2730561DF8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.9:*:*:*:*:*:*:*", matchCriteriaId: "C69B0A4D-9619-4BEA-A846-C4438C2660F2", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.10:*:*:*:*:*:*:*", matchCriteriaId: "ED17FE35-6B2C-41BF-A7C7-2EECBDB5A934", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.11:*:*:*:*:*:*:*", matchCriteriaId: "78A50750-3A31-482C-B95C-019C8934850E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.12:*:*:*:*:*:*:*", matchCriteriaId: "8FF6AC30-9570-4D4B-835E-CCADEB546F46", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.13:*:*:*:*:*:*:*", matchCriteriaId: "7FB84E4E-6A0A-41C8-9DDF-3C18F526F155", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.14:*:*:*:*:*:*:*", matchCriteriaId: "2E49E5C3-D01F-4DBC-B33A-5495D3EC44F8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.15:*:*:*:*:*:*:*", matchCriteriaId: "79C53B22-9F33-43E7-8D1F-EEB0DEF4B503", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.16:*:*:*:*:*:*:*", matchCriteriaId: "25B60DB2-F50C-42F0-B6C9-B25C34B8F578", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.17:*:*:*:*:*:*:*", matchCriteriaId: "DE973F9E-8387-464F-AFA0-25215B340173", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.0.18:*:*:*:*:*:*:*", matchCriteriaId: "03D3F0E3-0C50-4A86-87F4-90FC82B312F5", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "CE26BEC0-B9C7-43F0-B0FB-E81870170B29", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "D0778579-A193-4C61-BB1A-6D2E733F3958", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "9ED5DC63-6E9D-4068-95DF-AF8FD9A0A7ED", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.4:*:*:*:*:*:*:*", matchCriteriaId: "8DE890F9-12C0-4D66-B6C1-6A5A87FAD5F0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.5:*:*:*:*:*:*:*", matchCriteriaId: "FB414FE3-3567-474B-B5A7-D3EF5DD63AB8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.5.1:*:*:*:*:*:*:*", matchCriteriaId: "AF450F17-12A2-4E33-875A-5F3C2CA4A5C1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.6:*:*:*:*:*:*:*", matchCriteriaId: "E3AB229E-2C32-410B-BFE2-62DCA734C3F3", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.7:*:*:*:*:*:*:*", matchCriteriaId: "78A6D6B0-9BC0-418E-84EE-23697A0FEC19", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.8:*:*:*:*:*:*:*", matchCriteriaId: "5BF7AFE1-A45A-43B7-B3C7-45C060D046BC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.9:*:*:*:*:*:*:*", matchCriteriaId: "41914354-D5BE-4B1F-BED3-0ECA43586537", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.10:*:*:*:*:*:*:*", matchCriteriaId: "AE9A3716-8670-4847-A6EB-F601184D369E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.11:*:*:*:*:*:*:*", matchCriteriaId: "D0E88EE3-EC00-4F1F-BAEF-4F1F893C5C5F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.12:*:*:*:*:*:*:*", matchCriteriaId: "A330DFA8-BF79-45CC-BF88-6CEA26D7BC9E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.13:*:*:*:*:*:*:*", matchCriteriaId: "679A55F8-34B4-435A-8BCE-8F842F3FB269", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.14:*:*:*:*:*:*:*", matchCriteriaId: "898674F9-6BF7-469F-A74E-558EAFC2CD27", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.1.15:*:*:*:*:*:*:*", matchCriteriaId: "3F50E718-1CF2-4C8F-A1EA-5F769B203B8A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*", matchCriteriaId: "6DFAB3BA-BBE9-4CFB-BE6B-BDF3E7772E7F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*", matchCriteriaId: "C9F523B8-463E-4FB0-ACB6-E36AAAF85CD9", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*", matchCriteriaId: "5BA593D9-907D-4051-A3F2-0F88F01A7C79", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*", matchCriteriaId: "20D2B364-B98A-4484-A10A-86AF43774096", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*", matchCriteriaId: "0B7BF076-0D43-407A-86DC-D1163922A787", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*", matchCriteriaId: "AA576F49-A7F5-4013-89DF-F6C91C15B547", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*", matchCriteriaId: "5D3F52FE-FFB3-4221-8DC7-3F5680A07429", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*", matchCriteriaId: "604FEF42-ABA7-42C1-8A5F-C3AECFD68481", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*", matchCriteriaId: "DC2568C1-89CB-41C1-9126-A8665614D0B1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*", matchCriteriaId: "C18B5392-3FDB-49E6-89DB-7945D337FBFB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*", matchCriteriaId: "BA9E0E7F-E93C-4DE9-8D91-5EE50BCFAC2A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.12:*:*:*:*:*:*:*", matchCriteriaId: "0BFF9D8B-343B-415D-8AF8-B07AF94CC48B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.13:*:*:*:*:*:*:*", matchCriteriaId: "16F5794B-BBFB-4B12-9A0B-88A0334681C7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.14:*:*:*:*:*:*:*", matchCriteriaId: "17D0083E-8D50-4DC6-979F-685D5CB588AF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.15:*:*:*:*:*:*:*", matchCriteriaId: "138FAD73-1D25-4F46-B9EA-599FF0EDA1AA", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.16:*:*:*:*:*:*:*", matchCriteriaId: "2CE34DC1-F654-474E-B6A3-D81B9BF4D6CF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.17:*:*:*:*:*:*:*", matchCriteriaId: "8A4BF7AC-7D9F-40D8-A5AA-BE1EBF37CF96", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.18:*:*:*:*:*:*:*", matchCriteriaId: "643E8B9B-C3F4-4171-BF67-D9359BDCE5CB", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.0.19:*:*:*:*:*:*:*", matchCriteriaId: "A73CBC60-1EF1-4730-9350-EB51F269695B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.1:*:*:*:*:*:*:*", matchCriteriaId: "2721E403-A553-492F-897F-1CD1E2685139", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.2:*:*:*:*:*:*:*", matchCriteriaId: "85B091C4-8104-4A1E-A09D-EBCD114DC829", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.3:*:*:*:*:*:*:*", matchCriteriaId: "FA2EDF9C-45AD-4980-8DEF-C7F473B22CAF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.4:*:*:*:*:*:*:*", matchCriteriaId: "BE4B8448-49FA-491C-A6A2-040233D670B1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.5:*:*:*:*:*:*:*", matchCriteriaId: "11480BB1-874C-48EB-BB03-081313310608", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.6:*:*:*:*:*:*:*", matchCriteriaId: "1B739890-99E8-434C-97D4-3739E6C31838", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.7:*:*:*:*:*:*:*", matchCriteriaId: "0C7B1871-3C85-4B88-AB42-E60BF5CDFB04", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.8:*:*:*:*:*:*:*", matchCriteriaId: "0A71DCD2-0E54-46A7-8309-CDB0736AD5C1", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.9:*:*:*:*:*:*:*", matchCriteriaId: "CD54BDDF-F7A8-4715-BA0E-4E7F741492FE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.10:*:*:*:*:*:*:*", matchCriteriaId: "9A2B9699-6622-4883-BA03-E3374C54871A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.11:*:*:*:*:*:*:*", matchCriteriaId: "78391DAF-2096-4DC4-80E4-D4D2859DCA32", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.12:*:*:*:*:*:*:*", matchCriteriaId: "9B062A06-31C1-4B23-B7BD-9F751ABD6A37", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.2.13:*:*:*:*:*:*:*", matchCriteriaId: "DE426934-A9E2-4019-99EA-5A76EA7CDF5C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0:*:*:*:*:*:*:*", matchCriteriaId: "728DD64E-C267-475A-BEA8-C139581DD7A7", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "4CE8F3F5-45A2-418A-9D8E-4E6DFC888BC6", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "7F4845D4-40D9-431E-A63C-E949B9D9F959", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.1:*:*:*:*:*:*:*", matchCriteriaId: "9EF070E6-0B73-4F6D-8932-B284697FCD2E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.2:*:*:*:*:*:*:*", matchCriteriaId: "6E07992B-92B4-4307-8DBD-085376C1D6DD", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.3:*:*:*:*:*:*:*", matchCriteriaId: "386550A3-A55B-4F24-9625-6A50260ADA72", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.4:*:*:*:*:*:*:*", matchCriteriaId: "810D1F9E-81E5-45F0-B62B-AB0A797FF8B0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.5:*:*:*:*:*:*:*", matchCriteriaId: "4673327A-1E50-47CC-AD83-6A3D2E687292", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.6:*:*:*:*:*:*:*", matchCriteriaId: "6624AF2D-9EF0-4597-B8B2-20D7A309EA6F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.7:*:*:*:*:*:*:*", matchCriteriaId: "E9F75D13-ED59-42A9-A662-AC77DBA20903", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.8:*:*:*:*:*:*:*", matchCriteriaId: "1D2DEDED-818C-42E4-821C-954CE7406DA8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.9:*:*:*:*:*:*:*", matchCriteriaId: "EEED0A2E-AA5D-4835-A7C6-499325A0EB32", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.10:*:*:*:*:*:*:*", matchCriteriaId: "BEDD0AF5-8252-4548-941B-26581393E918", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.11:*:*:*:*:*:*:*", matchCriteriaId: "3E939AD4-B8F3-4BC0-9948-3C92B88D2593", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.12:*:*:*:*:*:*:*", matchCriteriaId: "73CAD438-969B-4D2E-8A2F-9264AFAD9DE2", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.3.13:*:*:*:*:*:*:*", matchCriteriaId: "87259A2E-E132-45BA-8AC4-8CC50B1F659A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "1DD85E57-9A51-42DF-8BF7-E5701BAA64AE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.2:*:*:*:*:*:*:*", matchCriteriaId: "E983C5C3-C93C-4750-8DC5-31D6206335A8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DEC8D212-6E8B-45F7-B7FB-9FFA64C1DB8F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.1:*:*:*:*:*:*:*", matchCriteriaId: "F03B2A6E-1D63-42F2-BB31-18EC120B6543", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.2:*:*:*:*:*:*:*", matchCriteriaId: "3BC83C4B-7C06-40D7-9EF6-76E752E5724B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.3:*:*:*:*:*:*:*", matchCriteriaId: "5C1E1CC9-81A7-47D5-87AC-86703E257D29", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.4:*:*:*:*:*:*:*", matchCriteriaId: "D716D8C4-2089-4E61-9487-B2085B74B5BF", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.8:*:*:*:*:*:*:*", matchCriteriaId: "40507A48-FD3B-4309-B017-A1644C5C3520", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.9:*:*:*:*:*:*:*", matchCriteriaId: "0211EBCA-144F-4BDD-8F0C-E5F7BDF96E7A", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.10:*:*:*:*:*:*:*", matchCriteriaId: "7A52E699-6C08-4324-AD38-E8D40A02701F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.11:*:*:*:*:*:*:*", matchCriteriaId: "94C493CA-CBF0-4D15-8D1A-0E972E31F7A6", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.12:*:*:*:*:*:*:*", matchCriteriaId: "C398219E-503D-4DE5-85E8-5570536D6FB9", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.4.13:*:*:*:*:*:*:*", matchCriteriaId: "BBF91088-0BD3-48EB-8D19-C05F156D4A19", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.1:*:*:*:*:*:*:*", matchCriteriaId: "E0868B12-EDF9-42D9-BB43-15F623A3310B", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.2:*:*:*:*:*:*:*", matchCriteriaId: "F710949D-F0FE-43F4-ADB3-6EB679A70280", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DCB75144-2437-40A8-8CA3-A487B603F7DE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.0.4:*:*:*:*:*:*:*", matchCriteriaId: "6CED2CB3-BE78-4818-A6D7-847A1ACE74DC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.1:*:*:*:*:*:*:*", matchCriteriaId: "705D8320-A278-483A-AE47-802044CE685E", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.2:*:*:*:*:*:*:*", matchCriteriaId: "715634E1-F7BE-4106-BDA7-B7D147EEA800", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.3:*:*:*:*:*:*:*", matchCriteriaId: "21E9E155-FC6F-46E7-8BF7-65DF097409D3", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.4:*:*:*:*:*:*:*", matchCriteriaId: "CF72FA7A-E35D-4000-9DDA-71E55EA3A4D4", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.5:*:*:*:*:*:*:*", matchCriteriaId: "26A3F10F-938E-44D6-845D-B66EF9812C21", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.6:*:*:*:*:*:*:*", matchCriteriaId: "B1D82EEE-F65E-4657-B0F7-6CE33D219134", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.7:*:*:*:*:*:*:*", matchCriteriaId: "C9E6A845-B67C-4112-8240-9F61D6AF3B0D", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.8:*:*:*:*:*:*:*", matchCriteriaId: "4BEDD7E3-E263-4A09-9C11-3E008E01BC28", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.9:*:*:*:*:*:*:*", matchCriteriaId: "80E3FF16-A6CD-456C-B58A-381A75D8616C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.10:*:*:*:*:*:*:*", matchCriteriaId: "87D02AB2-AA26-4416-B689-02C5EEF2099C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.11:*:*:*:*:*:*:*", matchCriteriaId: "A134E1F1-AFCC-498B-8840-5884CF858769", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.12:*:*:*:*:*:*:*", matchCriteriaId: "D5F4E7D0-B6F4-476E-A011-55619E91A3B0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.13:*:*:*:*:*:*:*", matchCriteriaId: "95588755-27E8-4DB7-B865-A784D3638FE8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.14:*:*:*:*:*:*:*", matchCriteriaId: "2CD4DDBC-4243-459A-B43D-FF8F0AE0BA3C", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:3.5.15:*:*:*:*:*:*:*", matchCriteriaId: "0F90E11F-FC03-46D9-A9C4-A578196D59D8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "060FCBEA-DEAA-42FB-88C9-4B78136B172F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.2:*:*:*:*:*:*:*", matchCriteriaId: "74987102-8CA8-4120-B686-F18579A96A46", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DA7828AA-48B6-44CD-8507-345A4F0A25BC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.4:*:*:*:*:*:*:*", matchCriteriaId: "6640F25F-CC8B-4B05-A97A-2186BD0B5ED8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.5:*:*:*:*:*:*:*", matchCriteriaId: "A037F780-6FC9-4130-908F-B5434FA0C7DE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.6:*:*:*:*:*:*:*", matchCriteriaId: "1DDEB455-F082-44E4-8CEA-019C0084BF05", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.7:*:*:*:*:*:*:*", matchCriteriaId: "49555803-288E-4B0A-B12A-890E5E0AD05F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers.", }, { lang: "es", value: "Squid 3.x en versiones anteriores a 3.5.16 y 4.x en versiones anteriores a 4.0.8 no realiza adecuadamente la comprobación de límites, lo que permite a atacantes remotos provocar una denegación de servicio a través de una respuesta HTTP manipulada, relacionada con cabeceras Vary.", }, ], id: "CVE-2016-3948", lastModified: "2024-11-21T02:51:00.477", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-04-07T18:59:01.607", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { source: "cve@mitre.org", url: "http://rhn.redhat.com/errata/RHSA-2016-2600.html", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id/1035458", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_4.txt", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14016.patch", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/201607-01", }, { source: "cve@mitre.org", url: "https://usn.ubuntu.com/3557-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://rhn.redhat.com/errata/RHSA-2016-2600.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1035458", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_4.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14016.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/201607-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://usn.ubuntu.com/3557-1/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-04-07 18:59
Modified
2024-11-21 02:51
Severity ?
Summary
Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | 4.0.1 | |
| squid-cache | squid | 4.0.2 | |
| squid-cache | squid | 4.0.3 | |
| squid-cache | squid | 4.0.4 | |
| squid-cache | squid | 4.0.5 | |
| squid-cache | squid | 4.0.6 | |
| squid-cache | squid | 4.0.7 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.10 | |
| canonical | ubuntu_linux | 16.04 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "ADA9BDAD-E02B-497D-8793-BE99D3C5623F", versionEndIncluding: "3.5.15", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "060FCBEA-DEAA-42FB-88C9-4B78136B172F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.2:*:*:*:*:*:*:*", matchCriteriaId: "74987102-8CA8-4120-B686-F18579A96A46", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DA7828AA-48B6-44CD-8507-345A4F0A25BC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.4:*:*:*:*:*:*:*", matchCriteriaId: "6640F25F-CC8B-4B05-A97A-2186BD0B5ED8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.5:*:*:*:*:*:*:*", matchCriteriaId: "A037F780-6FC9-4130-908F-B5434FA0C7DE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.6:*:*:*:*:*:*:*", matchCriteriaId: "1DDEB455-F082-44E4-8CEA-019C0084BF05", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.7:*:*:*:*:*:*:*", matchCriteriaId: "49555803-288E-4B0A-B12A-890E5E0AD05F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", matchCriteriaId: "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", matchCriteriaId: "E88A537F-F4D0-46B9-9E37-965233C2A355", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 packet.", }, { lang: "es", value: "Desbordamiento de buffer basado en memoria dinámica en la función Icmp6::Recv en icmp/Icmp6.cc en la utilidad pinger en Squid en versiones anteriores a 3.5.16 y 4.x en versiones anteriores a 4.0.8 permite a servidores remotos provocar una denegación de servicio (degradación de rendimiento o fallos de transición) o escribir información sensible en archivos de registro a través de un paquete ICMPv6.", }, ], id: "CVE-2016-3947", lastModified: "2024-11-21T02:51:00.303", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 4.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-04-07T18:59:00.137", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id/1035457", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_3.txt", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10495.patch", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", "US Government Resource", ], url: "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11839.patch", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12694.patch", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13232.patch", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14015.patch", }, { source: "cve@mitre.org", url: "http://www.ubuntu.com/usn/USN-2995-1", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/201607-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1035457", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_3.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10495.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", "US Government Resource", ], url: "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11839.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12694.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13232.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14015.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2995-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/201607-01", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-23 15:15
Modified
2024-11-21 04:58
Severity ?
Summary
An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| opensuse | leap | 15.1 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.10 | |
| canonical | ubuntu_linux | 20.04 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "FC9F2659-B37B-4E7B-AE40-B91BF3CE4E88", versionEndIncluding: "3.5.28", versionStartIncluding: "3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "AEA4C698-1DD0-4229-A80A-2437D56AA38D", versionEndExcluding: "4.11", versionStartIncluding: "4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "665C9300-5D66-4653-84CB-F3C3500F9BBF", versionEndExcluding: "5.0.2", versionStartIncluding: "5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", matchCriteriaId: "902B8056-9E37-443B-8905-8AA93E2447FB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials).", }, { lang: "es", value: "Se detectó un problema en Squid versiones anteriores a 5.0.2. Un atacante remoto puede reproducir un nonce Digest Autenticación rastreado para conseguir acceso a recursos que de otra manera están restringidos. Esto ocurre porque el atacante puede desbordar el contador de referencia nonce (un entero corto). Una ejecución de código remota puede presentarse si las credenciales de token agrupadas son liberadas (en lugar de reproducirse como credenciales validas).", }, ], id: "CVE-2020-11945", lastModified: "2024-11-21T04:58:57.450", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-23T15:15:14.233", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://master.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2020/04/23/2", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1170313", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/commit/eeebf0f37a72a2de08348e85ae34b02c34e9a811", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/pull/585", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4FWQRYZJPHAZBLXJ56FPCHJN5X2FP3VA/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4MWXEZAJSOGRJSS2JCJK4WBSND4IV46/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RV2VZWFJNO3B56IVN56HHKJASG5DYUIX/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202005-05", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210304-0004/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4356-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4682", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://master.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2020/04/23/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1170313", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/commit/eeebf0f37a72a2de08348e85ae34b02c34e9a811", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/squid-cache/squid/pull/585", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4FWQRYZJPHAZBLXJ56FPCHJN5X2FP3VA/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4MWXEZAJSOGRJSS2JCJK4WBSND4IV46/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RV2VZWFJNO3B56IVN56HHKJASG5DYUIX/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202005-05", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210304-0004/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4356-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4682", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-02-04 20:15
Modified
2024-11-21 05:38
Severity ?
Summary
An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.10 | |
| opensuse | leap | 15.1 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "CCB84835-9A10-4970-8A4B-6467A2BD4FCB", versionEndExcluding: "4.10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", matchCriteriaId: "A31C8344-3E02-4EB8-8BD8-4C84B7959624", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", matchCriteriaId: "B620311B-34A3-48A6-82DF-6F078D7A4493", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.", }, { lang: "es", value: "Se detectó un problema en Squid versiones anteriores a 4.10. Debido a una comprobación de entrada incorrecta, puede interpretar las peticiones HTTP diseñadas de manera no prevista para acceder a recursos del servidor prohibidos por parte de los filtros de seguridad anteriores.", }, ], id: "CVE-2020-8449", lastModified: "2024-11-21T05:38:52.760", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-02-04T20:15:14.697", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2020_1.txt", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202003-34", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210304-0002/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4289-1/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4682", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2020_1.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202003-34", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20210304-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/4289-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2020/dsa-4682", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-668", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-05-10 19:59
Modified
2024-11-21 02:52
Severity ?
Summary
client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.10 | |
| canonical | ubuntu_linux | 16.04 | |
| squid-cache | squid | * | |
| squid-cache | squid | 4.0.1 | |
| squid-cache | squid | 4.0.2 | |
| squid-cache | squid | 4.0.3 | |
| squid-cache | squid | 4.0.4 | |
| squid-cache | squid | 4.0.5 | |
| squid-cache | squid | 4.0.6 | |
| squid-cache | squid | 4.0.7 | |
| squid-cache | squid | 4.0.8 | |
| squid-cache | squid | 4.0.9 | |
| oracle | linux | 7 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", matchCriteriaId: "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", matchCriteriaId: "E88A537F-F4D0-46B9-9E37-965233C2A355", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "C563F5CC-F4FB-4440-981E-EA2C003A639C", versionEndIncluding: "3.5.17", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:4.0.1:*:*:*:*:*:*:*", matchCriteriaId: "060FCBEA-DEAA-42FB-88C9-4B78136B172F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.2:*:*:*:*:*:*:*", matchCriteriaId: "74987102-8CA8-4120-B686-F18579A96A46", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.3:*:*:*:*:*:*:*", matchCriteriaId: "DA7828AA-48B6-44CD-8507-345A4F0A25BC", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.4:*:*:*:*:*:*:*", matchCriteriaId: "6640F25F-CC8B-4B05-A97A-2186BD0B5ED8", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.5:*:*:*:*:*:*:*", matchCriteriaId: "A037F780-6FC9-4130-908F-B5434FA0C7DE", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.6:*:*:*:*:*:*:*", matchCriteriaId: "1DDEB455-F082-44E4-8CEA-019C0084BF05", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.7:*:*:*:*:*:*:*", matchCriteriaId: "49555803-288E-4B0A-B12A-890E5E0AD05F", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.8:*:*:*:*:*:*:*", matchCriteriaId: "EBEE374C-365E-49DE-A9F9-6083044C774D", vulnerable: true, }, { criteria: "cpe:2.3:a:squid-cache:squid:4.0.9:*:*:*:*:*:*:*", matchCriteriaId: "1B6B2A8E-DD81-43CD-9F5B-E8F87498E513", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*", matchCriteriaId: "104DA87B-DEE4-4262-AE50-8E6BC43B228B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.", }, { lang: "es", value: "client_side.cc en Squid en versiones anteriores a 3.5.18 y 4.x en versiones anteriores a 4.0.10 no ignora correctamente la cabecera Host cuando se proporciona una URI absoluta, lo que permite a atacantes remotos llevar a cabo ataques de envenenamiento de caché a través de una petición HTTP.", }, ], id: "CVE-2016-4553", lastModified: "2024-11-21T02:52:27.950", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-05-10T19:59:00.137", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://bugs.squid-cache.org/show_bug.cgi?id=4501", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2016/dsa-3625", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.securitytracker.com/id/1035768", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_7.txt", }, { source: "cve@mitre.org", url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14039.patch", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2995-1", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2016:1139", }, { source: "cve@mitre.org", url: "https://access.redhat.com/errata/RHSA-2016:1140", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/201607-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://bugs.squid-cache.org/show_bug.cgi?id=4501", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2016/dsa-3625", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.securitytracker.com/id/1035768", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_7.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14039.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2995-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:1139", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://access.redhat.com/errata/RHSA-2016:1140", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/201607-01", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-345", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-11-03 08:15
Modified
2024-11-21 08:29
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 | |
| redhat | enterprise_linux_eus | 8.6 | |
| redhat | enterprise_linux_eus | 8.8 | |
| redhat | enterprise_linux_eus | 9.0 | |
| redhat | enterprise_linux_eus | 9.2 | |
| redhat | enterprise_linux_for_arm_64 | 8.0_aarch64 | |
| redhat | enterprise_linux_for_ibm_z_systems | 8.0_s390x | |
| redhat | enterprise_linux_for_power_little_endian | 8.0_ppc64le | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server_aus | 8.2 | |
| redhat | enterprise_linux_server_aus | 8.4 | |
| redhat | enterprise_linux_server_aus | 8.6 | |
| redhat | enterprise_linux_server_aus | 9.2 | |
| redhat | enterprise_linux_server_tus | 8.2 | |
| redhat | enterprise_linux_server_tus | 8.4 | |
| redhat | enterprise_linux_server_tus | 8.6 | |
| redhat | enterprise_linux_server_tus | 8.8 | |
| redhat | enterprise_linux_server_tus | 9.2 | |
| redhat | enterprise_linux_workstation | 7.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "A7AD85A7-770C-4526-8AD4-D06C802692D4", versionEndExcluding: "6.4", versionStartIncluding: "3.2.0.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "6C3741B8-851F-475D-B428-523F4F722350", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "62C31522-0A17-4025-B269-855C7F4B45C2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*", matchCriteriaId: "4DDA3E5A-8754-4C48-9A27-E2415F8A6000", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "3C74F6FA-FA6C-4648-9079-91446E45EE47", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*", matchCriteriaId: "5A47EF78-A5B6-4B89-8B74-EEB0647C549F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*", matchCriteriaId: "32AF225E-94C0-4D07-900C-DD868C05F554", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*", matchCriteriaId: "23D471AC-7DCA-4425-AD91-E5D928753A8C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", matchCriteriaId: "51EF4996-72F4-4FA4-814F-F5991E7A8318", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "6897676D-53F9-45B3-B27F-7FF9A4C58D33", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "E28F226A-CBC7-4A32-BE58-398FA5B42481", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "76C24D94-834A-4E9D-8F73-624AFA99AAA2", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "F32CA554-F9D7-425B-8F1C-89678507F28C", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", matchCriteriaId: "B09ACF2D-D83F-4A86-8185-9569605D8EE1", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", matchCriteriaId: "AC10D919-57FD-4725-B8D2-39ECB476902F", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", matchCriteriaId: "1272DF03-7674-4BD4-8E64-94004B195448", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*", matchCriteriaId: "F1CA946D-1665-4874-9D41-C7D963DD1F56", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:9.2:*:*:*:*:*:*:*", matchCriteriaId: "647A34CD-AB8C-44DD-8FD7-03315633FF1B", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", matchCriteriaId: "825ECE2D-E232-46E0-A047-074B34DB1E97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.", }, { lang: "es", value: "Squid es vulnerable a una Denegación de Servicio, donde un atacante remoto puede realizar un ataque de desbordamiento de búfer escribiendo hasta 2 MB de datos arbitrarios en la memoria acumulada cuando Squid está configurado para aceptar la autenticación implícita HTTP.", }, ], id: "CVE-2023-46847", lastModified: "2024-11-21T08:29:25.000", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4.7, source: "secalert@redhat.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-11-03T08:15:08.023", references: [ { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6266", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6267", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6268", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6748", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6801", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6803", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6804", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6805", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6810", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6882", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6884", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7213", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7576", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7578", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-46847", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2245916", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6266", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6267", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6268", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6748", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6801", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6803", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6804", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6805", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6810", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6882", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:6884", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7213", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7576", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/errata/RHSA-2023:7578", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://access.redhat.com/security/cve/CVE-2023-46847", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2245916", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20231130-0002/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "secalert@redhat.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-120", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-03-06 19:15
Modified
2025-02-26 17:49
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending a crafted, chunked, encoded HTTP Message. This bug is fixed in Squid version 6.8. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. There is no workaround for this issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| fedoraproject | fedora | 38 | |
| fedoraproject | fedora | 39 | |
| netapp | bluexp | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", matchCriteriaId: "E44262DC-034E-4721-A653-BA7178370A68", versionEndExcluding: "6.8", versionStartIncluding: "3.5.27", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", matchCriteriaId: "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", matchCriteriaId: "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:bluexp:-:*:*:*:*:*:*:*", matchCriteriaId: "FC1AE8BD-EE3F-494C-9F03-D4B2B7233106", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending a crafted, chunked, encoded HTTP Message. This bug is fixed in Squid version 6.8. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. There is no workaround for this issue.", }, { lang: "es", value: "Squid es un caché de proxy web. A partir de la versión 3.5.27 y antes de la versión 6.8, Squid puede ser vulnerable a un ataque de denegación de servicio contra el decodificador HTTP fragmentado debido a un error de recursividad no controlado. Este problema permite a un atacante remoto provocar una denegación de servicio al enviar un mensaje HTTP codificado, fragmentado y manipulado. Este error se solucionó en la versión 6.8 de Squid. Además, los parches que solucionan este problema para las versiones estables se pueden encontrar en los archivos de parches de Squid. No hay workaround para este problema.", }, ], id: "CVE-2024-25111", lastModified: "2025-02-26T17:49:12.063", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-03-06T19:15:07.510", references: [ { source: "security-advisories@github.com", tags: [ "Mailing List", "Patch", ], url: "http://www.squid-cache.org/Versions/v6/SQUID-2024_1.patch", }, { source: "security-advisories@github.com", tags: [ "Vendor Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-72c2-c3wm-8qxc", }, { source: "security-advisories@github.com", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7R4KPSO3MQT3KAOZV7LC2GG3CYMCGK7H/", }, { source: "security-advisories@github.com", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWQHRDRHDM5PQTU6BHH4C5KGL37X6TVI/", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20240605-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", ], url: "http://www.squid-cache.org/Versions/v6/SQUID-2024_1.patch", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-72c2-c3wm-8qxc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7R4KPSO3MQT3KAOZV7LC2GG3CYMCGK7H/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWQHRDRHDM5PQTU6BHH4C5KGL37X6TVI/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20240605-0001/", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-674", }, ], source: "security-advisories@github.com", type: "Secondary", }, ], }
cve-2023-5824
Vulnerability from cvelistv5
Published
2023-11-03 07:56
Modified
2024-11-23 03:19
Severity ?
EPSS score ?
Summary
A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk cache, resulting in a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2023:7465 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2023:7668 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:0072 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:0397 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:0771 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:0772 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:0773 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1153 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2023-5824 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2245914 | issue-tracking, x_refsource_REDHAT | |
| https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255 |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 8090020231130092412.a75119d5 < * cpe:/a:redhat:enterprise_linux:8::appstream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T08:14:24.068Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2023:7465", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7465", }, { name: "RHSA-2023:7668", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7668", }, { name: "RHSA-2024:0072", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:0072", }, { name: "RHSA-2024:0397", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:0397", }, { name: "RHSA-2024:0771", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:0771", }, { name: "RHSA-2024:0772", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:0772", }, { name: "RHSA-2024:0773", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:0773", }, { name: "RHSA-2024:1153", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1153", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2023-5824", }, { name: "RHBZ#2245914", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2245914", }, { tags: [ "x_transferred", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20231130-0003/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "squid:4", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8090020231130092412.a75119d5", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.2::appstream", "cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", ], defaultStatus: "affected", packageName: "squid:4", product: "Red Hat Enterprise Linux 8.2 Advanced Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8020020240122164331.4cda2c84", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.2::appstream", "cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", ], defaultStatus: "affected", packageName: "squid:4", product: "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8020020240122164331.4cda2c84", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.2::appstream", "cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", ], defaultStatus: "affected", packageName: "squid:4", product: "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8020020240122164331.4cda2c84", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", ], defaultStatus: "affected", packageName: "squid:4", product: "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8040020240122165847.522a0ee4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", ], defaultStatus: "affected", packageName: "squid:4", product: "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8040020240122165847.522a0ee4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", ], defaultStatus: "affected", packageName: "squid:4", product: "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8040020240122165847.522a0ee4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.6::appstream", ], defaultStatus: "affected", packageName: "squid:4", product: "Red Hat Enterprise Linux 8.6 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8060020231222131040.ad008a3a", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.8::appstream", ], defaultStatus: "affected", packageName: "squid:4", product: "Red Hat Enterprise Linux 8.8 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8080020231222130009.63b34585", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "squid", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "7:5.5-6.el9_3.2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.0::appstream", ], defaultStatus: "affected", packageName: "squid", product: "Red Hat Enterprise Linux 9.0 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "7:5.2-1.el9_0.4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.2::appstream", ], defaultStatus: "affected", packageName: "squid", product: "Red Hat Enterprise Linux 9.2 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "7:5.5-5.el9_2.3", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "affected", packageName: "squid", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "affected", packageName: "squid", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, ], datePublic: "2023-10-19T00:00:00+00:00", descriptions: [ { lang: "en", value: "A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk cache, resulting in a denial of service.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Important", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-755", description: "Improper Handling of Exceptional Conditions", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-23T03:19:19.791Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2023:7465", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7465", }, { name: "RHSA-2023:7668", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7668", }, { name: "RHSA-2024:0072", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:0072", }, { name: "RHSA-2024:0397", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:0397", }, { name: "RHSA-2024:0771", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:0771", }, { name: "RHSA-2024:0772", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:0772", }, { name: "RHSA-2024:0773", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:0773", }, { name: "RHSA-2024:1153", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1153", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2023-5824", }, { name: "RHBZ#2245914", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2245914", }, { url: "https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255", }, ], timeline: [ { lang: "en", time: "2023-10-24T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2023-10-19T00:00:00+00:00", value: "Made public.", }, ], title: "Squid: dos against http and https", workarounds: [ { lang: "en", value: "Disabling the disk caching mechanism will mitigate this vulnerability. To achieve this, remove all the 'cache_dir' directives from the Squid configuration, typically in the /etc/squid/squid.conf file.", }, ], x_redhatCweChain: "CWE-755: Improper Handling of Exceptional Conditions", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2023-5824", datePublished: "2023-11-03T07:56:36.369Z", dateReserved: "2023-10-27T09:37:47.593Z", dateUpdated: "2024-11-23T03:19:19.791Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2010-2951
Vulnerability from cvelistv5
Published
2010-10-12 20:00
Modified
2024-08-07 02:55
Severity ?
EPSS score ?
Summary
dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not enabled, accesses an invalid socket during an IPv4 TCP DNS query, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors that trigger an IPv4 DNS response with the TC bit set.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2010/08/25/6 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2010/08/24/7 | mailing-list, x_refsource_MLIST | |
| http://bugs.squid-cache.org/show_bug.cgi?id=3009 | x_refsource_CONFIRM | |
| http://marc.info/?l=squid-users&m=128263555724981&w=2 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=626927 | x_refsource_CONFIRM | |
| http://bugs.squid-cache.org/show_bug.cgi?id=3021 | x_refsource_CONFIRM | |
| http://bazaar.launchpad.net/~squid/squid/3.1/revision/10072 | x_refsource_CONFIRM | |
| http://bugs.gentoo.org/show_bug.cgi?id=334263 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2010/08/24/6 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2010/08/25/2 | mailing-list, x_refsource_MLIST | |
| http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10072.patch | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T02:55:45.461Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[oss-security] 20100825 Re: CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2010/08/25/6", }, { name: "[oss-security] 20100825 Re: CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2010/08/24/7", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugs.squid-cache.org/show_bug.cgi?id=3009", }, { name: "[squid-users] 20100824 Squid 3.1.7 is available", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://marc.info/?l=squid-users&m=128263555724981&w=2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=626927", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugs.squid-cache.org/show_bug.cgi?id=3021", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bazaar.launchpad.net/~squid/squid/3.1/revision/10072", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugs.gentoo.org/show_bug.cgi?id=334263", }, { name: "[oss-security] 20100824 CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2010/08/24/6", }, { name: "[oss-security] 20100825 Re: CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2010/08/25/2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10072.patch", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not enabled, accesses an invalid socket during an IPv4 TCP DNS query, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors that trigger an IPv4 DNS response with the TC bit set.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2010-10-12T20:00:00Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "[oss-security] 20100825 Re: CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2010/08/25/6", }, { name: "[oss-security] 20100825 Re: CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2010/08/24/7", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugs.squid-cache.org/show_bug.cgi?id=3009", }, { name: "[squid-users] 20100824 Squid 3.1.7 is available", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://marc.info/?l=squid-users&m=128263555724981&w=2", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=626927", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugs.squid-cache.org/show_bug.cgi?id=3021", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bazaar.launchpad.net/~squid/squid/3.1/revision/10072", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugs.gentoo.org/show_bug.cgi?id=334263", }, { name: "[oss-security] 20100824 CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2010/08/24/6", }, { name: "[oss-security] 20100825 Re: CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2010/08/25/2", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10072.patch", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2010-2951", datePublished: "2010-10-12T20:00:00Z", dateReserved: "2010-08-04T00:00:00Z", dateUpdated: "2024-08-07T02:55:45.461Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-1000024
Vulnerability from cvelistv5
Published
2018-02-09 23:00
Modified
2024-08-05 12:33
Severity ?
EPSS score ?
Summary
The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax.. This vulnerability appears to have been fixed in 4.0.23 and later.
References
| ▼ | URL | Tags |
|---|---|---|
| https://usn.ubuntu.com/3557-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://www.debian.org/security/2018/dsa-4122 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.squid-cache.org/Versions/ | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2018/02/msg00001.html | mailing-list, x_refsource_MLIST | |
| http://www.squid-cache.org/Advisories/SQUID-2018_1.txt | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/4059-2/ | vendor-advisory, x_refsource_UBUNTU |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:33:48.901Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "USN-3557-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3557-1/", }, { name: "DSA-4122", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2018/dsa-4122", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/Versions/", }, { name: "[debian-lts-announce] 20180202 [SECURITY] [DLA 1266-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/02/msg00001.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Advisories/SQUID-2018_1.txt", }, { name: "USN-4059-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4059-2/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], dateAssigned: "2018-01-15T00:00:00", datePublic: "2018-01-19T00:00:00", descriptions: [ { lang: "en", value: "The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax.. This vulnerability appears to have been fixed in 4.0.23 and later.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-07-17T15:06:10", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "USN-3557-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3557-1/", }, { name: "DSA-4122", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2018/dsa-4122", }, { tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/Versions/", }, { name: "[debian-lts-announce] 20180202 [SECURITY] [DLA 1266-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/02/msg00001.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Advisories/SQUID-2018_1.txt", }, { name: "USN-4059-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4059-2/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", DATE_ASSIGNED: "1/15/2018 4:39:34", ID: "CVE-2018-1000024", REQUESTER: "squid3@treenet.co.nz", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax.. This vulnerability appears to have been fixed in 4.0.23 and later.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "USN-3557-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3557-1/", }, { name: "DSA-4122", refsource: "DEBIAN", url: "https://www.debian.org/security/2018/dsa-4122", }, { name: "http://www.squid-cache.org/Versions/", refsource: "MISC", url: "http://www.squid-cache.org/Versions/", }, { name: "[debian-lts-announce] 20180202 [SECURITY] [DLA 1266-1] squid3 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/02/msg00001.html", }, { name: "http://www.squid-cache.org/Advisories/SQUID-2018_1.txt", refsource: "CONFIRM", url: "http://www.squid-cache.org/Advisories/SQUID-2018_1.txt", }, { name: "USN-4059-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4059-2/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-1000024", datePublished: "2018-02-09T23:00:00", dateReserved: "2018-01-29T00:00:00", dateUpdated: "2024-08-05T12:33:48.901Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-12526
Vulnerability from cvelistv5
Published
2019-11-26 16:41
Modified
2024-08-04 23:24
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-based buffer overflow. When receiving data from a remote server in response to an URN request, Squid fails to ensure that the response can fit within the buffer. This leads to attacker controlled data overflowing in the heap.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1156326 | x_refsource_CONFIRM | |
| http://www.squid-cache.org/Advisories/SQUID-2019_7.txt | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/4213-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/202003-34 | vendor-advisory, x_refsource_GENTOO | |
| https://www.debian.org/security/2020/dsa-4682 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:24:38.860Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1156326", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Advisories/SQUID-2019_7.txt", }, { name: "USN-4213-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4213-1/", }, { name: "FEDORA-2019-0b16cbdd0e", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/", }, { name: "FEDORA-2019-9538783033", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/", }, { name: "[debian-lts-announce] 20191210 [SECURITY] [DLA 2028-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html", }, { name: "GLSA-202003-34", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202003-34", }, { name: "DSA-4682", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4682", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-based buffer overflow. When receiving data from a remote server in response to an URN request, Squid fails to ensure that the response can fit within the buffer. This leads to attacker controlled data overflowing in the heap.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-10T23:06:20", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1156326", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Advisories/SQUID-2019_7.txt", }, { name: "USN-4213-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4213-1/", }, { name: "FEDORA-2019-0b16cbdd0e", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/", }, { name: "FEDORA-2019-9538783033", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/", }, { name: "[debian-lts-announce] 20191210 [SECURITY] [DLA 2028-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html", }, { name: "GLSA-202003-34", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202003-34", }, { name: "DSA-4682", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4682", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-12526", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-based buffer overflow. When receiving data from a remote server in response to an URN request, Squid fails to ensure that the response can fit within the buffer. This leads to attacker controlled data overflowing in the heap.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.suse.com/show_bug.cgi?id=1156326", refsource: "CONFIRM", url: "https://bugzilla.suse.com/show_bug.cgi?id=1156326", }, { name: "http://www.squid-cache.org/Advisories/SQUID-2019_7.txt", refsource: "CONFIRM", url: "http://www.squid-cache.org/Advisories/SQUID-2019_7.txt", }, { name: "USN-4213-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4213-1/", }, { name: "FEDORA-2019-0b16cbdd0e", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/", }, { name: "FEDORA-2019-9538783033", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/", }, { name: "[debian-lts-announce] 20191210 [SECURITY] [DLA 2028-1] squid3 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html", }, { name: "GLSA-202003-34", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202003-34", }, { name: "DSA-4682", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4682", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-12526", datePublished: "2019-11-26T16:41:57", dateReserved: "2019-06-02T00:00:00", dateUpdated: "2024-08-04T23:24:38.860Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-9749
Vulnerability from cvelistv5
Published
2015-11-06 21:00
Modified
2024-08-06 13:55
Severity ?
EPSS score ?
Summary
Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2015/10/01/1 | mailing-list, x_refsource_MLIST | |
| http://bugs.squid-cache.org/show_bug.cgi?id=4066 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2015/10/11/4 | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-updates/2015-10/msg00052.html | vendor-advisory, x_refsource_SUSE | |
| http://www.openwall.com/lists/oss-security/2015/10/12/2 | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T13:55:04.368Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[oss-security] 20151001 CVE Request: squid: Nonce replay vulnerability in Digest authentication", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2015/10/01/1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugs.squid-cache.org/show_bug.cgi?id=4066", }, { name: "[oss-security] 20151011 Re: CVE Request: squid: Nonce replay vulnerability in Digest authentication", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2015/10/11/4", }, { name: "openSUSE-SU-2015:1835", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2015-10/msg00052.html", }, { name: "[oss-security] 20151012 Re: Re: CVE Request: squid: Nonce replay vulnerability in Digest authentication", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2015/10/12/2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-10-01T00:00:00", descriptions: [ { lang: "en", value: "Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka \"Nonce replay vulnerability.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2015-11-06T20:57:02", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "[oss-security] 20151001 CVE Request: squid: Nonce replay vulnerability in Digest authentication", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2015/10/01/1", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugs.squid-cache.org/show_bug.cgi?id=4066", }, { name: "[oss-security] 20151011 Re: CVE Request: squid: Nonce replay vulnerability in Digest authentication", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2015/10/11/4", }, { name: "openSUSE-SU-2015:1835", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2015-10/msg00052.html", }, { name: "[oss-security] 20151012 Re: Re: CVE Request: squid: Nonce replay vulnerability in Digest authentication", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2015/10/12/2", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2014-9749", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka \"Nonce replay vulnerability.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "[oss-security] 20151001 CVE Request: squid: Nonce replay vulnerability in Digest authentication", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2015/10/01/1", }, { name: "http://bugs.squid-cache.org/show_bug.cgi?id=4066", refsource: "CONFIRM", url: "http://bugs.squid-cache.org/show_bug.cgi?id=4066", }, { name: "[oss-security] 20151011 Re: CVE Request: squid: Nonce replay vulnerability in Digest authentication", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2015/10/11/4", }, { name: "openSUSE-SU-2015:1835", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2015-10/msg00052.html", }, { name: "[oss-security] 20151012 Re: Re: CVE Request: squid: Nonce replay vulnerability in Digest authentication", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2015/10/12/2", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2014-9749", datePublished: "2015-11-06T21:00:00", dateReserved: "2015-10-04T00:00:00", dateUpdated: "2024-08-06T13:55:04.368Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-12520
Vulnerability from cvelistv5
Published
2020-04-15 19:14
Modified
2024-08-04 23:24
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers the request. The absolute URL can include the decoded UserInfo (username and password) for certain protocols. This decoded info is prepended to the domain. This allows an attacker to provide a username that has special characters to delimit the domain, and treat the rest of the URL as a path or query string. An attacker could first make a request to their domain using an encoded username, then when a request for the target domain comes in that decodes to the exact URL, it will serve the attacker's HTML instead of the real HTML. On Squid servers that also act as reverse proxies, this allows an attacker to gain access to features that only reverse proxies can use, such as ESI.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.squid-cache.org/Versions/v4/ | x_refsource_MISC | |
| http://www.squid-cache.org/Versions/v4/changesets/ | x_refsource_MISC | |
| https://github.com/squid-cache/squid/commits/v4 | x_refsource_MISC | |
| https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12520.txt | x_refsource_MISC | |
| https://www.debian.org/security/2020/dsa-4682 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html | mailing-list, x_refsource_MLIST | |
| https://usn.ubuntu.com/4446-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://security.netapp.com/advisory/ntap-20210205-0006/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:24:38.487Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v4/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v4/changesets/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/squid-cache/squid/commits/v4", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12520.txt", }, { name: "DSA-4682", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4682", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { name: "USN-4446-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4446-1/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210205-0006/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers the request. The absolute URL can include the decoded UserInfo (username and password) for certain protocols. This decoded info is prepended to the domain. This allows an attacker to provide a username that has special characters to delimit the domain, and treat the rest of the URL as a path or query string. An attacker could first make a request to their domain using an encoded username, then when a request for the target domain comes in that decodes to the exact URL, it will serve the attacker's HTML instead of the real HTML. On Squid servers that also act as reverse proxies, this allows an attacker to gain access to features that only reverse proxies can use, such as ESI.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-02-05T11:06:17", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/Versions/v4/", }, { tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/Versions/v4/changesets/", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/squid-cache/squid/commits/v4", }, { tags: [ "x_refsource_MISC", ], url: "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12520.txt", }, { name: "DSA-4682", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4682", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { name: "USN-4446-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4446-1/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210205-0006/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-12520", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers the request. The absolute URL can include the decoded UserInfo (username and password) for certain protocols. This decoded info is prepended to the domain. This allows an attacker to provide a username that has special characters to delimit the domain, and treat the rest of the URL as a path or query string. An attacker could first make a request to their domain using an encoded username, then when a request for the target domain comes in that decodes to the exact URL, it will serve the attacker's HTML instead of the real HTML. On Squid servers that also act as reverse proxies, this allows an attacker to gain access to features that only reverse proxies can use, such as ESI.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.squid-cache.org/Versions/v4/", refsource: "MISC", url: "http://www.squid-cache.org/Versions/v4/", }, { name: "http://www.squid-cache.org/Versions/v4/changesets/", refsource: "MISC", url: "http://www.squid-cache.org/Versions/v4/changesets/", }, { name: "https://github.com/squid-cache/squid/commits/v4", refsource: "MISC", url: "https://github.com/squid-cache/squid/commits/v4", }, { name: "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12520.txt", refsource: "MISC", url: "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12520.txt", }, { name: "DSA-4682", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4682", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { name: "USN-4446-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4446-1/", }, { name: "https://security.netapp.com/advisory/ntap-20210205-0006/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210205-0006/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-12520", datePublished: "2020-04-15T19:14:25", dateReserved: "2019-06-02T00:00:00", dateUpdated: "2024-08-04T23:24:38.487Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-4054
Vulnerability from cvelistv5
Published
2016-04-25 14:00
Modified
2024-08-06 00:17
Severity ?
EPSS score ?
Summary
Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:17:30.010Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_6.txt", }, { name: "GLSA-201607-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201607-01", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { name: "SUSE-SU-2016:1996", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { name: "[oss-security] 20160421 CVE Request: Squid HTTP Caching Proxy multiple issues", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/04/20/6", }, { name: "USN-2995-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2995-1", }, { name: "RHSA-2016:1140", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:1140", }, { name: "openSUSE-SU-2016:2081", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { name: "RHSA-2016:1138", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:1138", }, { name: "RHSA-2016:1139", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:1139", }, { name: "SUSE-SU-2016:2089", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "[oss-security] 20160420 Re: CVE Request: Squid HTTP Caching Proxy multiple issues", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/04/20/9", }, { name: "1035647", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035647", }, { name: "DSA-3625", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3625", }, { name: "86788", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/86788", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-04-20T00:00:00", descriptions: [ { lang: "en", value: "Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-28T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_6.txt", }, { name: "GLSA-201607-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201607-01", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { name: "SUSE-SU-2016:1996", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { name: "[oss-security] 20160421 CVE Request: Squid HTTP Caching Proxy multiple issues", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/04/20/6", }, { name: "USN-2995-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2995-1", }, { name: "RHSA-2016:1140", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:1140", }, { name: "openSUSE-SU-2016:2081", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { name: "RHSA-2016:1138", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:1138", }, { name: "RHSA-2016:1139", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:1139", }, { name: "SUSE-SU-2016:2089", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "[oss-security] 20160420 Re: CVE Request: Squid HTTP Caching Proxy multiple issues", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/04/20/9", }, { name: "1035647", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035647", }, { name: "DSA-3625", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3625", }, { name: "86788", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/86788", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-4054", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.squid-cache.org/Advisories/SQUID-2016_6.txt", refsource: "CONFIRM", url: "http://www.squid-cache.org/Advisories/SQUID-2016_6.txt", }, { name: "GLSA-201607-01", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201607-01", }, { name: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { name: "SUSE-SU-2016:1996", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { name: "[oss-security] 20160421 CVE Request: Squid HTTP Caching Proxy multiple issues", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/04/20/6", }, { name: "USN-2995-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2995-1", }, { name: "RHSA-2016:1140", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:1140", }, { name: "openSUSE-SU-2016:2081", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { name: "RHSA-2016:1138", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:1138", }, { name: "RHSA-2016:1139", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:1139", }, { name: "SUSE-SU-2016:2089", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "[oss-security] 20160420 Re: CVE Request: Squid HTTP Caching Proxy multiple issues", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/04/20/9", }, { name: "1035647", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035647", }, { name: "DSA-3625", refsource: "DEBIAN", url: "http://www.debian.org/security/2016/dsa-3625", }, { name: "86788", refsource: "BID", url: "http://www.securityfocus.com/bid/86788", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-4054", datePublished: "2016-04-25T14:00:00", dateReserved: "2016-04-20T00:00:00", dateUpdated: "2024-08-06T00:17:30.010Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2009-2622
Vulnerability from cvelistv5
Published
2009-07-28 17:00
Modified
2024-08-07 05:59
Severity ?
EPSS score ?
Summary
Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) "missing or mismatched protocol identifier," (2) missing or negative status value," (3) "missing version," or (4) "missing or invalid status number," related to (a) HttpMsg.cc and (b) HttpReply.cc.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1022607 | vdb-entry, x_refsource_SECTRACK | |
| http://www.squid-cache.org/Versions/v3/3.1/changesets/b9661.patch | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/35812 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2009/2013 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/36007 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.squid-cache.org/Advisories/SQUID-2009_2.txt | x_refsource_CONFIRM | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2009:161 | vendor-advisory, x_refsource_MANDRIVA | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2009:178 | vendor-advisory, x_refsource_MANDRIVA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T05:59:56.150Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1022607", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1022607", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/b9661.patch", }, { name: "35812", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/35812", }, { name: "ADV-2009-2013", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2009/2013", }, { name: "36007", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/36007", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Advisories/SQUID-2009_2.txt", }, { name: "MDVSA-2009:161", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:161", }, { name: "MDVSA-2009:178", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:178", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2009-07-27T00:00:00", descriptions: [ { lang: "en", value: "Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) \"missing or mismatched protocol identifier,\" (2) missing or negative status value,\" (3) \"missing version,\" or (4) \"missing or invalid status number,\" related to (a) HttpMsg.cc and (b) HttpReply.cc.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2009-08-07T09:00:00", orgId: "37e5125f-f79b-445b-8fad-9564f167944b", shortName: "certcc", }, references: [ { name: "1022607", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1022607", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/b9661.patch", }, { name: "35812", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/35812", }, { name: "ADV-2009-2013", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2009/2013", }, { name: "36007", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/36007", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Advisories/SQUID-2009_2.txt", }, { name: "MDVSA-2009:161", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:161", }, { name: "MDVSA-2009:178", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:178", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cert@cert.org", ID: "CVE-2009-2622", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) \"missing or mismatched protocol identifier,\" (2) missing or negative status value,\" (3) \"missing version,\" or (4) \"missing or invalid status number,\" related to (a) HttpMsg.cc and (b) HttpReply.cc.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1022607", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1022607", }, { name: "http://www.squid-cache.org/Versions/v3/3.1/changesets/b9661.patch", refsource: "CONFIRM", url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/b9661.patch", }, { name: "35812", refsource: "BID", url: "http://www.securityfocus.com/bid/35812", }, { name: "ADV-2009-2013", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2009/2013", }, { name: "36007", refsource: "SECUNIA", url: "http://secunia.com/advisories/36007", }, { name: "http://www.squid-cache.org/Advisories/SQUID-2009_2.txt", refsource: "CONFIRM", url: "http://www.squid-cache.org/Advisories/SQUID-2009_2.txt", }, { name: "MDVSA-2009:161", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:161", }, { name: "MDVSA-2009:178", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:178", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "37e5125f-f79b-445b-8fad-9564f167944b", assignerShortName: "certcc", cveId: "CVE-2009-2622", datePublished: "2009-07-28T17:00:00", dateReserved: "2009-07-28T00:00:00", dateUpdated: "2024-08-07T05:59:56.150Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41318
Vulnerability from cvelistv5
Published
2022-12-25 00:00
Modified
2024-08-03 12:42
Severity ?
EPSS score ?
Summary
A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a client. This is fixed in 5.7.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:42:44.884Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-394c-rr7q-6g78", }, { tags: [ "x_transferred", ], url: "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_2.patch", }, { tags: [ "x_transferred", ], url: "http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_2.patch", }, { tags: [ "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2022/09/23/2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a client. This is fixed in 5.7.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-25T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/squid-cache/squid/security/advisories/GHSA-394c-rr7q-6g78", }, { url: "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_2.patch", }, { url: "http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_2.patch", }, { url: "https://www.openwall.com/lists/oss-security/2022/09/23/2", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-41318", datePublished: "2022-12-25T00:00:00", dateReserved: "2022-09-23T00:00:00", dateUpdated: "2024-08-03T12:42:44.884Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-46846
Vulnerability from cvelistv5
Published
2023-11-03 07:33
Modified
2025-01-27 07:40
Severity ?
EPSS score ?
Summary
SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 2.6 ≤ |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:53:21.849Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2023:6266", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6266", }, { name: "RHSA-2023:6267", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6267", }, { name: "RHSA-2023:6268", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6268", }, { name: "RHSA-2023:6748", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6748", }, { name: "RHSA-2023:6801", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6801", }, { name: "RHSA-2023:6803", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6803", }, { name: "RHSA-2023:6804", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6804", }, { name: "RHSA-2023:6810", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6810", }, { name: "RHSA-2023:7213", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7213", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2023-46846", }, { name: "RHBZ#2245910", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2245910", }, { tags: [ "x_transferred", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-j83v-w3p4-5cqh", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00008.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20231130-0002/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-46846", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2023-12-19T21:18:15.819621Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-03T14:31:21.611Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://github.com/squid-cache/squid", defaultStatus: "unaffected", packageName: "squid", versions: [ { lessThan: "6.4", status: "affected", version: "2.6", versionType: "semver", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_els:7", ], defaultStatus: "affected", packageName: "squid", product: "Red Hat Enterprise Linux 7 Extended Lifecycle Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "7:3.5.20-17.el7_9.13", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "squid:4", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8080020231030214932.63b34585", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "squid:4", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8090020231030224841.a75119d5", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.1::appstream", ], defaultStatus: "affected", packageName: "squid:4", product: "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8010020231101141358.c27ad7f8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream", "cpe:/a:redhat:rhel_e4s:8.2::appstream", ], defaultStatus: "affected", packageName: "squid:4", product: "Red Hat Enterprise Linux 8.2 Advanced Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8020020231101135052.4cda2c84", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream", "cpe:/a:redhat:rhel_e4s:8.2::appstream", ], defaultStatus: "affected", packageName: "squid:4", product: "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8020020231101135052.4cda2c84", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream", "cpe:/a:redhat:rhel_e4s:8.2::appstream", ], defaultStatus: "affected", packageName: "squid:4", product: "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8020020231101135052.4cda2c84", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", ], defaultStatus: "affected", packageName: "squid:4", product: "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8040020231101101624.522a0ee4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", ], defaultStatus: "affected", packageName: "squid:4", product: "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8040020231101101624.522a0ee4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", ], defaultStatus: "affected", packageName: "squid:4", product: "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8040020231101101624.522a0ee4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.6::appstream", ], defaultStatus: "affected", packageName: "squid:4", product: "Red Hat Enterprise Linux 8.6 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8060020231031165747.ad008a3a", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "squid", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "7:5.5-5.el9_2.1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "squid", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "7:5.5-6.el9_3.1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.0::appstream", ], defaultStatus: "affected", packageName: "squid", product: "Red Hat Enterprise Linux 9.0 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "7:5.2-1.el9_0.3", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "affected", packageName: "squid", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "affected", packageName: "squid34", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, ], datePublic: "2023-10-19T00:00:00.000Z", descriptions: [ { lang: "en", value: "SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Important", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.3, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-444", description: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-27T07:40:08.286Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2023:6266", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6266", }, { name: "RHSA-2023:6267", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6267", }, { name: "RHSA-2023:6268", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6268", }, { name: "RHSA-2023:6748", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6748", }, { name: "RHSA-2023:6801", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6801", }, { name: "RHSA-2023:6803", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6803", }, { name: "RHSA-2023:6804", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6804", }, { name: "RHSA-2023:6810", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6810", }, { name: "RHSA-2023:7213", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7213", }, { name: "RHSA-2024:11049", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:11049", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2023-46846", }, { name: "RHBZ#2245910", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2245910", }, { url: "https://github.com/squid-cache/squid/security/advisories/GHSA-j83v-w3p4-5cqh", }, ], timeline: [ { lang: "en", time: "2023-10-24T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2023-10-19T00:00:00+00:00", value: "Made public.", }, ], title: "Squid: request/response smuggling in http/1.1 and icap", x_redhatCweChain: "CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2023-46846", datePublished: "2023-11-03T07:33:16.184Z", dateReserved: "2023-10-27T08:36:38.158Z", dateUpdated: "2025-01-27T07:40:08.286Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-12854
Vulnerability from cvelistv5
Published
2019-08-15 16:15
Modified
2024-08-04 23:32
Severity ?
EPSS score ?
Summary
Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.squid-cache.org/Advisories/SQUID-2019_1.txt | x_refsource_MISC | |
| https://bugs.squid-cache.org/show_bug.cgi?id=4937 | x_refsource_MISC | |
| http://www.squid-cache.org/Versions/v4/changesets/squid-4-2981a957716c61ff7e21eee1d7d6eb5a237e466d.patch | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/ | x_refsource_CONFIRM | |
| https://www.debian.org/security/2019/dsa-4507 | vendor-advisory, x_refsource_DEBIAN | |
| https://seclists.org/bugtraq/2019/Aug/42 | mailing-list, x_refsource_BUGTRAQ | |
| http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html | vendor-advisory, x_refsource_SUSE | |
| https://usn.ubuntu.com/4213-1/ | vendor-advisory, x_refsource_UBUNTU |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:32:55.368Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/Advisories/SQUID-2019_1.txt", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugs.squid-cache.org/show_bug.cgi?id=4937", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-2981a957716c61ff7e21eee1d7d6eb5a237e466d.patch", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/", }, { name: "DSA-4507", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4507", }, { name: "20190825 [SECURITY] [DSA 4507-1] squid security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Aug/42", }, { name: "openSUSE-SU-2019:2540", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html", }, { name: "openSUSE-SU-2019:2541", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html", }, { name: "USN-4213-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4213-1/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-12-04T19:06:08", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/Advisories/SQUID-2019_1.txt", }, { tags: [ "x_refsource_MISC", ], url: "https://bugs.squid-cache.org/show_bug.cgi?id=4937", }, { tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-2981a957716c61ff7e21eee1d7d6eb5a237e466d.patch", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/", }, { name: "DSA-4507", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2019/dsa-4507", }, { name: "20190825 [SECURITY] [DSA 4507-1] squid security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Aug/42", }, { name: "openSUSE-SU-2019:2540", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html", }, { name: "openSUSE-SU-2019:2541", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html", }, { name: "USN-4213-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4213-1/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-12854", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.squid-cache.org/Advisories/SQUID-2019_1.txt", refsource: "MISC", url: "http://www.squid-cache.org/Advisories/SQUID-2019_1.txt", }, { name: "https://bugs.squid-cache.org/show_bug.cgi?id=4937", refsource: "MISC", url: "https://bugs.squid-cache.org/show_bug.cgi?id=4937", }, { name: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-2981a957716c61ff7e21eee1d7d6eb5a237e466d.patch", refsource: "MISC", url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-2981a957716c61ff7e21eee1d7d6eb5a237e466d.patch", }, { name: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/", refsource: "CONFIRM", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/", }, { name: "DSA-4507", refsource: "DEBIAN", url: "https://www.debian.org/security/2019/dsa-4507", }, { name: "20190825 [SECURITY] [DSA 4507-1] squid security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Aug/42", }, { name: "openSUSE-SU-2019:2540", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html", }, { name: "openSUSE-SU-2019:2541", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html", }, { name: "USN-4213-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4213-1/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-12854", datePublished: "2019-08-15T16:15:23", dateReserved: "2019-06-16T00:00:00", dateUpdated: "2024-08-04T23:32:55.368Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-18677
Vulnerability from cvelistv5
Published
2019-11-26 16:21
Modified
2024-08-05 01:54
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be delivered to.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T01:54:14.540Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/squid-cache/squid/pull/427", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1156328", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Advisories/SQUID-2019_9.txt", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-36492033ea4097821a4f7ff3ddcb971fbd1e8ba0.patch", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-e5f1813a674848dde570f7920873e1071f96e0b4.patch", }, { name: "USN-4213-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4213-1/", }, { name: "FEDORA-2019-0b16cbdd0e", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/", }, { name: "FEDORA-2019-9538783033", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/", }, { name: "[debian-lts-announce] 20191210 [SECURITY] [DLA 2028-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html", }, { name: "DSA-4682", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4682", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be delivered to.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-10T23:06:16", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/squid-cache/squid/pull/427", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1156328", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Advisories/SQUID-2019_9.txt", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-36492033ea4097821a4f7ff3ddcb971fbd1e8ba0.patch", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-e5f1813a674848dde570f7920873e1071f96e0b4.patch", }, { name: "USN-4213-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4213-1/", }, { name: "FEDORA-2019-0b16cbdd0e", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/", }, { name: "FEDORA-2019-9538783033", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/", }, { name: "[debian-lts-announce] 20191210 [SECURITY] [DLA 2028-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html", }, { name: "DSA-4682", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4682", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-18677", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be delivered to.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/squid-cache/squid/pull/427", refsource: "MISC", url: "https://github.com/squid-cache/squid/pull/427", }, { name: "https://bugzilla.suse.com/show_bug.cgi?id=1156328", refsource: "CONFIRM", url: "https://bugzilla.suse.com/show_bug.cgi?id=1156328", }, { name: "http://www.squid-cache.org/Advisories/SQUID-2019_9.txt", refsource: "CONFIRM", url: "http://www.squid-cache.org/Advisories/SQUID-2019_9.txt", }, { name: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-36492033ea4097821a4f7ff3ddcb971fbd1e8ba0.patch", refsource: "CONFIRM", url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-36492033ea4097821a4f7ff3ddcb971fbd1e8ba0.patch", }, { name: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-e5f1813a674848dde570f7920873e1071f96e0b4.patch", refsource: "CONFIRM", url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-e5f1813a674848dde570f7920873e1071f96e0b4.patch", }, { name: "USN-4213-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4213-1/", }, { name: "FEDORA-2019-0b16cbdd0e", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/", }, { name: "FEDORA-2019-9538783033", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/", }, { name: "[debian-lts-announce] 20191210 [SECURITY] [DLA 2028-1] squid3 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html", }, { name: "DSA-4682", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4682", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-18677", datePublished: "2019-11-26T16:21:59", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-05T01:54:14.540Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2009-2855
Vulnerability from cvelistv5
Published
2009-08-18 20:41
Modified
2024-08-07 06:07
Severity ?
EPSS score ?
Summary
The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T06:07:36.421Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[oss-security] 20090803 Re: squid DoS in external auth header parser", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2009/08/03/3", }, { name: "36091", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/36091", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534982", }, { name: "[oss-security] 20090804 Re: squid DoS in external auth header parser", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2009/08/04/6", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/bugs/show_bug.cgi?id=2704", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/bugs/show_bug.cgi?id=2541", }, { name: "1022757", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1022757", }, { name: "oval:org.mitre.oval:def:10592", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10592", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=518182", }, { name: "[oss-security] 20090720 squid DoS in external auth header parser", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2009/07/20/10", }, { name: "squid-strlistgetitem-dos(52610)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/52610", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=31%3Bfilename=diff%3Batt=1%3Bbug=534982", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2009-07-06T00:00:00", descriptions: [ { lang: "en", value: "The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-09-18T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "[oss-security] 20090803 Re: squid DoS in external auth header parser", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2009/08/03/3", }, { name: "36091", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/36091", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534982", }, { name: "[oss-security] 20090804 Re: squid DoS in external auth header parser", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2009/08/04/6", }, { tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/bugs/show_bug.cgi?id=2704", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/bugs/show_bug.cgi?id=2541", }, { name: "1022757", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1022757", }, { name: "oval:org.mitre.oval:def:10592", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10592", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=518182", }, { name: "[oss-security] 20090720 squid DoS in external auth header parser", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2009/07/20/10", }, { name: "squid-strlistgetitem-dos(52610)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/52610", }, { tags: [ "x_refsource_MISC", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=31%3Bfilename=diff%3Batt=1%3Bbug=534982", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2009-2855", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "[oss-security] 20090803 Re: squid DoS in external auth header parser", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2009/08/03/3", }, { name: "36091", refsource: "BID", url: "http://www.securityfocus.com/bid/36091", }, { name: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534982", refsource: "CONFIRM", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534982", }, { name: "[oss-security] 20090804 Re: squid DoS in external auth header parser", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2009/08/04/6", }, { name: "http://www.squid-cache.org/bugs/show_bug.cgi?id=2704", refsource: "MISC", url: "http://www.squid-cache.org/bugs/show_bug.cgi?id=2704", }, { name: "http://www.squid-cache.org/bugs/show_bug.cgi?id=2541", refsource: "CONFIRM", url: "http://www.squid-cache.org/bugs/show_bug.cgi?id=2541", }, { name: "1022757", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1022757", }, { name: "oval:org.mitre.oval:def:10592", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10592", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=518182", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=518182", }, { name: "[oss-security] 20090720 squid DoS in external auth header parser", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2009/07/20/10", }, { name: "squid-strlistgetitem-dos(52610)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/52610", }, { name: "http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=31;filename=diff;att=1;bug=534982", refsource: "MISC", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=31;filename=diff;att=1;bug=534982", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2009-2855", datePublished: "2009-08-18T20:41:00", dateReserved: "2009-08-18T00:00:00", dateUpdated: "2024-08-07T06:07:36.421Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-4052
Vulnerability from cvelistv5
Published
2016-04-25 14:00
Modified
2024-08-06 00:17
Severity ?
EPSS score ?
Summary
Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:17:29.854Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_6.txt", }, { name: "GLSA-201607-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201607-01", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { name: "SUSE-SU-2016:1996", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { name: "[oss-security] 20160421 CVE Request: Squid HTTP Caching Proxy multiple issues", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/04/20/6", }, { name: "USN-2995-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2995-1", }, { name: "RHSA-2016:1140", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:1140", }, { name: "openSUSE-SU-2016:2081", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { name: "RHSA-2016:1138", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:1138", }, { name: "91787", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/91787", }, { name: "RHSA-2016:1139", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:1139", }, { name: "SUSE-SU-2016:2089", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "[oss-security] 20160420 Re: CVE Request: Squid HTTP Caching Proxy multiple issues", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/04/20/9", }, { name: "1035647", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035647", }, { name: "DSA-3625", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3625", }, { name: "86788", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/86788", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-04-20T00:00:00", descriptions: [ { lang: "en", value: "Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-28T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_6.txt", }, { name: "GLSA-201607-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201607-01", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { name: "SUSE-SU-2016:1996", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { name: "[oss-security] 20160421 CVE Request: Squid HTTP Caching Proxy multiple issues", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/04/20/6", }, { name: "USN-2995-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2995-1", }, { name: "RHSA-2016:1140", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:1140", }, { name: "openSUSE-SU-2016:2081", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { name: "RHSA-2016:1138", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:1138", }, { name: "91787", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/91787", }, { name: "RHSA-2016:1139", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:1139", }, { name: "SUSE-SU-2016:2089", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "[oss-security] 20160420 Re: CVE Request: Squid HTTP Caching Proxy multiple issues", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/04/20/9", }, { name: "1035647", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035647", }, { name: "DSA-3625", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3625", }, { name: "86788", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/86788", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-4052", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.squid-cache.org/Advisories/SQUID-2016_6.txt", refsource: "CONFIRM", url: "http://www.squid-cache.org/Advisories/SQUID-2016_6.txt", }, { name: "GLSA-201607-01", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201607-01", }, { name: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { name: "SUSE-SU-2016:1996", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { name: "[oss-security] 20160421 CVE Request: Squid HTTP Caching Proxy multiple issues", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/04/20/6", }, { name: "USN-2995-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2995-1", }, { name: "RHSA-2016:1140", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:1140", }, { name: "openSUSE-SU-2016:2081", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { name: "RHSA-2016:1138", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:1138", }, { name: "91787", refsource: "BID", url: "http://www.securityfocus.com/bid/91787", }, { name: "RHSA-2016:1139", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:1139", }, { name: "SUSE-SU-2016:2089", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "[oss-security] 20160420 Re: CVE Request: Squid HTTP Caching Proxy multiple issues", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/04/20/9", }, { name: "1035647", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035647", }, { name: "DSA-3625", refsource: "DEBIAN", url: "http://www.debian.org/security/2016/dsa-3625", }, { name: "86788", refsource: "BID", url: "http://www.securityfocus.com/bid/86788", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-4052", datePublished: "2016-04-25T14:00:00", dateReserved: "2016-04-20T00:00:00", dateUpdated: "2024-08-06T00:17:29.854Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-12527
Vulnerability from cvelistv5
Published
2019-07-11 18:10
Modified
2024-08-04 23:24
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user controlled data.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:24:38.676Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v4/changesets/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/squid-cache/squid/commits/v4", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch", }, { name: "109143", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/109143", }, { name: "USN-4065-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4065-1/", }, { name: "FEDORA-2019-cb50bcc189", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/", }, { name: "DSA-4507", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4507", }, { name: "20190825 [SECURITY] [DSA 4507-1] squid security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Aug/42", }, { name: "RHSA-2019:2593", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:2593", }, { name: "openSUSE-SU-2019:2540", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html", }, { name: "openSUSE-SU-2019:2541", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2019-06-19T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user controlled data.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-11-21T18:07:08", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v4/changesets/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/squid-cache/squid/commits/v4", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch", }, { name: "109143", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/109143", }, { name: "USN-4065-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4065-1/", }, { name: "FEDORA-2019-cb50bcc189", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/", }, { name: "DSA-4507", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2019/dsa-4507", }, { name: "20190825 [SECURITY] [DSA 4507-1] squid security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Aug/42", }, { name: "RHSA-2019:2593", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:2593", }, { name: "openSUSE-SU-2019:2540", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html", }, { name: "openSUSE-SU-2019:2541", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-12527", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user controlled data.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.squid-cache.org/Versions/v4/changesets/", refsource: "CONFIRM", url: "http://www.squid-cache.org/Versions/v4/changesets/", }, { name: "https://github.com/squid-cache/squid/commits/v4", refsource: "CONFIRM", url: "https://github.com/squid-cache/squid/commits/v4", }, { name: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch", refsource: "CONFIRM", url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch", }, { name: "109143", refsource: "BID", url: "http://www.securityfocus.com/bid/109143", }, { name: "USN-4065-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4065-1/", }, { name: "FEDORA-2019-cb50bcc189", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/", }, { name: "DSA-4507", refsource: "DEBIAN", url: "https://www.debian.org/security/2019/dsa-4507", }, { name: "20190825 [SECURITY] [DSA 4507-1] squid security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Aug/42", }, { name: "RHSA-2019:2593", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:2593", }, { name: "openSUSE-SU-2019:2540", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html", }, { name: "openSUSE-SU-2019:2541", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-12527", datePublished: "2019-07-11T18:10:16", dateReserved: "2019-06-02T00:00:00", dateUpdated: "2024-08-04T23:24:38.676Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-12519
Vulnerability from cvelistv5
Published
2020-04-15 19:20
Modified
2024-08-04 23:24
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won't overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12519.txt | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2020/04/23/1 | mailing-list, x_refsource_MLIST | |
| https://www.debian.org/security/2020/dsa-4682 | vendor-advisory, x_refsource_DEBIAN | |
| http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html | vendor-advisory, x_refsource_SUSE | |
| https://security.gentoo.org/glsa/202005-05 | vendor-advisory, x_refsource_GENTOO | |
| https://usn.ubuntu.com/4356-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20210205-0006/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:24:37.851Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12519.txt", }, { name: "[oss-security] 20200423 [ADVISORY] SQUID-2019:12 Multiple issues in ESI Response processing", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2020/04/23/1", }, { name: "DSA-4682", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4682", }, { name: "openSUSE-SU-2020:0623", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html", }, { name: "GLSA-202005-05", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202005-05", }, { name: "USN-4356-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4356-1/", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210205-0006/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won't overflow.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-02-05T11:06:15", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12519.txt", }, { name: "[oss-security] 20200423 [ADVISORY] SQUID-2019:12 Multiple issues in ESI Response processing", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2020/04/23/1", }, { name: "DSA-4682", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4682", }, { name: "openSUSE-SU-2020:0623", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html", }, { name: "GLSA-202005-05", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202005-05", }, { name: "USN-4356-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4356-1/", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210205-0006/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-12519", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won't overflow.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12519.txt", refsource: "MISC", url: "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12519.txt", }, { name: "[oss-security] 20200423 [ADVISORY] SQUID-2019:12 Multiple issues in ESI Response processing", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2020/04/23/1", }, { name: "DSA-4682", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4682", }, { name: "openSUSE-SU-2020:0623", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html", }, { name: "GLSA-202005-05", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202005-05", }, { name: "USN-4356-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4356-1/", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { name: "https://security.netapp.com/advisory/ntap-20210205-0006/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210205-0006/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-12519", datePublished: "2020-04-15T19:20:41", dateReserved: "2019-06-02T00:00:00", dateUpdated: "2024-08-04T23:24:37.851Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-10003
Vulnerability from cvelistv5
Published
2017-01-27 17:00
Modified
2024-08-06 03:07
Severity ?
EPSS score ?
Summary
Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/12/18/1 | mailing-list, x_refsource_MLIST | |
| http://www.securitytracker.com/id/1037512 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/94953 | vdb-entry, x_refsource_BID | |
| http://www.squid-cache.org/Advisories/SQUID-2016_10.txt | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T03:07:31.873Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[oss-security] 20161217 Re: CVE Request - squid HTTP proxy multiple Information Disclosure issues", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/12/18/1", }, { name: "1037512", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1037512", }, { name: "94953", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94953", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_10.txt", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-12-17T00:00:00", descriptions: [ { lang: "en", value: "Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-01-27T16:57:02", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "[oss-security] 20161217 Re: CVE Request - squid HTTP proxy multiple Information Disclosure issues", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/12/18/1", }, { name: "1037512", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1037512", }, { name: "94953", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94953", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_10.txt", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-10003", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "[oss-security] 20161217 Re: CVE Request - squid HTTP proxy multiple Information Disclosure issues", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/12/18/1", }, { name: "1037512", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1037512", }, { name: "94953", refsource: "BID", url: "http://www.securityfocus.com/bid/94953", }, { name: "http://www.squid-cache.org/Advisories/SQUID-2016_10.txt", refsource: "CONFIRM", url: "http://www.squid-cache.org/Advisories/SQUID-2016_10.txt", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-10003", datePublished: "2017-01-27T17:00:00", dateReserved: "2016-12-17T00:00:00", dateUpdated: "2024-08-06T03:07:31.873Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-12523
Vulnerability from cvelistv5
Published
2019-11-26 16:39
Modified
2024-08-04 23:24
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restricted HTTP servers, e.g., an attacker can connect to HTTP servers that only listen on localhost.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html | x_refsource_CONFIRM | |
| http://www.squid-cache.org/Advisories/SQUID-2019_8.txt | x_refsource_CONFIRM | |
| https://bugzilla.suse.com/show_bug.cgi?id=1156329 | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/4213-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/ | vendor-advisory, x_refsource_FEDORA | |
| https://www.debian.org/security/2020/dsa-4682 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html | mailing-list, x_refsource_MLIST | |
| https://usn.ubuntu.com/4446-1/ | vendor-advisory, x_refsource_UBUNTU |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:24:39.198Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Advisories/SQUID-2019_8.txt", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1156329", }, { name: "USN-4213-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4213-1/", }, { name: "FEDORA-2019-0b16cbdd0e", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/", }, { name: "FEDORA-2019-9538783033", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/", }, { name: "DSA-4682", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4682", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { name: "USN-4446-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4446-1/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restricted HTTP servers, e.g., an attacker can connect to HTTP servers that only listen on localhost.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-08-05T19:06:08", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Advisories/SQUID-2019_8.txt", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1156329", }, { name: "USN-4213-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4213-1/", }, { name: "FEDORA-2019-0b16cbdd0e", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/", }, { name: "FEDORA-2019-9538783033", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/", }, { name: "DSA-4682", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4682", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { name: "USN-4446-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4446-1/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-12523", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restricted HTTP servers, e.g., an attacker can connect to HTTP servers that only listen on localhost.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html", refsource: "CONFIRM", url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html", }, { name: "http://www.squid-cache.org/Advisories/SQUID-2019_8.txt", refsource: "CONFIRM", url: "http://www.squid-cache.org/Advisories/SQUID-2019_8.txt", }, { name: "https://bugzilla.suse.com/show_bug.cgi?id=1156329", refsource: "CONFIRM", url: "https://bugzilla.suse.com/show_bug.cgi?id=1156329", }, { name: "USN-4213-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4213-1/", }, { name: "FEDORA-2019-0b16cbdd0e", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/", }, { name: "FEDORA-2019-9538783033", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/", }, { name: "DSA-4682", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4682", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { name: "USN-4446-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4446-1/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-12523", datePublished: "2019-11-26T16:39:59", dateReserved: "2019-06-02T00:00:00", dateUpdated: "2024-08-04T23:24:39.198Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-3947
Vulnerability from cvelistv5
Published
2016-04-07 18:00
Modified
2024-08-06 00:10
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 packet.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:10:31.953Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14015.patch", }, { name: "GLSA-201607-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201607-01", }, { name: "SUSE-SU-2016:1996", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11839.patch", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_3.txt", }, { name: "USN-2995-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2995-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10495.patch", }, { name: "1035457", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035457", }, { name: "openSUSE-SU-2016:2081", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { name: "SUSE-SU-2016:2089", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13232.patch", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12694.patch", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-04-02T00:00:00", descriptions: [ { lang: "en", value: "Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 packet.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-25T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14015.patch", }, { name: "GLSA-201607-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201607-01", }, { name: "SUSE-SU-2016:1996", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11839.patch", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_3.txt", }, { name: "USN-2995-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2995-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10495.patch", }, { name: "1035457", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035457", }, { name: "openSUSE-SU-2016:2081", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { name: "SUSE-SU-2016:2089", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13232.patch", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12694.patch", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-3947", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 packet.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14015.patch", refsource: "CONFIRM", url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14015.patch", }, { name: "GLSA-201607-01", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201607-01", }, { name: "SUSE-SU-2016:1996", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { name: "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11839.patch", refsource: "CONFIRM", url: "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11839.patch", }, { name: "http://www.squid-cache.org/Advisories/SQUID-2016_3.txt", refsource: "CONFIRM", url: "http://www.squid-cache.org/Advisories/SQUID-2016_3.txt", }, { name: "USN-2995-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2995-1", }, { name: "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10495.patch", refsource: "CONFIRM", url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10495.patch", }, { name: "1035457", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035457", }, { name: "openSUSE-SU-2016:2081", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { name: "SUSE-SU-2016:2089", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13232.patch", refsource: "CONFIRM", url: "http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13232.patch", }, { name: "http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12694.patch", refsource: "CONFIRM", url: "http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12694.patch", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-3947", datePublished: "2016-04-07T18:00:00", dateReserved: "2016-04-01T00:00:00", dateUpdated: "2024-08-06T00:10:31.953Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-8450
Vulnerability from cvelistv5
Published
2020-02-04 19:51
Modified
2024-08-04 09:56
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T09:56:28.485Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/Advisories/SQUID-2020_1.txt", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch", }, { name: "USN-4289-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4289-1/", }, { name: "openSUSE-SU-2020:0307", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html", }, { name: "GLSA-202003-34", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202003-34", }, { name: "FEDORA-2020-ab8e7463ab", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/", }, { name: "FEDORA-2020-790296a8f4", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/", }, { name: "openSUSE-SU-2020:0606", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html", }, { name: "DSA-4682", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4682", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210304-0002/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-03-04T12:06:29", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/Advisories/SQUID-2020_1.txt", }, { tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch", }, { tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch", }, { tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch", }, { tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch", }, { tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch", }, { name: "USN-4289-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4289-1/", }, { name: "openSUSE-SU-2020:0307", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html", }, { name: "GLSA-202003-34", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202003-34", }, { name: "FEDORA-2020-ab8e7463ab", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/", }, { name: "FEDORA-2020-790296a8f4", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/", }, { name: "openSUSE-SU-2020:0606", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html", }, { name: "DSA-4682", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4682", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210304-0002/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-8450", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.squid-cache.org/Advisories/SQUID-2020_1.txt", refsource: "MISC", url: "http://www.squid-cache.org/Advisories/SQUID-2020_1.txt", }, { name: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch", refsource: "MISC", url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch", }, { name: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch", refsource: "MISC", url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch", }, { name: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch", refsource: "MISC", url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch", }, { name: "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch", refsource: "MISC", url: "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch", }, { name: "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch", refsource: "MISC", url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch", }, { name: "USN-4289-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4289-1/", }, { name: "openSUSE-SU-2020:0307", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html", }, { name: "GLSA-202003-34", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202003-34", }, { name: "FEDORA-2020-ab8e7463ab", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/", }, { name: "FEDORA-2020-790296a8f4", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/", }, { name: "openSUSE-SU-2020:0606", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html", }, { name: "DSA-4682", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4682", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { name: "https://security.netapp.com/advisory/ntap-20210304-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210304-0002/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-8450", datePublished: "2020-02-04T19:51:21", dateReserved: "2020-01-30T00:00:00", dateUpdated: "2024-08-04T09:56:28.485Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-4123
Vulnerability from cvelistv5
Published
2013-09-16 19:00
Modified
2024-09-17 03:48
Severity ?
EPSS score ?
Summary
client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/54142 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12591.patch | x_refsource_CONFIRM | |
| http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11826.patch | x_refsource_CONFIRM | |
| http://secunia.com/advisories/54834 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.squid-cache.org/Advisories/SQUID-2013_3.txt | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-updates/2013-09/msg00024.html | vendor-advisory, x_refsource_SUSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:30:50.014Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "54142", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/54142", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12591.patch", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11826.patch", }, { name: "54834", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/54834", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Advisories/SQUID-2013_3.txt", }, { name: "openSUSE-SU-2013:1435", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2013-09/msg00024.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-09-16T19:00:00Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "54142", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/54142", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12591.patch", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11826.patch", }, { name: "54834", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/54834", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Advisories/SQUID-2013_3.txt", }, { name: "openSUSE-SU-2013:1435", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2013-09/msg00024.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2013-4123", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "54142", refsource: "SECUNIA", url: "http://secunia.com/advisories/54142", }, { name: "http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12591.patch", refsource: "CONFIRM", url: "http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12591.patch", }, { name: "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11826.patch", refsource: "CONFIRM", url: "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11826.patch", }, { name: "54834", refsource: "SECUNIA", url: "http://secunia.com/advisories/54834", }, { name: "http://www.squid-cache.org/Advisories/SQUID-2013_3.txt", refsource: "CONFIRM", url: "http://www.squid-cache.org/Advisories/SQUID-2013_3.txt", }, { name: "openSUSE-SU-2013:1435", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2013-09/msg00024.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-4123", datePublished: "2013-09-16T19:00:00Z", dateReserved: "2013-06-12T00:00:00Z", dateUpdated: "2024-09-17T03:48:39.055Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-19132
Vulnerability from cvelistv5
Published
2018-11-09 11:00
Modified
2024-08-05 11:30
Severity ?
EPSS score ?
Summary
Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/squid-cache/squid/pull/313 | x_refsource_MISC | |
| http://www.squid-cache.org/Versions/v5/changesets/squid-5-644131ff1e00c1895d77561f561d29c104ba6b11.patch | x_refsource_MISC | |
| http://www.squid-cache.org/Advisories/SQUID-2018_5.txt | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00032.html | mailing-list, x_refsource_MLIST | |
| https://usn.ubuntu.com/4059-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T11:30:03.999Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/squid-cache/squid/pull/313", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v5/changesets/squid-5-644131ff1e00c1895d77561f561d29c104ba6b11.patch", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/Advisories/SQUID-2018_5.txt", }, { name: "[debian-lts-announce] 20181126 [SECURITY] [DLA 1596-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00032.html", }, { name: "USN-4059-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4059-1/", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-11-09T00:00:00", descriptions: [ { lang: "en", value: "Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-10T23:06:18", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/squid-cache/squid/pull/313", }, { tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/Versions/v5/changesets/squid-5-644131ff1e00c1895d77561f561d29c104ba6b11.patch", }, { tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/Advisories/SQUID-2018_5.txt", }, { name: "[debian-lts-announce] 20181126 [SECURITY] [DLA 1596-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00032.html", }, { name: "USN-4059-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4059-1/", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-19132", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/squid-cache/squid/pull/313", refsource: "MISC", url: "https://github.com/squid-cache/squid/pull/313", }, { name: "http://www.squid-cache.org/Versions/v5/changesets/squid-5-644131ff1e00c1895d77561f561d29c104ba6b11.patch", refsource: "MISC", url: "http://www.squid-cache.org/Versions/v5/changesets/squid-5-644131ff1e00c1895d77561f561d29c104ba6b11.patch", }, { name: "http://www.squid-cache.org/Advisories/SQUID-2018_5.txt", refsource: "MISC", url: "http://www.squid-cache.org/Advisories/SQUID-2018_5.txt", }, { name: "[debian-lts-announce] 20181126 [SECURITY] [DLA 1596-1] squid3 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/11/msg00032.html", }, { name: "USN-4059-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4059-1/", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-19132", datePublished: "2018-11-09T11:00:00", dateReserved: "2018-11-09T00:00:00", dateUpdated: "2024-08-05T11:30:03.999Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-18678
Vulnerability from cvelistv5
Published
2019-11-26 16:15
Modified
2024-08-05 02:02
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. The resulting Response messages corrupt caches (between a client and Squid) with attacker-controlled content at arbitrary URLs. Effects are isolated to software between the attacker client and Squid. There are no effects on Squid itself, nor on any upstream servers. The issue is related to a request header containing whitespace between a header name and a colon.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:02:38.289Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/squid-cache/squid/pull/445", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1156323", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Advisories/SQUID-2019_10.txt", }, { name: "USN-4213-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4213-1/", }, { name: "FEDORA-2019-0b16cbdd0e", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/", }, { name: "FEDORA-2019-9538783033", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/", }, { name: "[debian-lts-announce] 20191210 [SECURITY] [DLA 2028-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html", }, { name: "GLSA-202003-34", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202003-34", }, { name: "DSA-4682", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4682", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. The resulting Response messages corrupt caches (between a client and Squid) with attacker-controlled content at arbitrary URLs. Effects are isolated to software between the attacker client and Squid. There are no effects on Squid itself, nor on any upstream servers. The issue is related to a request header containing whitespace between a header name and a colon.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-10T23:06:15", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/squid-cache/squid/pull/445", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1156323", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Advisories/SQUID-2019_10.txt", }, { name: "USN-4213-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4213-1/", }, { name: "FEDORA-2019-0b16cbdd0e", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/", }, { name: "FEDORA-2019-9538783033", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/", }, { name: "[debian-lts-announce] 20191210 [SECURITY] [DLA 2028-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html", }, { name: "GLSA-202003-34", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202003-34", }, { name: "DSA-4682", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4682", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-18678", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. The resulting Response messages corrupt caches (between a client and Squid) with attacker-controlled content at arbitrary URLs. Effects are isolated to software between the attacker client and Squid. There are no effects on Squid itself, nor on any upstream servers. The issue is related to a request header containing whitespace between a header name and a colon.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/squid-cache/squid/pull/445", refsource: "MISC", url: "https://github.com/squid-cache/squid/pull/445", }, { name: "https://bugzilla.suse.com/show_bug.cgi?id=1156323", refsource: "CONFIRM", url: "https://bugzilla.suse.com/show_bug.cgi?id=1156323", }, { name: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch", refsource: "CONFIRM", url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch", }, { name: "http://www.squid-cache.org/Advisories/SQUID-2019_10.txt", refsource: "CONFIRM", url: "http://www.squid-cache.org/Advisories/SQUID-2019_10.txt", }, { name: "USN-4213-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4213-1/", }, { name: "FEDORA-2019-0b16cbdd0e", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/", }, { name: "FEDORA-2019-9538783033", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/", }, { name: "[debian-lts-announce] 20191210 [SECURITY] [DLA 2028-1] squid3 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html", }, { name: "GLSA-202003-34", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202003-34", }, { name: "DSA-4682", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4682", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-18678", datePublished: "2019-11-26T16:15:42", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-05T02:02:38.289Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-46847
Vulnerability from cvelistv5
Published
2023-11-03 07:58
Modified
2025-02-28 01:09
Severity ?
EPSS score ?
Summary
Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 3.2.0.1 < 6.4 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:53:21.999Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2023:6266", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6266", }, { name: "RHSA-2023:6267", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6267", }, { name: "RHSA-2023:6268", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6268", }, { name: "RHSA-2023:6748", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6748", }, { name: "RHSA-2023:6801", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6801", }, { name: "RHSA-2023:6803", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6803", }, { name: "RHSA-2023:6804", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6804", }, { name: "RHSA-2023:6805", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6805", }, { name: "RHSA-2023:6810", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6810", }, { name: "RHSA-2023:6882", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6882", }, { name: "RHSA-2023:6884", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6884", }, { name: "RHSA-2023:7213", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7213", }, { name: "RHSA-2023:7576", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7576", }, { name: "RHSA-2023:7578", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:7578", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2023-46847", }, { name: "RHBZ#2245916", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2245916", }, { tags: [ "x_transferred", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20231130-0002/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://github.com/squid-cache/squid", defaultStatus: "unaffected", packageName: "squid", versions: [ { lessThan: "6.4", status: "affected", version: "3.2.0.1", versionType: "custom", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_els:6", ], defaultStatus: "affected", packageName: "squid34", product: "Red Hat Enterprise Linux 6 Extended Lifecycle Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "7:3.4.14-15.el6_10.1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_els:6", ], defaultStatus: "affected", packageName: "squid", product: "Red Hat Enterprise Linux 6 Extended Lifecycle Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "7:3.1.23-24.el6_10.1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7::server", "cpe:/o:redhat:enterprise_linux:7::workstation", ], defaultStatus: "affected", packageName: "squid", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "7:3.5.20-17.el7_9.9", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_aus:7.6::server", ], defaultStatus: "affected", packageName: "squid", product: "Red Hat Enterprise Linux 7.6 Advanced Update Support(Disable again in 2026 - SPRHEL-7118)", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "7:3.5.20-12.el7_6.2", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:rhel_aus:7.7::server", ], defaultStatus: "affected", packageName: "squid", product: "Red Hat Enterprise Linux 7.7 Advanced Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "7:3.5.20-13.el7_7.1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "squid:4", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8080020231030214932.63b34585", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:8::appstream", ], defaultStatus: "affected", packageName: "squid:4", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8090020231030224841.a75119d5", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.1::appstream", ], defaultStatus: "affected", packageName: "squid:4", product: "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8010020231101141358.c27ad7f8", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", ], defaultStatus: "affected", packageName: "squid:4", product: "Red Hat Enterprise Linux 8.2 Advanced Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8020020231101135052.4cda2c84", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", ], defaultStatus: "affected", packageName: "squid:4", product: "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8020020231101135052.4cda2c84", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", ], defaultStatus: "affected", packageName: "squid:4", product: "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8020020231101135052.4cda2c84", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", ], defaultStatus: "affected", packageName: "squid:4", product: "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8040020231101101624.522a0ee4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", ], defaultStatus: "affected", packageName: "squid:4", product: "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8040020231101101624.522a0ee4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", ], defaultStatus: "affected", packageName: "squid:4", product: "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8040020231101101624.522a0ee4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:8.6::appstream", ], defaultStatus: "affected", packageName: "squid:4", product: "Red Hat Enterprise Linux 8.6 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "8060020231031165747.ad008a3a", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "squid", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "7:5.5-5.el9_2.1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "squid", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "7:5.5-6.el9_3.1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.0::appstream", ], defaultStatus: "affected", packageName: "squid", product: "Red Hat Enterprise Linux 9.0 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "7:5.2-1.el9_0.3", versionType: "rpm", }, ], }, ], datePublic: "2023-10-19T00:00:00.000Z", descriptions: [ { lang: "en", value: "Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Critical", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-120", description: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-28T01:09:44.601Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2023:6266", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6266", }, { name: "RHSA-2023:6267", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6267", }, { name: "RHSA-2023:6268", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6268", }, { name: "RHSA-2023:6748", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6748", }, { name: "RHSA-2023:6801", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6801", }, { name: "RHSA-2023:6803", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6803", }, { name: "RHSA-2023:6804", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6804", }, { name: "RHSA-2023:6805", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6805", }, { name: "RHSA-2023:6810", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6810", }, { name: "RHSA-2023:6882", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6882", }, { name: "RHSA-2023:6884", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6884", }, { name: "RHSA-2023:7213", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7213", }, { name: "RHSA-2023:7576", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7576", }, { name: "RHSA-2023:7578", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:7578", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2023-46847", }, { name: "RHBZ#2245916", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2245916", }, { url: "https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g", }, ], timeline: [ { lang: "en", time: "2023-10-24T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2023-10-19T00:00:00+00:00", value: "Made public.", }, ], title: "Squid: denial of service in http digest authentication", x_redhatCweChain: "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2023-46847", datePublished: "2023-11-03T07:58:05.641Z", dateReserved: "2023-10-27T08:36:38.158Z", dateUpdated: "2025-02-28T01:09:44.601Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-2570
Vulnerability from cvelistv5
Published
2016-02-27 02:00
Modified
2024-08-05 23:32
Severity ?
EPSS score ?
Summary
The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.
References
| ▼ | URL | Tags |
|---|---|---|
| https://usn.ubuntu.com/3557-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://security.gentoo.org/glsa/201607-01 | vendor-advisory, x_refsource_GENTOO | |
| http://www.squid-cache.org/Advisories/SQUID-2016_2.txt | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html | vendor-advisory, x_refsource_SUSE | |
| http://www.squid-cache.org/Versions/v4/changesets/squid-4-14549.patch | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2016-2600.html | vendor-advisory, x_refsource_REDHAT | |
| http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html | vendor-advisory, x_refsource_SUSE | |
| http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13993.patch | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/02/26/2 | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html | vendor-advisory, x_refsource_SUSE | |
| http://www.securitytracker.com/id/1035101 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:32:20.956Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "USN-3557-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3557-1/", }, { name: "GLSA-201607-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201607-01", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_2.txt", }, { name: "SUSE-SU-2016:1996", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-14549.patch", }, { name: "RHSA-2016:2600", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2600.html", }, { name: "openSUSE-SU-2016:2081", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13993.patch", }, { name: "[oss-security] 20160226 Re: CVE request: Squid HTTP Caching Proxy multiple denial of service issues", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/02/26/2", }, { name: "SUSE-SU-2016:2089", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "1035101", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035101", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-02-26T00:00:00", descriptions: [ { lang: "en", value: "The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-03-15T09:57:02", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "USN-3557-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3557-1/", }, { name: "GLSA-201607-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201607-01", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_2.txt", }, { name: "SUSE-SU-2016:1996", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-14549.patch", }, { name: "RHSA-2016:2600", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2600.html", }, { name: "openSUSE-SU-2016:2081", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13993.patch", }, { name: "[oss-security] 20160226 Re: CVE request: Squid HTTP Caching Proxy multiple denial of service issues", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/02/26/2", }, { name: "SUSE-SU-2016:2089", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "1035101", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035101", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-2570", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "USN-3557-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3557-1/", }, { name: "GLSA-201607-01", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201607-01", }, { name: "http://www.squid-cache.org/Advisories/SQUID-2016_2.txt", refsource: "CONFIRM", url: "http://www.squid-cache.org/Advisories/SQUID-2016_2.txt", }, { name: "SUSE-SU-2016:1996", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { name: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-14549.patch", refsource: "CONFIRM", url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-14549.patch", }, { name: "RHSA-2016:2600", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-2600.html", }, { name: "openSUSE-SU-2016:2081", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { name: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13993.patch", refsource: "CONFIRM", url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13993.patch", }, { name: "[oss-security] 20160226 Re: CVE request: Squid HTTP Caching Proxy multiple denial of service issues", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/02/26/2", }, { name: "SUSE-SU-2016:2089", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "1035101", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035101", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-2570", datePublished: "2016-02-27T02:00:00", dateReserved: "2016-02-26T00:00:00", dateUpdated: "2024-08-05T23:32:20.956Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-49286
Vulnerability from cvelistv5
Published
2023-12-04 22:53
Modified
2025-02-13 17:18
Severity ?
EPSS score ?
Summary
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| squid-cache | squid |
Version: < 6.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T21:53:45.223Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/squid-cache/squid/security/advisories/GHSA-xggx-9329-3c27", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-xggx-9329-3c27", }, { name: "https://github.com/squid-cache/squid/commit/6014c6648a2a54a4ecb7f952ea1163e0798f9264", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/squid-cache/squid/commit/6014c6648a2a54a4ecb7f952ea1163e0798f9264", }, { name: "http://www.squid-cache.org/Versions/v6/SQUID-2023_8.patch", tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v6/SQUID-2023_8.patch", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240119-0004/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "squid", vendor: "squid-cache", versions: [ { status: "affected", version: "< 6.5", }, ], }, ], descriptions: [ { lang: "en", value: "Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-617", description: "CWE-617: Reachable Assertion", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-253", description: "CWE-253: Incorrect Check of Function Return Value", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-19T16:06:22.401Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/squid-cache/squid/security/advisories/GHSA-xggx-9329-3c27", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-xggx-9329-3c27", }, { name: "https://github.com/squid-cache/squid/commit/6014c6648a2a54a4ecb7f952ea1163e0798f9264", tags: [ "x_refsource_MISC", ], url: "https://github.com/squid-cache/squid/commit/6014c6648a2a54a4ecb7f952ea1163e0798f9264", }, { name: "http://www.squid-cache.org/Versions/v6/SQUID-2023_8.patch", tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/Versions/v6/SQUID-2023_8.patch", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/", }, { url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html", }, { url: "https://security.netapp.com/advisory/ntap-20240119-0004/", }, ], source: { advisory: "GHSA-xggx-9329-3c27", discovery: "UNKNOWN", }, title: "Denial of Service in Helper Process management", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-49286", datePublished: "2023-12-04T22:53:44.827Z", dateReserved: "2023-11-24T16:45:24.312Z", dateUpdated: "2025-02-13T17:18:38.522Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-46728
Vulnerability from cvelistv5
Published
2023-11-06 17:13
Modified
2025-02-13 17:14
Severity ?
EPSS score ?
Summary
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| squid-cache | squid |
Version: < 6.0.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:53:21.619Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/squid-cache/squid/security/advisories/GHSA-cg5h-v6vc-w33f", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-cg5h-v6vc-w33f", }, { name: "https://github.com/squid-cache/squid/commit/6ea12e8fb590ac6959e9356a81aa3370576568c3", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/squid-cache/squid/commit/6ea12e8fb590ac6959e9356a81aa3370576568c3", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20231214-0006/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-46728", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-27T16:14:28.614073Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-27T16:14:38.802Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "squid", vendor: "squid-cache", versions: [ { status: "affected", version: "< 6.0.1", }, ], }, ], descriptions: [ { lang: "en", value: "Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476: NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-29T03:06:28.348Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/squid-cache/squid/security/advisories/GHSA-cg5h-v6vc-w33f", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-cg5h-v6vc-w33f", }, { name: "https://github.com/squid-cache/squid/commit/6ea12e8fb590ac6959e9356a81aa3370576568c3", tags: [ "x_refsource_MISC", ], url: "https://github.com/squid-cache/squid/commit/6ea12e8fb590ac6959e9356a81aa3370576568c3", }, { url: "https://security.netapp.com/advisory/ntap-20231214-0006/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/", }, ], source: { advisory: "GHSA-cg5h-v6vc-w33f", discovery: "UNKNOWN", }, title: "SQUID-2021:8 Denial of Service in Gopher gateway", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-46728", datePublished: "2023-11-06T17:13:45.821Z", dateReserved: "2023-10-25T14:30:33.751Z", dateUpdated: "2025-02-13T17:14:33.271Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-3948
Vulnerability from cvelistv5
Published
2016-04-07 18:00
Modified
2024-08-06 00:10
Severity ?
EPSS score ?
Summary
Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers.
References
| ▼ | URL | Tags |
|---|---|---|
| https://usn.ubuntu.com/3557-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://security.gentoo.org/glsa/201607-01 | vendor-advisory, x_refsource_GENTOO | |
| http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14016.patch | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html | vendor-advisory, x_refsource_SUSE | |
| http://rhn.redhat.com/errata/RHSA-2016-2600.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.securitytracker.com/id/1035458 | vdb-entry, x_refsource_SECTRACK | |
| http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html | vendor-advisory, x_refsource_SUSE | |
| http://www.squid-cache.org/Advisories/SQUID-2016_4.txt | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:10:31.913Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "USN-3557-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3557-1/", }, { name: "GLSA-201607-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201607-01", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14016.patch", }, { name: "SUSE-SU-2016:1996", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { name: "RHSA-2016:2600", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2600.html", }, { name: "1035458", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035458", }, { name: "openSUSE-SU-2016:2081", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { name: "SUSE-SU-2016:2089", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_4.txt", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-04-02T00:00:00", descriptions: [ { lang: "en", value: "Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-03-15T09:57:02", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "USN-3557-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3557-1/", }, { name: "GLSA-201607-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201607-01", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14016.patch", }, { name: "SUSE-SU-2016:1996", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { name: "RHSA-2016:2600", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2600.html", }, { name: "1035458", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035458", }, { name: "openSUSE-SU-2016:2081", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { name: "SUSE-SU-2016:2089", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_4.txt", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-3948", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "USN-3557-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3557-1/", }, { name: "GLSA-201607-01", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201607-01", }, { name: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14016.patch", refsource: "CONFIRM", url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14016.patch", }, { name: "SUSE-SU-2016:1996", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { name: "RHSA-2016:2600", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-2600.html", }, { name: "1035458", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035458", }, { name: "openSUSE-SU-2016:2081", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { name: "SUSE-SU-2016:2089", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "http://www.squid-cache.org/Advisories/SQUID-2016_4.txt", refsource: "CONFIRM", url: "http://www.squid-cache.org/Advisories/SQUID-2016_4.txt", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-3948", datePublished: "2016-04-07T18:00:00", dateReserved: "2016-04-01T00:00:00", dateUpdated: "2024-08-06T00:10:31.913Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-2390
Vulnerability from cvelistv5
Published
2016-04-19 21:00
Modified
2024-08-05 23:24
Severity ?
EPSS score ?
Summary
The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintext HTTP message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.squid-cache.org/Advisories/SQUID-2016_1.txt | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html | vendor-advisory, x_refsource_SUSE | |
| http://www.securitytracker.com/id/1035045 | vdb-entry, x_refsource_SECTRACK | |
| http://lists.squid-cache.org/pipermail/squid-announce/2016-February/000038.html | mailing-list, x_refsource_MLIST | |
| http://lists.squid-cache.org/pipermail/squid-announce/2016-February/000037.html | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html | vendor-advisory, x_refsource_SUSE | |
| http://bugs.squid-cache.org/show_bug.cgi?id=4437 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:24:49.262Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_1.txt", }, { name: "SUSE-SU-2016:1996", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { name: "1035045", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035045", }, { name: "[squid-announce] 20160216 Squid 4.0.6 beta is available", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://lists.squid-cache.org/pipermail/squid-announce/2016-February/000038.html", }, { name: "[squid-announce] 20160216 Squid 3.5.14 is available", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://lists.squid-cache.org/pipermail/squid-announce/2016-February/000037.html", }, { name: "SUSE-SU-2016:2089", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugs.squid-cache.org/show_bug.cgi?id=4437", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-02-13T00:00:00", descriptions: [ { lang: "en", value: "The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintext HTTP message.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-25T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_1.txt", }, { name: "SUSE-SU-2016:1996", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { name: "1035045", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035045", }, { name: "[squid-announce] 20160216 Squid 4.0.6 beta is available", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://lists.squid-cache.org/pipermail/squid-announce/2016-February/000038.html", }, { name: "[squid-announce] 20160216 Squid 3.5.14 is available", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://lists.squid-cache.org/pipermail/squid-announce/2016-February/000037.html", }, { name: "SUSE-SU-2016:2089", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugs.squid-cache.org/show_bug.cgi?id=4437", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-2390", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintext HTTP message.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.squid-cache.org/Advisories/SQUID-2016_1.txt", refsource: "CONFIRM", url: "http://www.squid-cache.org/Advisories/SQUID-2016_1.txt", }, { name: "SUSE-SU-2016:1996", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { name: "1035045", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035045", }, { name: "[squid-announce] 20160216 Squid 4.0.6 beta is available", refsource: "MLIST", url: "http://lists.squid-cache.org/pipermail/squid-announce/2016-February/000038.html", }, { name: "[squid-announce] 20160216 Squid 3.5.14 is available", refsource: "MLIST", url: "http://lists.squid-cache.org/pipermail/squid-announce/2016-February/000037.html", }, { name: "SUSE-SU-2016:2089", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "http://bugs.squid-cache.org/show_bug.cgi?id=4437", refsource: "CONFIRM", url: "http://bugs.squid-cache.org/show_bug.cgi?id=4437", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-2390", datePublished: "2016-04-19T21:00:00", dateReserved: "2016-02-16T00:00:00", dateUpdated: "2024-08-05T23:24:49.262Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-49285
Vulnerability from cvelistv5
Published
2023-12-04 22:56
Modified
2025-02-13 17:18
Severity ?
EPSS score ?
Summary
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| squid-cache | squid |
Version: >= 2.2, < 6.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T21:53:45.105Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/squid-cache/squid/security/advisories/GHSA-8w9r-p88v-mmx9", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-8w9r-p88v-mmx9", }, { name: "https://github.com/squid-cache/squid/commit/77b3fb4df0f126784d5fd4967c28ed40eb8d521b", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/squid-cache/squid/commit/77b3fb4df0f126784d5fd4967c28ed40eb8d521b", }, { name: "https://github.com/squid-cache/squid/commit/deee944f9a12c9fd399ce52f3e2526bb573a9470", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/squid-cache/squid/commit/deee944f9a12c9fd399ce52f3e2526bb573a9470", }, { name: "http://www.squid-cache.org/Versions/v5/SQUID-2023_7.patch", tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v5/SQUID-2023_7.patch", }, { name: "http://www.squid-cache.org/Versions/v6/SQUID-2023_7.patch", tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v6/SQUID-2023_7.patch", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240119-0004/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "squid", vendor: "squid-cache", versions: [ { status: "affected", version: ">= 2.2, < 6.5", }, ], }, ], descriptions: [ { lang: "en", value: "Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-126", description: "CWE-126: Buffer Over-read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-19T16:06:24.188Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/squid-cache/squid/security/advisories/GHSA-8w9r-p88v-mmx9", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-8w9r-p88v-mmx9", }, { name: "https://github.com/squid-cache/squid/commit/77b3fb4df0f126784d5fd4967c28ed40eb8d521b", tags: [ "x_refsource_MISC", ], url: "https://github.com/squid-cache/squid/commit/77b3fb4df0f126784d5fd4967c28ed40eb8d521b", }, { name: "https://github.com/squid-cache/squid/commit/deee944f9a12c9fd399ce52f3e2526bb573a9470", tags: [ "x_refsource_MISC", ], url: "https://github.com/squid-cache/squid/commit/deee944f9a12c9fd399ce52f3e2526bb573a9470", }, { name: "http://www.squid-cache.org/Versions/v5/SQUID-2023_7.patch", tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/Versions/v5/SQUID-2023_7.patch", }, { name: "http://www.squid-cache.org/Versions/v6/SQUID-2023_7.patch", tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/Versions/v6/SQUID-2023_7.patch", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/", }, { url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html", }, { url: "https://security.netapp.com/advisory/ntap-20240119-0004/", }, ], source: { advisory: "GHSA-8w9r-p88v-mmx9", discovery: "UNKNOWN", }, title: "Denial of Service in HTTP Message Processing in Squid", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-49285", datePublished: "2023-12-04T22:56:55.105Z", dateReserved: "2023-11-24T16:45:24.312Z", dateUpdated: "2025-02-13T17:18:37.933Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-3609
Vulnerability from cvelistv5
Published
2014-09-11 18:00
Modified
2024-08-06 10:50
Severity ?
EPSS score ?
Summary
HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted "Range headers with unidentifiable byte-range values."
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T10:50:17.607Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "61320", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61320", }, { name: "60179", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/60179", }, { name: "SUSE-SU-2014:1140", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00025.html", }, { name: "USN-2327-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2327-1", }, { name: "DSA-3139", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2015/dsa-3139", }, { name: "openSUSE-SU-2014:1144", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2014-09/msg00029.html", }, { name: "DSA-3014", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2014/dsa-3014", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Advisories/SQUID-2014_2.txt", }, { name: "RHSA-2014:1147", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1147.html", }, { name: "60334", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/60334", }, { name: "69453", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/69453", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9201.patch", }, { name: "61412", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/61412", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-08-28T00:00:00", descriptions: [ { lang: "en", value: "HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted \"Range headers with unidentifiable byte-range values.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-01-04T17:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "61320", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61320", }, { name: "60179", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/60179", }, { name: "SUSE-SU-2014:1140", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00025.html", }, { name: "USN-2327-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2327-1", }, { name: "DSA-3139", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2015/dsa-3139", }, { name: "openSUSE-SU-2014:1144", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2014-09/msg00029.html", }, { name: "DSA-3014", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2014/dsa-3014", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Advisories/SQUID-2014_2.txt", }, { name: "RHSA-2014:1147", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-1147.html", }, { name: "60334", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/60334", }, { name: "69453", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/69453", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9201.patch", }, { name: "61412", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/61412", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2014-3609", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted \"Range headers with unidentifiable byte-range values.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "61320", refsource: "SECUNIA", url: "http://secunia.com/advisories/61320", }, { name: "60179", refsource: "SECUNIA", url: "http://secunia.com/advisories/60179", }, { name: "SUSE-SU-2014:1140", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00025.html", }, { name: "USN-2327-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2327-1", }, { name: "DSA-3139", refsource: "DEBIAN", url: "http://www.debian.org/security/2015/dsa-3139", }, { name: "openSUSE-SU-2014:1144", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2014-09/msg00029.html", }, { name: "DSA-3014", refsource: "DEBIAN", url: "http://www.debian.org/security/2014/dsa-3014", }, { name: "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", }, { name: "http://www.squid-cache.org/Advisories/SQUID-2014_2.txt", refsource: "CONFIRM", url: "http://www.squid-cache.org/Advisories/SQUID-2014_2.txt", }, { name: "RHSA-2014:1147", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2014-1147.html", }, { name: "60334", refsource: "SECUNIA", url: "http://secunia.com/advisories/60334", }, { name: "69453", refsource: "BID", url: "http://www.securityfocus.com/bid/69453", }, { name: "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9201.patch", refsource: "CONFIRM", url: "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9201.patch", }, { name: "61412", refsource: "SECUNIA", url: "http://secunia.com/advisories/61412", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2014-3609", datePublished: "2014-09-11T18:00:00", dateReserved: "2014-05-14T00:00:00", dateUpdated: "2024-08-06T10:50:17.607Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-4553
Vulnerability from cvelistv5
Published
2016-05-10 19:00
Modified
2024-08-06 00:32
Severity ?
EPSS score ?
Summary
client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:32:25.689Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "GLSA-201607-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201607-01", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugs.squid-cache.org/show_bug.cgi?id=4501", }, { name: "SUSE-SU-2016:1996", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_7.txt", }, { name: "USN-2995-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2995-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14039.patch", }, { name: "RHSA-2016:1140", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:1140", }, { name: "openSUSE-SU-2016:2081", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { name: "RHSA-2016:1139", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:1139", }, { name: "SUSE-SU-2016:2089", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "1035768", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035768", }, { name: "DSA-3625", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3625", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-05-06T00:00:00", descriptions: [ { lang: "en", value: "client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-28T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "GLSA-201607-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201607-01", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugs.squid-cache.org/show_bug.cgi?id=4501", }, { name: "SUSE-SU-2016:1996", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_7.txt", }, { name: "USN-2995-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2995-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14039.patch", }, { name: "RHSA-2016:1140", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:1140", }, { name: "openSUSE-SU-2016:2081", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { name: "RHSA-2016:1139", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:1139", }, { name: "SUSE-SU-2016:2089", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "1035768", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035768", }, { name: "DSA-3625", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3625", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-4553", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "GLSA-201607-01", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201607-01", }, { name: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { name: "http://bugs.squid-cache.org/show_bug.cgi?id=4501", refsource: "CONFIRM", url: "http://bugs.squid-cache.org/show_bug.cgi?id=4501", }, { name: "SUSE-SU-2016:1996", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { name: "http://www.squid-cache.org/Advisories/SQUID-2016_7.txt", refsource: "CONFIRM", url: "http://www.squid-cache.org/Advisories/SQUID-2016_7.txt", }, { name: "USN-2995-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2995-1", }, { name: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14039.patch", refsource: "CONFIRM", url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14039.patch", }, { name: "RHSA-2016:1140", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:1140", }, { name: "openSUSE-SU-2016:2081", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { name: "RHSA-2016:1139", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:1139", }, { name: "SUSE-SU-2016:2089", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "1035768", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035768", }, { name: "DSA-3625", refsource: "DEBIAN", url: "http://www.debian.org/security/2016/dsa-3625", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-4553", datePublished: "2016-05-10T19:00:00", dateReserved: "2016-05-06T00:00:00", dateUpdated: "2024-08-06T00:32:25.689Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-12525
Vulnerability from cvelistv5
Published
2019-07-11 18:17
Modified
2024-08-04 23:24
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token's value starts with a quote and ends with one. If so, it performs a memcpy of its length minus 2. Squid never checks whether the value is just a single quote (which would satisfy its requirements), leading to a memcpy of its length minus 1.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:24:38.574Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v4/changesets/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/squid-cache/squid/commits/v4", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch", }, { name: "USN-4065-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4065-1/", }, { name: "[debian-lts-announce] 20190720 [SECURITY] [DLA 1858-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00018.html", }, { name: "USN-4065-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4065-2/", }, { name: "FEDORA-2019-cb50bcc189", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/", }, { name: "DSA-4507", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4507", }, { name: "20190825 [SECURITY] [DSA 4507-1] squid security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Aug/42", }, { name: "openSUSE-SU-2019:2540", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html", }, { name: "openSUSE-SU-2019:2541", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2019-06-19T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token's value starts with a quote and ends with one. If so, it performs a memcpy of its length minus 2. Squid never checks whether the value is just a single quote (which would satisfy its requirements), leading to a memcpy of its length minus 1.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-10T23:06:18", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v4/changesets/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/squid-cache/squid/commits/v4", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch", }, { name: "USN-4065-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4065-1/", }, { name: "[debian-lts-announce] 20190720 [SECURITY] [DLA 1858-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00018.html", }, { name: "USN-4065-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4065-2/", }, { name: "FEDORA-2019-cb50bcc189", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/", }, { name: "DSA-4507", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2019/dsa-4507", }, { name: "20190825 [SECURITY] [DSA 4507-1] squid security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Aug/42", }, { name: "openSUSE-SU-2019:2540", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html", }, { name: "openSUSE-SU-2019:2541", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-12525", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token's value starts with a quote and ends with one. If so, it performs a memcpy of its length minus 2. Squid never checks whether the value is just a single quote (which would satisfy its requirements), leading to a memcpy of its length minus 1.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.squid-cache.org/Versions/v4/changesets/", refsource: "CONFIRM", url: "http://www.squid-cache.org/Versions/v4/changesets/", }, { name: "https://github.com/squid-cache/squid/commits/v4", refsource: "CONFIRM", url: "https://github.com/squid-cache/squid/commits/v4", }, { name: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch", refsource: "CONFIRM", url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch", }, { name: "USN-4065-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4065-1/", }, { name: "[debian-lts-announce] 20190720 [SECURITY] [DLA 1858-1] squid3 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00018.html", }, { name: "USN-4065-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4065-2/", }, { name: "FEDORA-2019-cb50bcc189", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/", }, { name: "DSA-4507", refsource: "DEBIAN", url: "https://www.debian.org/security/2019/dsa-4507", }, { name: "20190825 [SECURITY] [DSA 4507-1] squid security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Aug/42", }, { name: "openSUSE-SU-2019:2540", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html", }, { name: "openSUSE-SU-2019:2541", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-12525", datePublished: "2019-07-11T18:17:49", dateReserved: "2019-06-02T00:00:00", dateUpdated: "2024-08-04T23:24:38.574Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-28116
Vulnerability from cvelistv5
Published
2021-03-09 21:44
Modified
2024-08-03 21:33
Severity ?
EPSS score ?
Summary
Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.squid-cache.org/Versions/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-21-157/ | x_refsource_MISC | |
| https://github.com/squid-cache/squid/security/advisories/GHSA-rgf3-9v3p-qp82 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202105-14 | vendor-advisory, x_refsource_GENTOO | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/ | vendor-advisory, x_refsource_FEDORA | |
| http://www.openwall.com/lists/oss-security/2021/10/04/1 | mailing-list, x_refsource_MLIST | |
| https://www.debian.org/security/2022/dsa-5171 | vendor-advisory, x_refsource_DEBIAN |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T21:33:17.441Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/Versions/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-157/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-rgf3-9v3p-qp82", }, { name: "GLSA-202105-14", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202105-14", }, { name: "FEDORA-2021-c0bec55ec7", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/", }, { name: "FEDORA-2021-24af72ff2c", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/", }, { name: "[oss-security] 20211004 CVE-2021-28116 / ZDI-CAN-11610 / SQUID-2020:12 Out-Of-Bounds memory access in WCCPv2", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/10/04/1", }, { name: "DSA-5171", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5171", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:H/AV:N/A:N/C:L/I:N/PR:N/S:U/UI:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-06-28T10:06:22", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/Versions/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.zerodayinitiative.com/advisories/ZDI-21-157/", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-rgf3-9v3p-qp82", }, { name: "GLSA-202105-14", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202105-14", }, { name: "FEDORA-2021-c0bec55ec7", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/", }, { name: "FEDORA-2021-24af72ff2c", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/", }, { name: "[oss-security] 20211004 CVE-2021-28116 / ZDI-CAN-11610 / SQUID-2020:12 Out-Of-Bounds memory access in WCCPv2", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2021/10/04/1", }, { name: "DSA-5171", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2022/dsa-5171", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-28116", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:H/AV:N/A:N/C:L/I:N/PR:N/S:U/UI:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.squid-cache.org/Versions/", refsource: "MISC", url: "http://www.squid-cache.org/Versions/", }, { name: "https://www.zerodayinitiative.com/advisories/ZDI-21-157/", refsource: "MISC", url: "https://www.zerodayinitiative.com/advisories/ZDI-21-157/", }, { name: "https://github.com/squid-cache/squid/security/advisories/GHSA-rgf3-9v3p-qp82", refsource: "MISC", url: "https://github.com/squid-cache/squid/security/advisories/GHSA-rgf3-9v3p-qp82", }, { name: "GLSA-202105-14", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202105-14", }, { name: "FEDORA-2021-c0bec55ec7", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/", }, { name: "FEDORA-2021-24af72ff2c", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/", }, { name: "[oss-security] 20211004 CVE-2021-28116 / ZDI-CAN-11610 / SQUID-2020:12 Out-Of-Bounds memory access in WCCPv2", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2021/10/04/1", }, { name: "DSA-5171", refsource: "DEBIAN", url: "https://www.debian.org/security/2022/dsa-5171", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-28116", datePublished: "2021-03-09T21:44:58", dateReserved: "2021-03-09T00:00:00", dateUpdated: "2024-08-03T21:33:17.441Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-28651
Vulnerability from cvelistv5
Published
2021-05-27 00:00
Modified
2024-08-03 21:47
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can easily trigger a large amount of memory consumption.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T21:47:32.975Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugs.squid-cache.org/show_bug.cgi?id=5104", }, { tags: [ "x_transferred", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-ch36-9jhx-phm4", }, { name: "DSA-4924", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2021/dsa-4924", }, { name: "FEDORA-2021-c0bec55ec7", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/", }, { name: "FEDORA-2021-24af72ff2c", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/", }, { name: "[debian-lts-announce] 20210614 [SECURITY] [DLA 2685-1] squid3 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210716-0007/", }, { name: "[oss-security] 20231011 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/11/3", }, { name: "20231016 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2023/Oct/14", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can easily trigger a large amount of memory consumption.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-17T04:06:23.574133", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://bugs.squid-cache.org/show_bug.cgi?id=5104", }, { url: "https://github.com/squid-cache/squid/security/advisories/GHSA-ch36-9jhx-phm4", }, { name: "DSA-4924", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2021/dsa-4924", }, { name: "FEDORA-2021-c0bec55ec7", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/", }, { name: "FEDORA-2021-24af72ff2c", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/", }, { name: "[debian-lts-announce] 20210614 [SECURITY] [DLA 2685-1] squid3 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html", }, { url: "https://security.netapp.com/advisory/ntap-20210716-0007/", }, { name: "[oss-security] 20231011 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/10/11/3", }, { name: "20231016 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2023/Oct/14", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-28651", datePublished: "2021-05-27T00:00:00", dateReserved: "2021-03-17T00:00:00", dateUpdated: "2024-08-03T21:47:32.975Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-6270
Vulnerability from cvelistv5
Published
2014-09-12 14:00
Modified
2024-08-06 12:10
Severity ?
EPSS score ?
Summary
Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/95873 | vdb-entry, x_refsource_XF | |
| https://security.gentoo.org/glsa/201607-01 | vendor-advisory, x_refsource_GENTOO | |
| http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html | vendor-advisory, x_refsource_SUSE | |
| http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1139967 | x_refsource_CONFIRM | |
| http://seclists.org/oss-sec/2014/q3/542 | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html | vendor-advisory, x_refsource_SUSE | |
| https://bugzilla.novell.com/show_bug.cgi?id=895773 | x_refsource_CONFIRM | |
| http://seclists.org/oss-sec/2014/q3/550 | mailing-list, x_refsource_MLIST | |
| http://www.ubuntu.com/usn/USN-2921-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.securityfocus.com/bid/69686 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T12:10:13.341Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "squid-cve20146270-bo(95873)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/95873", }, { name: "GLSA-201607-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201607-01", }, { name: "SUSE-SU-2016:1996", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1139967", }, { name: "[oss-security] 20140909 CVE-Request: squid snmp off-by-one", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://seclists.org/oss-sec/2014/q3/542", }, { name: "SUSE-SU-2016:2089", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.novell.com/show_bug.cgi?id=895773", }, { name: "[oss-security] 20140909 Re: CVE-Request: squid snmp off-by-one", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://seclists.org/oss-sec/2014/q3/550", }, { name: "USN-2921-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2921-1", }, { name: "69686", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/69686", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-09-09T00:00:00", descriptions: [ { lang: "en", value: "Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-09-07T15:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "squid-cve20146270-bo(95873)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/95873", }, { name: "GLSA-201607-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201607-01", }, { name: "SUSE-SU-2016:1996", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1139967", }, { name: "[oss-security] 20140909 CVE-Request: squid snmp off-by-one", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://seclists.org/oss-sec/2014/q3/542", }, { name: "SUSE-SU-2016:2089", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.novell.com/show_bug.cgi?id=895773", }, { name: "[oss-security] 20140909 Re: CVE-Request: squid snmp off-by-one", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://seclists.org/oss-sec/2014/q3/550", }, { name: "USN-2921-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2921-1", }, { name: "69686", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/69686", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2014-6270", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "squid-cve20146270-bo(95873)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/95873", }, { name: "GLSA-201607-01", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201607-01", }, { name: "SUSE-SU-2016:1996", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { name: "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1139967", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1139967", }, { name: "[oss-security] 20140909 CVE-Request: squid snmp off-by-one", refsource: "MLIST", url: "http://seclists.org/oss-sec/2014/q3/542", }, { name: "SUSE-SU-2016:2089", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "https://bugzilla.novell.com/show_bug.cgi?id=895773", refsource: "CONFIRM", url: "https://bugzilla.novell.com/show_bug.cgi?id=895773", }, { name: "[oss-security] 20140909 Re: CVE-Request: squid snmp off-by-one", refsource: "MLIST", url: "http://seclists.org/oss-sec/2014/q3/550", }, { name: "USN-2921-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2921-1", }, { name: "69686", refsource: "BID", url: "http://www.securityfocus.com/bid/69686", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2014-6270", datePublished: "2014-09-12T14:00:00", dateReserved: "2014-09-09T00:00:00", dateUpdated: "2024-08-06T12:10:13.341Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-0128
Vulnerability from cvelistv5
Published
2014-04-14 15:00
Modified
2024-08-06 09:05
Severity ?
EPSS score ?
Summary
Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2014-04/msg00030.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-updates/2014-04/msg00060.html | vendor-advisory, x_refsource_SUSE | |
| http://secunia.com/advisories/57889 | third-party-advisory, x_refsource_SECUNIA | |
| http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html | vendor-advisory, x_refsource_SUSE | |
| http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html | x_refsource_CONFIRM | |
| http://secunia.com/advisories/57288 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/66112 | vdb-entry, x_refsource_BID | |
| http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html | vendor-advisory, x_refsource_SUSE | |
| http://www.squid-cache.org/Advisories/SQUID-2014_1.txt | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T09:05:38.744Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "openSUSE-SU-2014:0513", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2014-04/msg00030.html", }, { name: "openSUSE-SU-2014:0559", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2014-04/msg00060.html", }, { name: "57889", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/57889", }, { name: "SUSE-SU-2016:1996", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", }, { name: "57288", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/57288", }, { name: "66112", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/66112", }, { name: "SUSE-SU-2016:2089", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Advisories/SQUID-2014_1.txt", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-04-11T00:00:00", descriptions: [ { lang: "en", value: "Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-12-15T17:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "openSUSE-SU-2014:0513", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2014-04/msg00030.html", }, { name: "openSUSE-SU-2014:0559", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2014-04/msg00060.html", }, { name: "57889", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/57889", }, { name: "SUSE-SU-2016:1996", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", }, { name: "57288", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/57288", }, { name: "66112", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/66112", }, { name: "SUSE-SU-2016:2089", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Advisories/SQUID-2014_1.txt", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2014-0128", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "openSUSE-SU-2014:0513", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2014-04/msg00030.html", }, { name: "openSUSE-SU-2014:0559", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2014-04/msg00060.html", }, { name: "57889", refsource: "SECUNIA", url: "http://secunia.com/advisories/57889", }, { name: "SUSE-SU-2016:1996", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { name: "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", }, { name: "57288", refsource: "SECUNIA", url: "http://secunia.com/advisories/57288", }, { name: "66112", refsource: "BID", url: "http://www.securityfocus.com/bid/66112", }, { name: "SUSE-SU-2016:2089", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "http://www.squid-cache.org/Advisories/SQUID-2014_1.txt", refsource: "CONFIRM", url: "http://www.squid-cache.org/Advisories/SQUID-2014_1.txt", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2014-0128", datePublished: "2014-04-14T15:00:00", dateReserved: "2013-12-03T00:00:00", dateUpdated: "2024-08-06T09:05:38.744Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-3455
Vulnerability from cvelistv5
Published
2015-05-18 15:00
Modified
2024-08-06 05:47
Severity ?
EPSS score ?
Summary
Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183598.html | vendor-advisory, x_refsource_FEDORA | |
| http://rhn.redhat.com/errata/RHSA-2015-2378.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-updates/2015-09/msg00016.html | vendor-advisory, x_refsource_SUSE | |
| http://www.securityfocus.com/bid/74438 | vdb-entry, x_refsource_BID | |
| http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1032221 | vdb-entry, x_refsource_SECTRACK | |
| http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html | vendor-advisory, x_refsource_SUSE | |
| http://advisories.mageia.org/MGASA-2015-0191.html | x_refsource_CONFIRM | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2015:230 | vendor-advisory, x_refsource_MANDRIVA | |
| http://www.squid-cache.org/Advisories/SQUID-2015_1.txt | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T05:47:57.745Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "FEDORA-2016-7b40eb9e29", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183598.html", }, { name: "RHSA-2015:2378", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2015-2378.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", }, { name: "openSUSE-SU-2015:1546", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2015-09/msg00016.html", }, { name: "74438", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/74438", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", }, { name: "1032221", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1032221", }, { name: "openSUSE-SU-2016:2081", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://advisories.mageia.org/MGASA-2015-0191.html", }, { name: "MDVSA-2015:230", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:230", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Advisories/SQUID-2015_1.txt", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-05-01T00:00:00", descriptions: [ { lang: "en", value: "Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-12-20T16:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "FEDORA-2016-7b40eb9e29", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183598.html", }, { name: "RHSA-2015:2378", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2015-2378.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", }, { name: "openSUSE-SU-2015:1546", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2015-09/msg00016.html", }, { name: "74438", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/74438", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", }, { name: "1032221", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1032221", }, { name: "openSUSE-SU-2016:2081", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://advisories.mageia.org/MGASA-2015-0191.html", }, { name: "MDVSA-2015:230", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:230", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Advisories/SQUID-2015_1.txt", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-3455", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "FEDORA-2016-7b40eb9e29", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183598.html", }, { name: "RHSA-2015:2378", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2015-2378.html", }, { name: "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", }, { name: "openSUSE-SU-2015:1546", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2015-09/msg00016.html", }, { name: "74438", refsource: "BID", url: "http://www.securityfocus.com/bid/74438", }, { name: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", }, { name: "1032221", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1032221", }, { name: "openSUSE-SU-2016:2081", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { name: "http://advisories.mageia.org/MGASA-2015-0191.html", refsource: "CONFIRM", url: "http://advisories.mageia.org/MGASA-2015-0191.html", }, { name: "MDVSA-2015:230", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2015:230", }, { name: "http://www.squid-cache.org/Advisories/SQUID-2015_1.txt", refsource: "CONFIRM", url: "http://www.squid-cache.org/Advisories/SQUID-2015_1.txt", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-3455", datePublished: "2015-05-18T15:00:00", dateReserved: "2015-04-29T00:00:00", dateUpdated: "2024-08-06T05:47:57.745Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-41611
Vulnerability from cvelistv5
Published
2021-10-18 08:56
Modified
2024-08-04 03:15
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem allows a remote server to obtain security trust well improperly. This indication of trust may be passed along to clients, allowing access to unsafe or hijacked services.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.squid-cache.org/Versions/v6/changesets/squid-6-43d6b5c81b88ec2256b430c69a872a1e4f324e4a.patch | x_refsource_MISC | |
| https://github.com/squid-cache/squid/security/advisories/GHSA-47m4-g3mv-9q5r | x_refsource_CONFIRM | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CWQ2WKDWTSO47S3F6XJJ6HGG2ULWEAE4/ | vendor-advisory, x_refsource_FEDORA | |
| http://www.openwall.com/lists/oss-security/2021/12/23/2 | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T03:15:29.048Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v6/changesets/squid-6-43d6b5c81b88ec2256b430c69a872a1e4f324e4a.patch", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-47m4-g3mv-9q5r", }, { name: "FEDORA-2021-15d2f70a07", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CWQ2WKDWTSO47S3F6XJJ6HGG2ULWEAE4/", }, { name: "[oss-security] 20211223 CVE-2021-44273: e2guardian did not validate TLS hostnames", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/12/23/2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem allows a remote server to obtain security trust well improperly. This indication of trust may be passed along to clients, allowing access to unsafe or hijacked services.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-23T21:06:11", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/Versions/v6/changesets/squid-6-43d6b5c81b88ec2256b430c69a872a1e4f324e4a.patch", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-47m4-g3mv-9q5r", }, { name: "FEDORA-2021-15d2f70a07", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CWQ2WKDWTSO47S3F6XJJ6HGG2ULWEAE4/", }, { name: "[oss-security] 20211223 CVE-2021-44273: e2guardian did not validate TLS hostnames", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2021/12/23/2", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-41611", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem allows a remote server to obtain security trust well improperly. This indication of trust may be passed along to clients, allowing access to unsafe or hijacked services.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.squid-cache.org/Versions/v6/changesets/squid-6-43d6b5c81b88ec2256b430c69a872a1e4f324e4a.patch", refsource: "MISC", url: "http://www.squid-cache.org/Versions/v6/changesets/squid-6-43d6b5c81b88ec2256b430c69a872a1e4f324e4a.patch", }, { name: "https://github.com/squid-cache/squid/security/advisories/GHSA-47m4-g3mv-9q5r", refsource: "CONFIRM", url: "https://github.com/squid-cache/squid/security/advisories/GHSA-47m4-g3mv-9q5r", }, { name: "FEDORA-2021-15d2f70a07", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWQ2WKDWTSO47S3F6XJJ6HGG2ULWEAE4/", }, { name: "[oss-security] 20211223 CVE-2021-44273: e2guardian did not validate TLS hostnames", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2021/12/23/2", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-41611", datePublished: "2021-10-18T08:56:16", dateReserved: "2021-09-25T00:00:00", dateUpdated: "2024-08-04T03:15:29.048Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2010-0308
Vulnerability from cvelistv5
Published
2010-02-03 18:00
Modified
2024-08-07 00:45
Severity ?
EPSS score ?
Summary
lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T00:45:11.819Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "38451", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/38451", }, { name: "38455", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/38455", }, { name: "62044", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/62044", }, { name: "37522", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/37522", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-9853.patch", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v2/HEAD/changesets/12597.patch", }, { name: "squid-dns-dos(56001)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/56001", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://events.ccc.de/congress/2009/Fahrplan/attachments/1483_26c3_ipv4_fuckups.pdf", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Advisories/SQUID-2010_1.txt", }, { name: "oval:org.mitre.oval:def:11270", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11270", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9163.patch", }, { name: "1023520", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1023520", }, { name: "ADV-2010-0260", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2010/0260", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2009-12-27T00:00:00", descriptions: [ { lang: "en", value: "lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-09-18T12:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "38451", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/38451", }, { name: "38455", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/38455", }, { name: "62044", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/62044", }, { name: "37522", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/37522", }, { tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-9853.patch", }, { tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/Versions/v2/HEAD/changesets/12597.patch", }, { name: "squid-dns-dos(56001)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/56001", }, { tags: [ "x_refsource_MISC", ], url: "http://events.ccc.de/congress/2009/Fahrplan/attachments/1483_26c3_ipv4_fuckups.pdf", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Advisories/SQUID-2010_1.txt", }, { name: "oval:org.mitre.oval:def:11270", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11270", }, { tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9163.patch", }, { name: "1023520", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1023520", }, { name: "ADV-2010-0260", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2010/0260", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2010-0308", datePublished: "2010-02-03T18:00:00", dateReserved: "2010-01-12T00:00:00", dateUpdated: "2024-08-07T00:45:11.819Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2010-3072
Vulnerability from cvelistv5
Published
2010-09-20 20:00
Modified
2024-08-07 02:55
Severity ?
EPSS score ?
Summary
The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T02:55:46.853Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "FEDORA-2010-14236", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047820.html", }, { name: "[oss-security] 20100905 CVE Request -- Squid -- Denial of service due internal error in string handling (SQUID-2010:3)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2010/09/05/2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=630444", }, { name: "FEDORA-2010-14222", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047787.html", }, { name: "41298", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/41298", }, { name: "ADV-2010-2433", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2010/2433", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Advisories/SQUID-2010_3.txt", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9189.patch", }, { name: "41477", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/41477", }, { name: "DSA-2111", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2010/dsa-2111", }, { name: "42982", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/42982", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10090.patch", }, { name: "41534", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/41534", }, { name: "SUSE-SR:2010:019", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html", }, { name: "[oss-security] 20100907 Re: CVE Request -- Squid -- Denial of service due internal error in string handling (SQUID-2010:3)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2010/09/07/7", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2010-09-03T00:00:00", descriptions: [ { lang: "en", value: "The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2010-09-28T09:00:00", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "FEDORA-2010-14236", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047820.html", }, { name: "[oss-security] 20100905 CVE Request -- Squid -- Denial of service due internal error in string handling (SQUID-2010:3)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2010/09/05/2", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=630444", }, { name: "FEDORA-2010-14222", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047787.html", }, { name: "41298", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/41298", }, { name: "ADV-2010-2433", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2010/2433", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Advisories/SQUID-2010_3.txt", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9189.patch", }, { name: "41477", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/41477", }, { name: "DSA-2111", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2010/dsa-2111", }, { name: "42982", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/42982", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10090.patch", }, { name: "41534", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/41534", }, { name: "SUSE-SR:2010:019", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html", }, { name: "[oss-security] 20100907 Re: CVE Request -- Squid -- Denial of service due internal error in string handling (SQUID-2010:3)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2010/09/07/7", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2010-3072", datePublished: "2010-09-20T20:00:00", dateReserved: "2010-08-20T00:00:00", dateUpdated: "2024-08-07T02:55:46.853Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-4554
Vulnerability from cvelistv5
Published
2016-05-10 19:00
Modified
2024-08-06 00:32
Severity ?
EPSS score ?
Summary
mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:32:25.859Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "GLSA-201607-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201607-01", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v3/3.3/changesets/SQUID-2016_8.patch", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_8.patch", }, { name: "SUSE-SU-2016:1996", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID-2016_8.patch", }, { name: "USN-2995-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2995-1", }, { name: "1035769", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035769", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v3/3.2/changesets/SQUID-2016_8.patch", }, { name: "RHSA-2016:1140", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:1140", }, { name: "openSUSE-SU-2016:2081", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { name: "RHSA-2016:1138", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:1138", }, { name: "RHSA-2016:1139", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:1139", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_8.txt", }, { name: "SUSE-SU-2016:2089", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_8.patch", }, { name: "DSA-3625", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3625", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-05-06T00:00:00", descriptions: [ { lang: "en", value: "mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a \"header smuggling\" issue.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-28T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "GLSA-201607-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201607-01", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v3/3.3/changesets/SQUID-2016_8.patch", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_8.patch", }, { name: "SUSE-SU-2016:1996", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID-2016_8.patch", }, { name: "USN-2995-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2995-1", }, { name: "1035769", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035769", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v3/3.2/changesets/SQUID-2016_8.patch", }, { name: "RHSA-2016:1140", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:1140", }, { name: "openSUSE-SU-2016:2081", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { name: "RHSA-2016:1138", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:1138", }, { name: "RHSA-2016:1139", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:1139", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_8.txt", }, { name: "SUSE-SU-2016:2089", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_8.patch", }, { name: "DSA-3625", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3625", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-4554", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a \"header smuggling\" issue.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "GLSA-201607-01", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201607-01", }, { name: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { name: "http://www.squid-cache.org/Versions/v3/3.3/changesets/SQUID-2016_8.patch", refsource: "CONFIRM", url: "http://www.squid-cache.org/Versions/v3/3.3/changesets/SQUID-2016_8.patch", }, { name: "http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_8.patch", refsource: "CONFIRM", url: "http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_8.patch", }, { name: "SUSE-SU-2016:1996", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { name: "http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID-2016_8.patch", refsource: "CONFIRM", url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID-2016_8.patch", }, { name: "USN-2995-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2995-1", }, { name: "1035769", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035769", }, { name: "http://www.squid-cache.org/Versions/v3/3.2/changesets/SQUID-2016_8.patch", refsource: "CONFIRM", url: "http://www.squid-cache.org/Versions/v3/3.2/changesets/SQUID-2016_8.patch", }, { name: "RHSA-2016:1140", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:1140", }, { name: "openSUSE-SU-2016:2081", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { name: "RHSA-2016:1138", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:1138", }, { name: "RHSA-2016:1139", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:1139", }, { name: "http://www.squid-cache.org/Advisories/SQUID-2016_8.txt", refsource: "CONFIRM", url: "http://www.squid-cache.org/Advisories/SQUID-2016_8.txt", }, { name: "SUSE-SU-2016:2089", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_8.patch", refsource: "CONFIRM", url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_8.patch", }, { name: "DSA-3625", refsource: "DEBIAN", url: "http://www.debian.org/security/2016/dsa-3625", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-4554", datePublished: "2016-05-10T19:00:00", dateReserved: "2016-05-06T00:00:00", dateUpdated: "2024-08-06T00:32:25.859Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-12522
Vulnerability from cvelistv5
Published
2020-04-15 19:00
Modified
2024-08-04 23:24
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This makes it trivial for an attacker who has compromised the child process to escalate their privileges back to root.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12522.txt | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210205-0006/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:24:38.888Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12522.txt", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210205-0006/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This makes it trivial for an attacker who has compromised the child process to escalate their privileges back to root.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-02-05T11:06:16", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12522.txt", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210205-0006/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-12522", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This makes it trivial for an attacker who has compromised the child process to escalate their privileges back to root.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12522.txt", refsource: "MISC", url: "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12522.txt", }, { name: "https://security.netapp.com/advisory/ntap-20210205-0006/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210205-0006/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-12522", datePublished: "2020-04-15T19:00:01", dateReserved: "2019-06-02T00:00:00", dateUpdated: "2024-08-04T23:24:38.888Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-25111
Vulnerability from cvelistv5
Published
2024-03-06 18:14
Modified
2025-02-13 17:40
Severity ?
EPSS score ?
Summary
Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending a crafted, chunked, encoded HTTP Message. This bug is fixed in Squid version 6.8. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. There is no workaround for this issue.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| squid-cache | squid |
Version: >= 3.5.27, < 6.8 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:netapp:bluexp:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "bluexp", vendor: "netapp", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:squid-cache:squid:3.5.27:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "squid", vendor: "squid-cache", versions: [ { lessThan: "6.8", status: "affected", version: "3.5.27", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "fedora", vendor: "fedoraproject", versions: [ { status: "affected", version: "38", }, ], }, { cpes: [ "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "fedora", vendor: "fedoraproject", versions: [ { status: "affected", version: "39", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-25111", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-25T16:32:12.720279Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-25T16:34:20.389Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T23:36:21.702Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/squid-cache/squid/security/advisories/GHSA-72c2-c3wm-8qxc", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-72c2-c3wm-8qxc", }, { name: "http://www.squid-cache.org/Versions/v6/SQUID-2024_1.patch", tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v6/SQUID-2024_1.patch", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7R4KPSO3MQT3KAOZV7LC2GG3CYMCGK7H/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWQHRDRHDM5PQTU6BHH4C5KGL37X6TVI/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240605-0001/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "squid", vendor: "squid-cache", versions: [ { status: "affected", version: ">= 3.5.27, < 6.8", }, ], }, ], descriptions: [ { lang: "en", value: "Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending a crafted, chunked, encoded HTTP Message. This bug is fixed in Squid version 6.8. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. There is no workaround for this issue.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-674", description: "CWE-674: Uncontrolled Recursion", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-10T17:12:09.106Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/squid-cache/squid/security/advisories/GHSA-72c2-c3wm-8qxc", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-72c2-c3wm-8qxc", }, { name: "http://www.squid-cache.org/Versions/v6/SQUID-2024_1.patch", tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/Versions/v6/SQUID-2024_1.patch", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7R4KPSO3MQT3KAOZV7LC2GG3CYMCGK7H/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWQHRDRHDM5PQTU6BHH4C5KGL37X6TVI/", }, { url: "https://security.netapp.com/advisory/ntap-20240605-0001/", }, ], source: { advisory: "GHSA-72c2-c3wm-8qxc", discovery: "UNKNOWN", }, title: "SQUID-2024:1 Denial of Service in HTTP Chunked Decoding", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-25111", datePublished: "2024-03-06T18:14:28.889Z", dateReserved: "2024-02-05T14:14:46.378Z", dateUpdated: "2025-02-13T17:40:47.040Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-46848
Vulnerability from cvelistv5
Published
2023-11-03 07:58
Modified
2024-11-23 02:54
Severity ?
EPSS score ?
Summary
Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2023:6266 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2023:6268 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2023:6748 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2023-46848 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2245919 | issue-tracking, x_refsource_REDHAT | |
| https://github.com/squid-cache/squid/security/advisories/GHSA-2g3c-pg7q-g59w |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 5.0.3 ≤ |
|||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:53:21.945Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2023:6266", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6266", }, { name: "RHSA-2023:6268", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6268", }, { name: "RHSA-2023:6748", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2023:6748", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2023-46848", }, { name: "RHBZ#2245919", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2245919", }, { tags: [ "x_transferred", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-2g3c-pg7q-g59w", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20231214-0005/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://github.com/squid-cache/squid", defaultStatus: "unaffected", packageName: "squid", versions: [ { lessThan: "6.4", status: "affected", version: "5.0.3", versionType: "semver", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "squid", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "7:5.5-5.el9_2.1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "squid", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "7:5.5-6.el9_3.1", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:rhel_eus:9.0::appstream", ], defaultStatus: "affected", packageName: "squid", product: "Red Hat Enterprise Linux 9.0 Extended Update Support", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "7:5.2-1.el9_0.3", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "unaffected", packageName: "squid", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "unaffected", packageName: "squid", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "unaffected", packageName: "squid:4/squid", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, ], datePublic: "2023-10-19T00:00:00+00:00", descriptions: [ { lang: "en", value: "Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Important", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-681", description: "Incorrect Conversion between Numeric Types", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-23T02:54:46.453Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2023:6266", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6266", }, { name: "RHSA-2023:6268", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6268", }, { name: "RHSA-2023:6748", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2023:6748", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2023-46848", }, { name: "RHBZ#2245919", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2245919", }, { url: "https://github.com/squid-cache/squid/security/advisories/GHSA-2g3c-pg7q-g59w", }, ], timeline: [ { lang: "en", time: "2023-10-24T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2023-10-19T00:00:00+00:00", value: "Made public.", }, ], title: "Squid: denial of service in ftp", x_redhatCweChain: "CWE-400->CWE-681: Uncontrolled Resource Consumption leads to Incorrect Conversion between Numeric Types", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2023-46848", datePublished: "2023-11-03T07:58:05.613Z", dateReserved: "2023-10-27T08:36:38.158Z", dateUpdated: "2024-11-23T02:54:46.453Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-2571
Vulnerability from cvelistv5
Published
2016-02-27 02:00
Modified
2024-08-05 23:32
Severity ?
EPSS score ?
Summary
http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:32:20.940Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "USN-3557-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3557-1/", }, { name: "GLSA-201607-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201607-01", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13990.patch", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_2.txt", }, { name: "SUSE-SU-2016:1996", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { name: "DSA-3522", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3522", }, { name: "RHSA-2016:2600", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2600.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-14548.patch", }, { name: "openSUSE-SU-2016:2081", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { name: "[oss-security] 20160226 Re: CVE request: Squid HTTP Caching Proxy multiple denial of service issues", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/02/26/2", }, { name: "SUSE-SU-2016:2089", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "1035101", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035101", }, { name: "USN-2921-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2921-1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-02-26T00:00:00", descriptions: [ { lang: "en", value: "http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-03-15T09:57:02", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "USN-3557-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3557-1/", }, { name: "GLSA-201607-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201607-01", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13990.patch", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_2.txt", }, { name: "SUSE-SU-2016:1996", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { name: "DSA-3522", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3522", }, { name: "RHSA-2016:2600", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2600.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-14548.patch", }, { name: "openSUSE-SU-2016:2081", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { name: "[oss-security] 20160226 Re: CVE request: Squid HTTP Caching Proxy multiple denial of service issues", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/02/26/2", }, { name: "SUSE-SU-2016:2089", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "1035101", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035101", }, { name: "USN-2921-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2921-1", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-2571", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "USN-3557-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3557-1/", }, { name: "GLSA-201607-01", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201607-01", }, { name: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13990.patch", refsource: "CONFIRM", url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13990.patch", }, { name: "http://www.squid-cache.org/Advisories/SQUID-2016_2.txt", refsource: "CONFIRM", url: "http://www.squid-cache.org/Advisories/SQUID-2016_2.txt", }, { name: "SUSE-SU-2016:1996", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { name: "DSA-3522", refsource: "DEBIAN", url: "http://www.debian.org/security/2016/dsa-3522", }, { name: "RHSA-2016:2600", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-2600.html", }, { name: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-14548.patch", refsource: "CONFIRM", url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-14548.patch", }, { name: "openSUSE-SU-2016:2081", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { name: "[oss-security] 20160226 Re: CVE request: Squid HTTP Caching Proxy multiple denial of service issues", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/02/26/2", }, { name: "SUSE-SU-2016:2089", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "1035101", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035101", }, { name: "USN-2921-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2921-1", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-2571", datePublished: "2016-02-27T02:00:00", dateReserved: "2016-02-26T00:00:00", dateUpdated: "2024-08-05T23:32:20.940Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-7141
Vulnerability from cvelistv5
Published
2014-11-26 15:00
Modified
2024-08-06 12:40
Severity ?
EPSS score ?
Summary
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.squid-cache.org/Advisories/SQUID-2014_4.txt | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html | vendor-advisory, x_refsource_SUSE | |
| http://seclists.org/oss-sec/2014/q3/612 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/60242 | third-party-advisory, x_refsource_SECUNIA | |
| https://bugzilla.novell.com/show_bug.cgi?id=891268 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/69688 | vdb-entry, x_refsource_BID | |
| http://seclists.org/oss-sec/2014/q3/539 | mailing-list, x_refsource_MLIST | |
| http://ubuntu.com/usn/usn-2422-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html | vendor-advisory, x_refsource_SUSE | |
| http://seclists.org/oss-sec/2014/q3/626 | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T12:40:19.045Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Advisories/SQUID-2014_4.txt", }, { name: "SUSE-SU-2016:1996", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { name: "[oss-security] 20140916 Re: CVE-Request: squid pinger remote DoS", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://seclists.org/oss-sec/2014/q3/612", }, { name: "60242", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/60242", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.novell.com/show_bug.cgi?id=891268", }, { name: "69688", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/69688", }, { name: "[oss-security] 20140909 CVE-Request: squid pinger remote DoS", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://seclists.org/oss-sec/2014/q3/539", }, { name: "USN-2422-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://ubuntu.com/usn/usn-2422-1", }, { name: "SUSE-SU-2016:2089", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "[oss-security] 20140922 Re: CVE-Request: squid pinger remote DoS", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://seclists.org/oss-sec/2014/q3/626", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-09-09T00:00:00", descriptions: [ { lang: "en", value: "The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-25T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Advisories/SQUID-2014_4.txt", }, { name: "SUSE-SU-2016:1996", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { name: "[oss-security] 20140916 Re: CVE-Request: squid pinger remote DoS", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://seclists.org/oss-sec/2014/q3/612", }, { name: "60242", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/60242", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.novell.com/show_bug.cgi?id=891268", }, { name: "69688", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/69688", }, { name: "[oss-security] 20140909 CVE-Request: squid pinger remote DoS", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://seclists.org/oss-sec/2014/q3/539", }, { name: "USN-2422-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://ubuntu.com/usn/usn-2422-1", }, { name: "SUSE-SU-2016:2089", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "[oss-security] 20140922 Re: CVE-Request: squid pinger remote DoS", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://seclists.org/oss-sec/2014/q3/626", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2014-7141", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.squid-cache.org/Advisories/SQUID-2014_4.txt", refsource: "CONFIRM", url: "http://www.squid-cache.org/Advisories/SQUID-2014_4.txt", }, { name: "SUSE-SU-2016:1996", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { name: "[oss-security] 20140916 Re: CVE-Request: squid pinger remote DoS", refsource: "MLIST", url: "http://seclists.org/oss-sec/2014/q3/612", }, { name: "60242", refsource: "SECUNIA", url: "http://secunia.com/advisories/60242", }, { name: "https://bugzilla.novell.com/show_bug.cgi?id=891268", refsource: "CONFIRM", url: "https://bugzilla.novell.com/show_bug.cgi?id=891268", }, { name: "69688", refsource: "BID", url: "http://www.securityfocus.com/bid/69688", }, { name: "[oss-security] 20140909 CVE-Request: squid pinger remote DoS", refsource: "MLIST", url: "http://seclists.org/oss-sec/2014/q3/539", }, { name: "USN-2422-1", refsource: "UBUNTU", url: "http://ubuntu.com/usn/usn-2422-1", }, { name: "SUSE-SU-2016:2089", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "[oss-security] 20140922 Re: CVE-Request: squid pinger remote DoS", refsource: "MLIST", url: "http://seclists.org/oss-sec/2014/q3/626", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2014-7141", datePublished: "2014-11-26T15:00:00", dateReserved: "2014-09-22T00:00:00", dateUpdated: "2024-08-06T12:40:19.045Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-25097
Vulnerability from cvelistv5
Published
2021-03-19 04:08
Modified
2024-08-04 15:26
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T15:26:09.610Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-jvf6-h9gj-pmj6", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_11.patch", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v5/changesets/SQUID-2020_11.patch", }, { name: "DSA-4873", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2021/dsa-4873", }, { name: "FEDORA-2021-ecb24e0b9d", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJMDRVV677AJL4BZAOLCT5LMFCGBZTC2/", }, { name: "FEDORA-2021-7d86bec29e", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FBXFWKIGXPERDVQXG556LLPUOCMQGERC/", }, { name: "FEDORA-2021-76f09062a7", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3RYBDMJCPYGOSURWDR3WJTE474UFT77/", }, { name: "GLSA-202105-14", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202105-14", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210727-0010/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-27T15:06:31", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-jvf6-h9gj-pmj6", }, { tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_11.patch", }, { tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/Versions/v5/changesets/SQUID-2020_11.patch", }, { name: "DSA-4873", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2021/dsa-4873", }, { name: "FEDORA-2021-ecb24e0b9d", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJMDRVV677AJL4BZAOLCT5LMFCGBZTC2/", }, { name: "FEDORA-2021-7d86bec29e", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FBXFWKIGXPERDVQXG556LLPUOCMQGERC/", }, { name: "FEDORA-2021-76f09062a7", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3RYBDMJCPYGOSURWDR3WJTE474UFT77/", }, { name: "GLSA-202105-14", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202105-14", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210727-0010/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-25097", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/squid-cache/squid/security/advisories/GHSA-jvf6-h9gj-pmj6", refsource: "MISC", url: "https://github.com/squid-cache/squid/security/advisories/GHSA-jvf6-h9gj-pmj6", }, { name: "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_11.patch", refsource: "MISC", url: "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_11.patch", }, { name: "http://www.squid-cache.org/Versions/v5/changesets/SQUID-2020_11.patch", refsource: "MISC", url: "http://www.squid-cache.org/Versions/v5/changesets/SQUID-2020_11.patch", }, { name: "DSA-4873", refsource: "DEBIAN", url: "https://www.debian.org/security/2021/dsa-4873", }, { name: "FEDORA-2021-ecb24e0b9d", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DJMDRVV677AJL4BZAOLCT5LMFCGBZTC2/", }, { name: "FEDORA-2021-7d86bec29e", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FBXFWKIGXPERDVQXG556LLPUOCMQGERC/", }, { name: "FEDORA-2021-76f09062a7", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3RYBDMJCPYGOSURWDR3WJTE474UFT77/", }, { name: "GLSA-202105-14", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202105-14", }, { name: "https://security.netapp.com/advisory/ntap-20210727-0010/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210727-0010/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-25097", datePublished: "2021-03-19T04:08:54", dateReserved: "2020-09-03T00:00:00", dateUpdated: "2024-08-04T15:26:09.610Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-18860
Vulnerability from cvelistv5
Published
2020-03-20 20:32
Modified
2024-08-05 02:02
Severity ?
EPSS score ?
Summary
Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/squid-cache/squid/pull/504 | x_refsource_CONFIRM | |
| https://github.com/squid-cache/squid/pull/505 | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html | vendor-advisory, x_refsource_SUSE | |
| https://usn.ubuntu.com/4356-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html | mailing-list, x_refsource_MLIST | |
| https://www.debian.org/security/2020/dsa-4732 | vendor-advisory, x_refsource_DEBIAN |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:02:39.914Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/squid-cache/squid/pull/504", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/squid-cache/squid/pull/505", }, { name: "openSUSE-SU-2020:0623", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html", }, { name: "USN-4356-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4356-1/", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { name: "DSA-4732", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4732", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-22T14:06:05", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/squid-cache/squid/pull/504", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/squid-cache/squid/pull/505", }, { name: "openSUSE-SU-2020:0623", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html", }, { name: "USN-4356-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4356-1/", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { name: "DSA-4732", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4732", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-18860", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/squid-cache/squid/pull/504", refsource: "CONFIRM", url: "https://github.com/squid-cache/squid/pull/504", }, { name: "https://github.com/squid-cache/squid/pull/505", refsource: "MISC", url: "https://github.com/squid-cache/squid/pull/505", }, { name: "openSUSE-SU-2020:0623", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html", }, { name: "USN-4356-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4356-1/", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { name: "DSA-4732", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4732", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-18860", datePublished: "2020-03-20T20:32:16", dateReserved: "2019-11-11T00:00:00", dateUpdated: "2024-08-05T02:02:39.914Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-0881
Vulnerability from cvelistv5
Published
2015-02-20 11:00
Modified
2024-08-06 04:26
Severity ?
EPSS score ?
Summary
CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2015-000019 | third-party-advisory, x_refsource_JVNDB | |
| http://jvn.jp/en/jp/JVN64455813/index.html | third-party-advisory, x_refsource_JVN |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T04:26:11.206Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "JVNDB-2015-000019", tags: [ "third-party-advisory", "x_refsource_JVNDB", "x_transferred", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000019", }, { name: "JVN#64455813", tags: [ "third-party-advisory", "x_refsource_JVN", "x_transferred", ], url: "http://jvn.jp/en/jp/JVN64455813/index.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-02-20T00:00:00", descriptions: [ { lang: "en", value: "CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2015-03-02T09:57:00", orgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", shortName: "jpcert", }, references: [ { name: "JVNDB-2015-000019", tags: [ "third-party-advisory", "x_refsource_JVNDB", ], url: "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000019", }, { name: "JVN#64455813", tags: [ "third-party-advisory", "x_refsource_JVN", ], url: "http://jvn.jp/en/jp/JVN64455813/index.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "vultures@jpcert.or.jp", ID: "CVE-2015-0881", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "JVNDB-2015-000019", refsource: "JVNDB", url: "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000019", }, { name: "JVN#64455813", refsource: "JVN", url: "http://jvn.jp/en/jp/JVN64455813/index.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ede6fdc4-6654-4307-a26d-3331c018e2ce", assignerShortName: "jpcert", cveId: "CVE-2015-0881", datePublished: "2015-02-20T11:00:00", dateReserved: "2015-01-08T00:00:00", dateUpdated: "2024-08-06T04:26:11.206Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-10002
Vulnerability from cvelistv5
Published
2017-01-27 17:00
Modified
2024-08-06 03:07
Severity ?
EPSS score ?
Summary
Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.squid-cache.org/Advisories/SQUID-2016_11.txt | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1037513 | vdb-entry, x_refsource_SECTRACK | |
| http://www.openwall.com/lists/oss-security/2016/12/18/1 | mailing-list, x_refsource_MLIST | |
| http://rhn.redhat.com/errata/RHSA-2017-0183.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2017-0182.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/94953 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2016/dsa-3745 | vendor-advisory, x_refsource_DEBIAN |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T03:07:31.821Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_11.txt", }, { name: "1037513", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1037513", }, { name: "[oss-security] 20161217 Re: CVE Request - squid HTTP proxy multiple Information Disclosure issues", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/12/18/1", }, { name: "RHSA-2017:0183", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2017-0183.html", }, { name: "RHSA-2017:0182", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2017-0182.html", }, { name: "94953", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94953", }, { name: "DSA-3745", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3745", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-12-17T00:00:00", descriptions: [ { lang: "en", value: "Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-04T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_11.txt", }, { name: "1037513", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1037513", }, { name: "[oss-security] 20161217 Re: CVE Request - squid HTTP proxy multiple Information Disclosure issues", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/12/18/1", }, { name: "RHSA-2017:0183", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2017-0183.html", }, { name: "RHSA-2017:0182", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2017-0182.html", }, { name: "94953", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94953", }, { name: "DSA-3745", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3745", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-10002", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.squid-cache.org/Advisories/SQUID-2016_11.txt", refsource: "CONFIRM", url: "http://www.squid-cache.org/Advisories/SQUID-2016_11.txt", }, { name: "1037513", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1037513", }, { name: "[oss-security] 20161217 Re: CVE Request - squid HTTP proxy multiple Information Disclosure issues", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/12/18/1", }, { name: "RHSA-2017:0183", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2017-0183.html", }, { name: "RHSA-2017:0182", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2017-0182.html", }, { name: "94953", refsource: "BID", url: "http://www.securityfocus.com/bid/94953", }, { name: "DSA-3745", refsource: "DEBIAN", url: "http://www.debian.org/security/2016/dsa-3745", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-10002", datePublished: "2017-01-27T17:00:00", dateReserved: "2016-12-17T00:00:00", dateUpdated: "2024-08-06T03:07:31.821Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-50269
Vulnerability from cvelistv5
Published
2023-12-14 17:09
Modified
2025-02-13 17:19
Severity ?
EPSS score ?
Summary
Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to perform Denial of Service attack by sending a large X-Forwarded-For header when the follow_x_forwarded_for feature is configured. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| squid-cache | squid |
Version: >= 2.6, <= 2.7.STABLE9 Version: >= 3.1, <= 5.9 Version: >= 6.0.1, < 6.6 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T22:16:46.315Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/squid-cache/squid/security/advisories/GHSA-wgq4-4cfg-c4x3", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-wgq4-4cfg-c4x3", }, { name: "http://www.squid-cache.org/Versions/v5/SQUID-2023_10.patch", tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v5/SQUID-2023_10.patch", }, { name: "http://www.squid-cache.org/Versions/v6/SQUID-2023_10.patch", tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v6/SQUID-2023_10.patch", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240119-0005/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "squid", vendor: "squid-cache", versions: [ { status: "affected", version: ">= 2.6, <= 2.7.STABLE9", }, { status: "affected", version: ">= 3.1, <= 5.9", }, { status: "affected", version: ">= 6.0.1, < 6.6", }, ], }, ], descriptions: [ { lang: "en", value: "Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to perform Denial of Service attack by sending a large X-Forwarded-For header when the follow_x_forwarded_for feature is configured. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-674", description: "CWE-674: Uncontrolled Recursion", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-19T16:06:57.654Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/squid-cache/squid/security/advisories/GHSA-wgq4-4cfg-c4x3", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-wgq4-4cfg-c4x3", }, { name: "http://www.squid-cache.org/Versions/v5/SQUID-2023_10.patch", tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/Versions/v5/SQUID-2023_10.patch", }, { name: "http://www.squid-cache.org/Versions/v6/SQUID-2023_10.patch", tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/Versions/v6/SQUID-2023_10.patch", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/", }, { url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html", }, { url: "https://security.netapp.com/advisory/ntap-20240119-0005/", }, ], source: { advisory: "GHSA-wgq4-4cfg-c4x3", discovery: "UNKNOWN", }, title: "SQUID-2023:10 Denial of Service in HTTP Request parsing", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-50269", datePublished: "2023-12-14T17:09:25.168Z", dateReserved: "2023-12-05T20:42:59.381Z", dateUpdated: "2025-02-13T17:19:03.040Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-15810
Vulnerability from cvelistv5
Published
2020-09-02 16:34
Modified
2024-08-04 13:30
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source. When configured for relaxed header parsing (the default), Squid relays headers containing whitespace characters to upstream servers. When this occurs as a prefix to a Content-Length header, the frame length specified will be ignored by Squid (allowing for a conflicting length to be used from another Content-Length header) but relayed upstream.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:30:21.842Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-3365-q9qx-f98m", }, { name: "DSA-4751", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4751", }, { name: "USN-4477-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4477-1/", }, { name: "FEDORA-2020-73af8655eb", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/", }, { name: "FEDORA-2020-63f3bd656e", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMTFLVB7GLRF2CKGFPZ4G4R5DIIPHWI3/", }, { name: "openSUSE-SU-2020:1346", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html", }, { name: "openSUSE-SU-2020:1369", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html", }, { name: "FEDORA-2020-6c58bff862", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2/", }, { name: "USN-4551-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4551-1/", }, { name: "[debian-lts-announce] 20201002 [SECURITY] [DLA 2394-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210219-0007/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210226-0007/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210226-0006/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source. When configured for relaxed header parsing (the default), Squid relays headers containing whitespace characters to upstream servers. When this occurs as a prefix to a Content-Length header, the frame length specified will be ignored by Squid (allowing for a conflicting length to be used from another Content-Length header) but relayed upstream.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-02-26T08:06:39", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-3365-q9qx-f98m", }, { name: "DSA-4751", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4751", }, { name: "USN-4477-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4477-1/", }, { name: "FEDORA-2020-73af8655eb", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/", }, { name: "FEDORA-2020-63f3bd656e", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMTFLVB7GLRF2CKGFPZ4G4R5DIIPHWI3/", }, { name: "openSUSE-SU-2020:1346", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html", }, { name: "openSUSE-SU-2020:1369", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html", }, { name: "FEDORA-2020-6c58bff862", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2/", }, { name: "USN-4551-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4551-1/", }, { name: "[debian-lts-announce] 20201002 [SECURITY] [DLA 2394-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210219-0007/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210226-0007/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210226-0006/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-15810", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source. When configured for relaxed header parsing (the default), Squid relays headers containing whitespace characters to upstream servers. When this occurs as a prefix to a Content-Length header, the frame length specified will be ignored by Squid (allowing for a conflicting length to be used from another Content-Length header) but relayed upstream.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/squid-cache/squid/security/advisories/GHSA-3365-q9qx-f98m", refsource: "MISC", url: "https://github.com/squid-cache/squid/security/advisories/GHSA-3365-q9qx-f98m", }, { name: "DSA-4751", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4751", }, { name: "USN-4477-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4477-1/", }, { name: "FEDORA-2020-73af8655eb", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/", }, { name: "FEDORA-2020-63f3bd656e", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BMTFLVB7GLRF2CKGFPZ4G4R5DIIPHWI3/", }, { name: "openSUSE-SU-2020:1346", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html", }, { name: "openSUSE-SU-2020:1369", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html", }, { name: "FEDORA-2020-6c58bff862", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2/", }, { name: "USN-4551-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4551-1/", }, { name: "[debian-lts-announce] 20201002 [SECURITY] [DLA 2394-1] squid3 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html", }, { name: "https://security.netapp.com/advisory/ntap-20210219-0007/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210219-0007/", }, { name: "https://security.netapp.com/advisory/ntap-20210226-0007/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210226-0007/", }, { name: "https://security.netapp.com/advisory/ntap-20210226-0006/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210226-0006/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-15810", datePublished: "2020-09-02T16:34:04", dateReserved: "2020-07-17T00:00:00", dateUpdated: "2024-08-04T13:30:21.842Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-2213
Vulnerability from cvelistv5
Published
2012-04-28 10:00
Modified
2024-09-16 22:19
Severity ?
EPSS score ?
Summary
Squid 3.1.9 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher is unable to provide a squid.conf file for a vulnerable system, and the observed behavior is consistent with a squid.conf file that was (perhaps inadvertently) designed to allow access based on a "req_header Host" acl regex that matches www.uol.com.br
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2012-04/0146.html | mailing-list, x_refsource_BUGTRAQ | |
| http://archives.neohapsis.com/archives/bugtraq/2012-04/0163.html | mailing-list, x_refsource_BUGTRAQ | |
| http://archives.neohapsis.com/archives/bugtraq/2012-04/0131.html | mailing-list, x_refsource_BUGTRAQ | |
| http://archives.neohapsis.com/archives/bugtraq/2012-04/0165.html | mailing-list, x_refsource_BUGTRAQ | |
| http://archives.neohapsis.com/archives/bugtraq/2012-04/0117.html | mailing-list, x_refsource_BUGTRAQ | |
| http://archives.neohapsis.com/archives/bugtraq/2012-04/0140.html | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T19:26:08.988Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20120419 RE: Squid URL Filtering Bypass", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2012-04/0146.html", }, { name: "20120420 Re: Squid URL Filtering Bypass", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2012-04/0163.html", }, { name: "20120418 Re: Squid URL Filtering Bypass", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2012-04/0131.html", }, { name: "20120421 Re: Squid URL Filtering Bypass", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2012-04/0165.html", }, { name: "20120416 Squid URL Filtering Bypass", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2012-04/0117.html", }, { name: "20120419 Re: Squid URL Filtering Bypass", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2012-04/0140.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Squid 3.1.9 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher is unable to provide a squid.conf file for a vulnerable system, and the observed behavior is consistent with a squid.conf file that was (perhaps inadvertently) designed to allow access based on a \"req_header Host\" acl regex that matches www.uol.com.br", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2012-04-28T10:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "20120419 RE: Squid URL Filtering Bypass", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://archives.neohapsis.com/archives/bugtraq/2012-04/0146.html", }, { name: "20120420 Re: Squid URL Filtering Bypass", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://archives.neohapsis.com/archives/bugtraq/2012-04/0163.html", }, { name: "20120418 Re: Squid URL Filtering Bypass", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://archives.neohapsis.com/archives/bugtraq/2012-04/0131.html", }, { name: "20120421 Re: Squid URL Filtering Bypass", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://archives.neohapsis.com/archives/bugtraq/2012-04/0165.html", }, { name: "20120416 Squid URL Filtering Bypass", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://archives.neohapsis.com/archives/bugtraq/2012-04/0117.html", }, { name: "20120419 Re: Squid URL Filtering Bypass", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://archives.neohapsis.com/archives/bugtraq/2012-04/0140.html", }, ], tags: [ "disputed", ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2012-2213", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "** DISPUTED ** Squid 3.1.9 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher is unable to provide a squid.conf file for a vulnerable system, and the observed behavior is consistent with a squid.conf file that was (perhaps inadvertently) designed to allow access based on a \"req_header Host\" acl regex that matches www.uol.com.br.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20120419 RE: Squid URL Filtering Bypass", refsource: "BUGTRAQ", url: "http://archives.neohapsis.com/archives/bugtraq/2012-04/0146.html", }, { name: "20120420 Re: Squid URL Filtering Bypass", refsource: "BUGTRAQ", url: "http://archives.neohapsis.com/archives/bugtraq/2012-04/0163.html", }, { name: "20120418 Re: Squid URL Filtering Bypass", refsource: "BUGTRAQ", url: "http://archives.neohapsis.com/archives/bugtraq/2012-04/0131.html", }, { name: "20120421 Re: Squid URL Filtering Bypass", refsource: "BUGTRAQ", url: "http://archives.neohapsis.com/archives/bugtraq/2012-04/0165.html", }, { name: "20120416 Squid URL Filtering Bypass", refsource: "BUGTRAQ", url: "http://archives.neohapsis.com/archives/bugtraq/2012-04/0117.html", }, { name: "20120419 Re: Squid URL Filtering Bypass", refsource: "BUGTRAQ", url: "http://archives.neohapsis.com/archives/bugtraq/2012-04/0140.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2012-2213", datePublished: "2012-04-28T10:00:00Z", dateReserved: "2012-04-06T00:00:00Z", dateUpdated: "2024-09-16T22:19:37.657Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-1839
Vulnerability from cvelistv5
Published
2013-09-30 20:00
Modified
2024-08-06 15:13
Severity ?
EPSS score ?
Summary
The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x before 3.2.9 and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a "," character in an Accept-Language header.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/58316 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/52588 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.squid-cache.org/Advisories/SQUID-2013_1.txt | x_refsource_CONFIRM | |
| http://archives.neohapsis.com/archives/bugtraq/2013-03/0025.html | mailing-list, x_refsource_BUGTRAQ | |
| http://archives.neohapsis.com/archives/bugtraq/2013-03/0069.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.openwall.com/lists/oss-security/2013/03/11/7 | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T15:13:33.008Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "58316", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/58316", }, { name: "52588", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/52588", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Advisories/SQUID-2013_1.txt", }, { name: "20130305 Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2013-03/0025.html", }, { name: "20130307 Re: Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://archives.neohapsis.com/archives/bugtraq/2013-03/0069.html", }, { name: "[oss-security] 20130311 Re: Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2013/03/11/7", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x before 3.2.9 and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a \",\" character in an Accept-Language header.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-09-30T20:00:00Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "58316", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/58316", }, { name: "52588", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/52588", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Advisories/SQUID-2013_1.txt", }, { name: "20130305 Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://archives.neohapsis.com/archives/bugtraq/2013-03/0025.html", }, { name: "20130307 Re: Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://archives.neohapsis.com/archives/bugtraq/2013-03/0069.html", }, { name: "[oss-security] 20130311 Re: Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2013/03/11/7", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-1839", datePublished: "2013-09-30T20:00:00Z", dateReserved: "2013-02-19T00:00:00Z", dateUpdated: "2024-08-06T15:13:33.008Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-8449
Vulnerability from cvelistv5
Published
2020-02-04 19:50
Modified
2024-08-04 09:56
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T09:56:28.402Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/Advisories/SQUID-2020_1.txt", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch", }, { name: "USN-4289-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4289-1/", }, { name: "openSUSE-SU-2020:0307", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html", }, { name: "GLSA-202003-34", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202003-34", }, { name: "FEDORA-2020-ab8e7463ab", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/", }, { name: "FEDORA-2020-790296a8f4", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/", }, { name: "openSUSE-SU-2020:0606", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html", }, { name: "DSA-4682", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4682", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210304-0002/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-03-04T12:06:27", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/Advisories/SQUID-2020_1.txt", }, { tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch", }, { tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch", }, { tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch", }, { tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch", }, { tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch", }, { name: "USN-4289-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4289-1/", }, { name: "openSUSE-SU-2020:0307", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html", }, { name: "GLSA-202003-34", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202003-34", }, { name: "FEDORA-2020-ab8e7463ab", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/", }, { name: "FEDORA-2020-790296a8f4", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/", }, { name: "openSUSE-SU-2020:0606", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html", }, { name: "DSA-4682", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4682", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210304-0002/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-8449", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.squid-cache.org/Advisories/SQUID-2020_1.txt", refsource: "MISC", url: "http://www.squid-cache.org/Advisories/SQUID-2020_1.txt", }, { name: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch", refsource: "MISC", url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch", }, { name: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch", refsource: "MISC", url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch", }, { name: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch", refsource: "MISC", url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch", }, { name: "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch", refsource: "MISC", url: "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch", }, { name: "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch", refsource: "MISC", url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch", }, { name: "USN-4289-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4289-1/", }, { name: "openSUSE-SU-2020:0307", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html", }, { name: "GLSA-202003-34", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202003-34", }, { name: "FEDORA-2020-ab8e7463ab", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/", }, { name: "FEDORA-2020-790296a8f4", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/", }, { name: "openSUSE-SU-2020:0606", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html", }, { name: "DSA-4682", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4682", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { name: "https://security.netapp.com/advisory/ntap-20210304-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210304-0002/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-8449", datePublished: "2020-02-04T19:50:21", dateReserved: "2020-01-30T00:00:00", dateUpdated: "2024-08-04T09:56:28.402Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-1000027
Vulnerability from cvelistv5
Published
2018-02-09 23:00
Modified
2024-08-05 12:33
Severity ?
EPSS score ?
Summary
The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later.
References
| ▼ | URL | Tags |
|---|---|---|
| https://usn.ubuntu.com/3557-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://www.squid-cache.org/Versions/v4/changesets/SQUID-2018_2.patch | x_refsource_CONFIRM | |
| https://www.debian.org/security/2018/dsa-4122 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.squid-cache.org/Advisories/SQUID-2018_2.txt | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2018/02/msg00001.html | mailing-list, x_refsource_MLIST | |
| https://github.com/squid-cache/squid/pull/129/files | x_refsource_CONFIRM | |
| http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_2.patch | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2018/02/msg00002.html | mailing-list, x_refsource_MLIST | |
| https://usn.ubuntu.com/4059-2/ | vendor-advisory, x_refsource_UBUNTU |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:33:49.031Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "USN-3557-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3557-1/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2018_2.patch", }, { name: "DSA-4122", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2018/dsa-4122", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Advisories/SQUID-2018_2.txt", }, { name: "[debian-lts-announce] 20180202 [SECURITY] [DLA 1266-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/02/msg00001.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/squid-cache/squid/pull/129/files", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_2.patch", }, { name: "[debian-lts-announce] 20180202 [SECURITY] [DLA 1267-1] squid security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/02/msg00002.html", }, { name: "USN-4059-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4059-2/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], dateAssigned: "2018-01-18T00:00:00", datePublic: "2018-01-19T00:00:00", descriptions: [ { lang: "en", value: "The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-07-17T15:06:10", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "USN-3557-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3557-1/", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2018_2.patch", }, { name: "DSA-4122", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2018/dsa-4122", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Advisories/SQUID-2018_2.txt", }, { name: "[debian-lts-announce] 20180202 [SECURITY] [DLA 1266-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/02/msg00001.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/squid-cache/squid/pull/129/files", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_2.patch", }, { name: "[debian-lts-announce] 20180202 [SECURITY] [DLA 1267-1] squid security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/02/msg00002.html", }, { name: "USN-4059-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4059-2/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", DATE_ASSIGNED: "1/18/2018 15:05:14", ID: "CVE-2018-1000027", REQUESTER: "squid3@treenet.co.nz", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "USN-3557-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3557-1/", }, { name: "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2018_2.patch", refsource: "CONFIRM", url: "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2018_2.patch", }, { name: "DSA-4122", refsource: "DEBIAN", url: "https://www.debian.org/security/2018/dsa-4122", }, { name: "http://www.squid-cache.org/Advisories/SQUID-2018_2.txt", refsource: "CONFIRM", url: "http://www.squid-cache.org/Advisories/SQUID-2018_2.txt", }, { name: "[debian-lts-announce] 20180202 [SECURITY] [DLA 1266-1] squid3 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/02/msg00001.html", }, { name: "https://github.com/squid-cache/squid/pull/129/files", refsource: "CONFIRM", url: "https://github.com/squid-cache/squid/pull/129/files", }, { name: "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_2.patch", refsource: "CONFIRM", url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_2.patch", }, { name: "[debian-lts-announce] 20180202 [SECURITY] [DLA 1267-1] squid security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/02/msg00002.html", }, { name: "USN-4059-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4059-2/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-1000027", datePublished: "2018-02-09T23:00:00", dateReserved: "2018-01-29T00:00:00", dateUpdated: "2024-08-05T12:33:49.031Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-15811
Vulnerability from cvelistv5
Published
2020-09-02 16:35
Modified
2024-08-04 13:30
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:30:22.344Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv", }, { name: "DSA-4751", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4751", }, { name: "USN-4477-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4477-1/", }, { name: "FEDORA-2020-73af8655eb", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/", }, { name: "FEDORA-2020-63f3bd656e", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMTFLVB7GLRF2CKGFPZ4G4R5DIIPHWI3/", }, { name: "openSUSE-SU-2020:1346", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html", }, { name: "openSUSE-SU-2020:1369", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html", }, { name: "FEDORA-2020-6c58bff862", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2/", }, { name: "USN-4551-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4551-1/", }, { name: "[debian-lts-announce] 20201002 [SECURITY] [DLA 2394-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210219-0007/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210226-0007/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210226-0006/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-02-26T08:06:40", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv", }, { name: "DSA-4751", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4751", }, { name: "USN-4477-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4477-1/", }, { name: "FEDORA-2020-73af8655eb", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/", }, { name: "FEDORA-2020-63f3bd656e", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMTFLVB7GLRF2CKGFPZ4G4R5DIIPHWI3/", }, { name: "openSUSE-SU-2020:1346", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html", }, { name: "openSUSE-SU-2020:1369", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html", }, { name: "FEDORA-2020-6c58bff862", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2/", }, { name: "USN-4551-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4551-1/", }, { name: "[debian-lts-announce] 20201002 [SECURITY] [DLA 2394-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210219-0007/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210226-0007/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210226-0006/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-15811", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv", refsource: "MISC", url: "https://github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv", }, { name: "DSA-4751", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4751", }, { name: "USN-4477-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4477-1/", }, { name: "FEDORA-2020-73af8655eb", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/", }, { name: "FEDORA-2020-63f3bd656e", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BMTFLVB7GLRF2CKGFPZ4G4R5DIIPHWI3/", }, { name: "openSUSE-SU-2020:1346", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html", }, { name: "openSUSE-SU-2020:1369", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html", }, { name: "FEDORA-2020-6c58bff862", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2/", }, { name: "USN-4551-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4551-1/", }, { name: "[debian-lts-announce] 20201002 [SECURITY] [DLA 2394-1] squid3 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html", }, { name: "https://security.netapp.com/advisory/ntap-20210219-0007/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210219-0007/", }, { name: "https://security.netapp.com/advisory/ntap-20210226-0007/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210226-0007/", }, { name: "https://security.netapp.com/advisory/ntap-20210226-0006/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210226-0006/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-15811", datePublished: "2020-09-02T16:35:04", dateReserved: "2020-07-17T00:00:00", dateUpdated: "2024-08-04T13:30:22.344Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-2572
Vulnerability from cvelistv5
Published
2016-02-27 02:00
Modified
2024-08-05 23:32
Severity ?
EPSS score ?
Summary
http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.gentoo.org/glsa/201607-01 | vendor-advisory, x_refsource_GENTOO | |
| http://www.squid-cache.org/Advisories/SQUID-2016_2.txt | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html | vendor-advisory, x_refsource_SUSE | |
| http://rhn.redhat.com/errata/RHSA-2016-2600.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.squid-cache.org/Versions/v4/changesets/squid-4-14548.patch | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html | vendor-advisory, x_refsource_SUSE | |
| http://www.openwall.com/lists/oss-security/2016/02/26/2 | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html | vendor-advisory, x_refsource_SUSE | |
| http://www.securitytracker.com/id/1035101 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:32:20.993Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "GLSA-201607-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201607-01", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_2.txt", }, { name: "SUSE-SU-2016:1996", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { name: "RHSA-2016:2600", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2600.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-14548.patch", }, { name: "openSUSE-SU-2016:2081", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { name: "[oss-security] 20160226 Re: CVE request: Squid HTTP Caching Proxy multiple denial of service issues", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/02/26/2", }, { name: "SUSE-SU-2016:2089", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "1035101", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035101", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-02-26T00:00:00", descriptions: [ { lang: "en", value: "http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-01-04T19:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "GLSA-201607-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201607-01", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_2.txt", }, { name: "SUSE-SU-2016:1996", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { name: "RHSA-2016:2600", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2600.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-14548.patch", }, { name: "openSUSE-SU-2016:2081", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { name: "[oss-security] 20160226 Re: CVE request: Squid HTTP Caching Proxy multiple denial of service issues", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/02/26/2", }, { name: "SUSE-SU-2016:2089", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "1035101", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035101", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-2572", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "GLSA-201607-01", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201607-01", }, { name: "http://www.squid-cache.org/Advisories/SQUID-2016_2.txt", refsource: "CONFIRM", url: "http://www.squid-cache.org/Advisories/SQUID-2016_2.txt", }, { name: "SUSE-SU-2016:1996", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { name: "RHSA-2016:2600", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-2600.html", }, { name: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-14548.patch", refsource: "CONFIRM", url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-14548.patch", }, { name: "openSUSE-SU-2016:2081", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { name: "[oss-security] 20160226 Re: CVE request: Squid HTTP Caching Proxy multiple denial of service issues", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/02/26/2", }, { name: "SUSE-SU-2016:2089", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "1035101", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035101", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-2572", datePublished: "2016-02-27T02:00:00", dateReserved: "2016-02-26T00:00:00", dateUpdated: "2024-08-05T23:32:20.993Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-5400
Vulnerability from cvelistv5
Published
2015-09-28 20:00
Modified
2024-08-06 06:50
Severity ?
EPSS score ?
Summary
Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T06:50:02.095Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[oss-security] 20150706 Squid HTTP proxy CVE request", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2015/07/06/8", }, { name: "1032873", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1032873", }, { name: "FEDORA-2016-7b40eb9e29", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183598.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13856.patch", }, { name: "SUSE-SU-2016:1996", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { name: "[oss-security] 20150717 Re: Re: Squid HTTP proxy CVE request", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2015/07/17/14", }, { name: "[oss-security] 20150709 Re: Squid HTTP proxy CVE request", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2015/07/09/12", }, { name: "openSUSE-SU-2016:2081", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10494.patch", }, { name: "[oss-security] 20150710 Re: Squid HTTP proxy CVE request", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2015/07/10/2", }, { name: "SUSE-SU-2016:2089", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Advisories/SQUID-2015_2.txt", }, { name: "DSA-3327", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2015/dsa-3327", }, { name: "75553", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/75553", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13225.patch", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-07-06T00:00:00", descriptions: [ { lang: "en", value: "Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-09-21T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "[oss-security] 20150706 Squid HTTP proxy CVE request", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2015/07/06/8", }, { name: "1032873", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1032873", }, { name: "FEDORA-2016-7b40eb9e29", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183598.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13856.patch", }, { name: "SUSE-SU-2016:1996", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { name: "[oss-security] 20150717 Re: Re: Squid HTTP proxy CVE request", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2015/07/17/14", }, { name: "[oss-security] 20150709 Re: Squid HTTP proxy CVE request", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2015/07/09/12", }, { name: "openSUSE-SU-2016:2081", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10494.patch", }, { name: "[oss-security] 20150710 Re: Squid HTTP proxy CVE request", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2015/07/10/2", }, { name: "SUSE-SU-2016:2089", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Advisories/SQUID-2015_2.txt", }, { name: "DSA-3327", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2015/dsa-3327", }, { name: "75553", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/75553", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13225.patch", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-5400", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "[oss-security] 20150706 Squid HTTP proxy CVE request", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2015/07/06/8", }, { name: "1032873", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1032873", }, { name: "FEDORA-2016-7b40eb9e29", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183598.html", }, { name: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13856.patch", refsource: "CONFIRM", url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13856.patch", }, { name: "SUSE-SU-2016:1996", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { name: "[oss-security] 20150717 Re: Re: Squid HTTP proxy CVE request", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2015/07/17/14", }, { name: "[oss-security] 20150709 Re: Squid HTTP proxy CVE request", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2015/07/09/12", }, { name: "openSUSE-SU-2016:2081", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { name: "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10494.patch", refsource: "CONFIRM", url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10494.patch", }, { name: "[oss-security] 20150710 Re: Squid HTTP proxy CVE request", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2015/07/10/2", }, { name: "SUSE-SU-2016:2089", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "http://www.squid-cache.org/Advisories/SQUID-2015_2.txt", refsource: "CONFIRM", url: "http://www.squid-cache.org/Advisories/SQUID-2015_2.txt", }, { name: "DSA-3327", refsource: "DEBIAN", url: "http://www.debian.org/security/2015/dsa-3327", }, { name: "75553", refsource: "BID", url: "http://www.securityfocus.com/bid/75553", }, { name: "http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13225.patch", refsource: "CONFIRM", url: "http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13225.patch", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-5400", datePublished: "2015-09-28T20:00:00", dateReserved: "2015-07-06T00:00:00", dateUpdated: "2024-08-06T06:50:02.095Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-4556
Vulnerability from cvelistv5
Published
2016-05-10 19:00
Modified
2024-08-06 00:32
Severity ?
EPSS score ?
Summary
Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:32:25.755Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "GLSA-201607-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201607-01", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_9.patch", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { name: "SUSE-SU-2016:1996", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_9.patch", }, { name: "USN-2995-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2995-1", }, { name: "[oss-security] 20160506 Re: CVE Request: Squid HTTP caching proxy", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/05/06/5", }, { name: "RHSA-2016:1140", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:1140", }, { name: "openSUSE-SU-2016:2081", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { name: "1035770", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035770", }, { name: "RHSA-2016:1138", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:1138", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_9.txt", }, { name: "RHSA-2016:1139", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:1139", }, { name: "SUSE-SU-2016:2089", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "[oss-security] 20160506 CVE Request: Squid HTTP caching proxy", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/05/06/3", }, { name: "DSA-3625", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3625", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-05-06T00:00:00", descriptions: [ { lang: "en", value: "Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-28T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "GLSA-201607-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201607-01", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_9.patch", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { name: "SUSE-SU-2016:1996", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_9.patch", }, { name: "USN-2995-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2995-1", }, { name: "[oss-security] 20160506 Re: CVE Request: Squid HTTP caching proxy", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/05/06/5", }, { name: "RHSA-2016:1140", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:1140", }, { name: "openSUSE-SU-2016:2081", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { name: "1035770", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035770", }, { name: "RHSA-2016:1138", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:1138", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_9.txt", }, { name: "RHSA-2016:1139", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:1139", }, { name: "SUSE-SU-2016:2089", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "[oss-security] 20160506 CVE Request: Squid HTTP caching proxy", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/05/06/3", }, { name: "DSA-3625", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3625", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-4556", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "GLSA-201607-01", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201607-01", }, { name: "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_9.patch", refsource: "CONFIRM", url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_9.patch", }, { name: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { name: "SUSE-SU-2016:1996", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { name: "http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_9.patch", refsource: "CONFIRM", url: "http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_9.patch", }, { name: "USN-2995-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2995-1", }, { name: "[oss-security] 20160506 Re: CVE Request: Squid HTTP caching proxy", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/05/06/5", }, { name: "RHSA-2016:1140", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:1140", }, { name: "openSUSE-SU-2016:2081", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { name: "1035770", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035770", }, { name: "RHSA-2016:1138", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:1138", }, { name: "http://www.squid-cache.org/Advisories/SQUID-2016_9.txt", refsource: "CONFIRM", url: "http://www.squid-cache.org/Advisories/SQUID-2016_9.txt", }, { name: "RHSA-2016:1139", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:1139", }, { name: "SUSE-SU-2016:2089", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "[oss-security] 20160506 CVE Request: Squid HTTP caching proxy", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/05/06/3", }, { name: "DSA-3625", refsource: "DEBIAN", url: "http://www.debian.org/security/2016/dsa-3625", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-4556", datePublished: "2016-05-10T19:00:00", dateReserved: "2016-05-06T00:00:00", dateUpdated: "2024-08-06T00:32:25.755Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-45802
Vulnerability from cvelistv5
Published
2024-10-28 14:36
Modified
2025-01-03 12:04
Severity ?
EPSS score ?
Summary
Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the default build configuration of Squid version 6.10.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/squid-cache/squid/security/advisories/GHSA-f975-v7qw-q7hj | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| squid-cache | squid |
Version: >= 3.0, < 6.10 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:squid-cache:squid:3.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "squid", vendor: "squid-cache", versions: [ { lessThan: "6.10", status: "affected", version: "3.0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-45802", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-28T14:47:34.303324Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-28T14:48:42.415Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2025-01-03T12:04:26.853Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "https://security.netapp.com/advisory/ntap-20250103-0004/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "squid", vendor: "squid-cache", versions: [ { status: "affected", version: ">= 3.0, < 6.10", }, ], }, ], descriptions: [ { lang: "en", value: "Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the default build configuration of Squid version 6.10.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20: Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-28T14:36:13.297Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/squid-cache/squid/security/advisories/GHSA-f975-v7qw-q7hj", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-f975-v7qw-q7hj", }, ], source: { advisory: "GHSA-f975-v7qw-q7hj", discovery: "UNKNOWN", }, title: "Squid Denial of Service", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-45802", datePublished: "2024-10-28T14:36:13.297Z", dateReserved: "2024-09-09T14:23:07.504Z", dateUpdated: "2025-01-03T12:04:26.853Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41317
Vulnerability from cvelistv5
Published
2022-12-25 00:00
Modified
2024-08-03 12:42
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:42:46.213Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-rcg9-7fqm-83mq", }, { tags: [ "x_transferred", ], url: "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_1.patch", }, { tags: [ "x_transferred", ], url: "http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_1.patch", }, { tags: [ "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2022/09/23/1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-25T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/squid-cache/squid/security/advisories/GHSA-rcg9-7fqm-83mq", }, { url: "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_1.patch", }, { url: "http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_1.patch", }, { url: "https://www.openwall.com/lists/oss-security/2022/09/23/1", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-41317", datePublished: "2022-12-25T00:00:00", dateReserved: "2022-09-23T00:00:00", dateUpdated: "2024-08-03T12:42:46.213Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-31808
Vulnerability from cvelistv5
Published
2021-05-27 00:00
Modified
2024-08-03 23:10
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy). A client sends an HTTP Range request to trigger this.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T23:10:30.120Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf", }, { tags: [ "x_transferred", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch", }, { name: "DSA-4924", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2021/dsa-4924", }, { name: "FEDORA-2021-c0bec55ec7", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/", }, { name: "FEDORA-2021-24af72ff2c", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/", }, { name: "[debian-lts-announce] 20210614 [SECURITY] [DLA 2685-1] squid3 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210716-0007/", }, { name: "[oss-security] 20231011 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/11/3", }, { name: "20231016 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2023/Oct/14", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy). A client sends an HTTP Range request to trigger this.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-17T04:06:16.573947", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf", }, { url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch", }, { name: "DSA-4924", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2021/dsa-4924", }, { name: "FEDORA-2021-c0bec55ec7", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/", }, { name: "FEDORA-2021-24af72ff2c", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/", }, { name: "[debian-lts-announce] 20210614 [SECURITY] [DLA 2685-1] squid3 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html", }, { url: "https://security.netapp.com/advisory/ntap-20210716-0007/", }, { name: "[oss-security] 20231011 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/10/11/3", }, { name: "20231016 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2023/Oct/14", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-31808", datePublished: "2021-05-27T00:00:00", dateReserved: "2021-04-26T00:00:00", dateUpdated: "2024-08-03T23:10:30.120Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-2569
Vulnerability from cvelistv5
Published
2016-02-27 02:00
Modified
2024-08-05 23:32
Severity ?
EPSS score ?
Summary
Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.
References
| ▼ | URL | Tags |
|---|---|---|
| https://usn.ubuntu.com/3557-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://security.gentoo.org/glsa/201607-01 | vendor-advisory, x_refsource_GENTOO | |
| http://www.squid-cache.org/Advisories/SQUID-2016_2.txt | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html | vendor-advisory, x_refsource_SUSE | |
| http://rhn.redhat.com/errata/RHSA-2016-2600.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.squid-cache.org/Versions/v4/changesets/squid-4-14552.patch | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html | vendor-advisory, x_refsource_SUSE | |
| http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13991.patch | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/02/26/2 | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html | vendor-advisory, x_refsource_SUSE | |
| http://www.securitytracker.com/id/1035101 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:32:20.956Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "USN-3557-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3557-1/", }, { name: "GLSA-201607-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201607-01", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_2.txt", }, { name: "SUSE-SU-2016:1996", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { name: "RHSA-2016:2600", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2600.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-14552.patch", }, { name: "openSUSE-SU-2016:2081", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13991.patch", }, { name: "[oss-security] 20160226 Re: CVE request: Squid HTTP Caching Proxy multiple denial of service issues", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/02/26/2", }, { name: "SUSE-SU-2016:2089", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "1035101", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035101", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-02-26T00:00:00", descriptions: [ { lang: "en", value: "Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-03-15T09:57:02", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "USN-3557-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3557-1/", }, { name: "GLSA-201607-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201607-01", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_2.txt", }, { name: "SUSE-SU-2016:1996", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { name: "RHSA-2016:2600", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2016-2600.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-14552.patch", }, { name: "openSUSE-SU-2016:2081", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13991.patch", }, { name: "[oss-security] 20160226 Re: CVE request: Squid HTTP Caching Proxy multiple denial of service issues", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/02/26/2", }, { name: "SUSE-SU-2016:2089", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "1035101", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035101", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-2569", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "USN-3557-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3557-1/", }, { name: "GLSA-201607-01", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201607-01", }, { name: "http://www.squid-cache.org/Advisories/SQUID-2016_2.txt", refsource: "CONFIRM", url: "http://www.squid-cache.org/Advisories/SQUID-2016_2.txt", }, { name: "SUSE-SU-2016:1996", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { name: "RHSA-2016:2600", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2016-2600.html", }, { name: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-14552.patch", refsource: "CONFIRM", url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-14552.patch", }, { name: "openSUSE-SU-2016:2081", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { name: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13991.patch", refsource: "CONFIRM", url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13991.patch", }, { name: "[oss-security] 20160226 Re: CVE request: Squid HTTP Caching Proxy multiple denial of service issues", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/02/26/2", }, { name: "SUSE-SU-2016:2089", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "1035101", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035101", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-2569", datePublished: "2016-02-27T02:00:00", dateReserved: "2016-02-26T00:00:00", dateUpdated: "2024-08-05T23:32:20.956Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-11945
Vulnerability from cvelistv5
Published
2020-04-23 14:16
Modified
2024-08-04 11:42
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials).
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:42:00.741Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://master.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/squid-cache/squid/pull/585", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/squid-cache/squid/commit/eeebf0f37a72a2de08348e85ae34b02c34e9a811", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2020/04/23/2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1170313", }, { name: "DSA-4682", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4682", }, { name: "openSUSE-SU-2020:0623", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html", }, { name: "GLSA-202005-05", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202005-05", }, { name: "FEDORA-2020-848065cc4c", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4FWQRYZJPHAZBLXJ56FPCHJN5X2FP3VA/", }, { name: "FEDORA-2020-a6a921a591", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RV2VZWFJNO3B56IVN56HHKJASG5DYUIX/", }, { name: "FEDORA-2020-56e809930e", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4MWXEZAJSOGRJSS2JCJK4WBSND4IV46/", }, { name: "USN-4356-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4356-1/", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210304-0004/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-03-04T12:06:30", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch", }, { tags: [ "x_refsource_MISC", ], url: "http://master.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/squid-cache/squid/pull/585", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/squid-cache/squid/commit/eeebf0f37a72a2de08348e85ae34b02c34e9a811", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.openwall.com/lists/oss-security/2020/04/23/2", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1170313", }, { name: "DSA-4682", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4682", }, { name: "openSUSE-SU-2020:0623", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html", }, { name: "GLSA-202005-05", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202005-05", }, { name: "FEDORA-2020-848065cc4c", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4FWQRYZJPHAZBLXJ56FPCHJN5X2FP3VA/", }, { name: "FEDORA-2020-a6a921a591", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RV2VZWFJNO3B56IVN56HHKJASG5DYUIX/", }, { name: "FEDORA-2020-56e809930e", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4MWXEZAJSOGRJSS2JCJK4WBSND4IV46/", }, { name: "USN-4356-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4356-1/", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210304-0004/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-11945", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials).", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch", refsource: "MISC", url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch", }, { name: "http://master.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch", refsource: "MISC", url: "http://master.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch", }, { name: "https://github.com/squid-cache/squid/pull/585", refsource: "MISC", url: "https://github.com/squid-cache/squid/pull/585", }, { name: "https://github.com/squid-cache/squid/commit/eeebf0f37a72a2de08348e85ae34b02c34e9a811", refsource: "MISC", url: "https://github.com/squid-cache/squid/commit/eeebf0f37a72a2de08348e85ae34b02c34e9a811", }, { name: "http://www.openwall.com/lists/oss-security/2020/04/23/2", refsource: "CONFIRM", url: "http://www.openwall.com/lists/oss-security/2020/04/23/2", }, { name: "https://bugzilla.suse.com/show_bug.cgi?id=1170313", refsource: "CONFIRM", url: "https://bugzilla.suse.com/show_bug.cgi?id=1170313", }, { name: "DSA-4682", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4682", }, { name: "openSUSE-SU-2020:0623", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html", }, { name: "GLSA-202005-05", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202005-05", }, { name: "FEDORA-2020-848065cc4c", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4FWQRYZJPHAZBLXJ56FPCHJN5X2FP3VA/", }, { name: "FEDORA-2020-a6a921a591", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RV2VZWFJNO3B56IVN56HHKJASG5DYUIX/", }, { name: "FEDORA-2020-56e809930e", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4MWXEZAJSOGRJSS2JCJK4WBSND4IV46/", }, { name: "USN-4356-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4356-1/", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { name: "https://security.netapp.com/advisory/ntap-20210304-0004/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210304-0004/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-11945", datePublished: "2020-04-23T14:16:55", dateReserved: "2020-04-20T00:00:00", dateUpdated: "2024-08-04T11:42:00.741Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-5643
Vulnerability from cvelistv5
Published
2012-12-20 11:00
Modified
2024-08-06 21:14
Severity ?
EPSS score ?
Summary
Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T21:14:15.955Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "DSA-2631", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2013/dsa-2631", }, { name: "RHSA-2013:0505", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0505.html", }, { name: "MDVSA-2013:129", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2013:129", }, { name: "1027890", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1027890", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10479.patch", }, { name: "SUSE-SU-2016:1996", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { name: "openSUSE-SU-2013:1443", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2013-09/msg00032.html", }, { name: "[oss-security] 20121217 Re: CVE Request -- SQUID-2012:1 / Squid: DoS (excessive resource consumption) via invalid Content-Length headers or via memory leaks", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://openwall.com/lists/oss-security/2012/12/17/4", }, { name: "52024", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/52024", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11714.patch", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Advisories/SQUID-2012_1.txt", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=887962", }, { name: "54839", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/54839", }, { name: "SUSE-SU-2016:2089", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "openSUSE-SU-2013:0162", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00052.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.gentoo.org/show_bug.cgi?id=447596", }, { name: "openSUSE-SU-2013:0186", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00075.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0368", }, { name: "openSUSE-SU-2013:1436", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2013-09/msg00025.html", }, { name: "USN-1713-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://ubuntu.com/usn/usn-1713-1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-12-17T00:00:00", descriptions: [ { lang: "en", value: "Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-25T20:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "DSA-2631", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2013/dsa-2631", }, { name: "RHSA-2013:0505", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2013-0505.html", }, { name: "MDVSA-2013:129", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2013:129", }, { name: "1027890", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1027890", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10479.patch", }, { name: "SUSE-SU-2016:1996", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { name: "openSUSE-SU-2013:1443", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2013-09/msg00032.html", }, { name: "[oss-security] 20121217 Re: CVE Request -- SQUID-2012:1 / Squid: DoS (excessive resource consumption) via invalid Content-Length headers or via memory leaks", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://openwall.com/lists/oss-security/2012/12/17/4", }, { name: "52024", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/52024", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11714.patch", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Advisories/SQUID-2012_1.txt", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=887962", }, { name: "54839", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/54839", }, { name: "SUSE-SU-2016:2089", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "openSUSE-SU-2013:0162", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00052.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.gentoo.org/show_bug.cgi?id=447596", }, { name: "openSUSE-SU-2013:0186", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2013-01/msg00075.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0368", }, { name: "openSUSE-SU-2013:1436", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2013-09/msg00025.html", }, { name: "USN-1713-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://ubuntu.com/usn/usn-1713-1", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2012-5643", datePublished: "2012-12-20T11:00:00", dateReserved: "2012-10-24T00:00:00", dateUpdated: "2024-08-06T21:14:15.955Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-4555
Vulnerability from cvelistv5
Published
2016-05-10 19:00
Modified
2024-08-06 00:32
Severity ?
EPSS score ?
Summary
client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:32:25.838Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugs.squid-cache.org/show_bug.cgi?id=4455", }, { name: "GLSA-201607-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201607-01", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_9.patch", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { name: "SUSE-SU-2016:1996", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_9.patch", }, { name: "USN-2995-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2995-1", }, { name: "[oss-security] 20160506 Re: CVE Request: Squid HTTP caching proxy", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/05/06/5", }, { name: "RHSA-2016:1140", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:1140", }, { name: "openSUSE-SU-2016:2081", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { name: "1035770", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035770", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_9.txt", }, { name: "RHSA-2016:1139", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:1139", }, { name: "SUSE-SU-2016:2089", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "[oss-security] 20160506 CVE Request: Squid HTTP caching proxy", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/05/06/3", }, { name: "DSA-3625", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3625", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-05-06T00:00:00", descriptions: [ { lang: "en", value: "client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-28T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://bugs.squid-cache.org/show_bug.cgi?id=4455", }, { name: "GLSA-201607-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201607-01", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_9.patch", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { name: "SUSE-SU-2016:1996", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_9.patch", }, { name: "USN-2995-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2995-1", }, { name: "[oss-security] 20160506 Re: CVE Request: Squid HTTP caching proxy", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/05/06/5", }, { name: "RHSA-2016:1140", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:1140", }, { name: "openSUSE-SU-2016:2081", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { name: "1035770", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035770", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_9.txt", }, { name: "RHSA-2016:1139", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:1139", }, { name: "SUSE-SU-2016:2089", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "[oss-security] 20160506 CVE Request: Squid HTTP caching proxy", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/05/06/3", }, { name: "DSA-3625", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3625", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-4555", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://bugs.squid-cache.org/show_bug.cgi?id=4455", refsource: "CONFIRM", url: "http://bugs.squid-cache.org/show_bug.cgi?id=4455", }, { name: "GLSA-201607-01", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201607-01", }, { name: "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_9.patch", refsource: "CONFIRM", url: "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_9.patch", }, { name: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { name: "SUSE-SU-2016:1996", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { name: "http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_9.patch", refsource: "CONFIRM", url: "http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_9.patch", }, { name: "USN-2995-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2995-1", }, { name: "[oss-security] 20160506 Re: CVE Request: Squid HTTP caching proxy", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/05/06/5", }, { name: "RHSA-2016:1140", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:1140", }, { name: "openSUSE-SU-2016:2081", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { name: "1035770", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035770", }, { name: "http://www.squid-cache.org/Advisories/SQUID-2016_9.txt", refsource: "CONFIRM", url: "http://www.squid-cache.org/Advisories/SQUID-2016_9.txt", }, { name: "RHSA-2016:1139", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:1139", }, { name: "SUSE-SU-2016:2089", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "[oss-security] 20160506 CVE Request: Squid HTTP caching proxy", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/05/06/3", }, { name: "DSA-3625", refsource: "DEBIAN", url: "http://www.debian.org/security/2016/dsa-3625", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-4555", datePublished: "2016-05-10T19:00:00", dateReserved: "2016-05-06T00:00:00", dateUpdated: "2024-08-06T00:32:25.838Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2009-2621
Vulnerability from cvelistv5
Published
2009-07-28 17:00
Modified
2024-08-07 05:59
Severity ?
EPSS score ?
Summary
Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce "buffer limits and related bound checks," which allows remote attackers to cause a denial of service via (1) an incomplete request or (2) a request with a large header size, related to (a) HttpMsg.cc and (b) client_side.cc.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.squid-cache.org/Versions/v3/3.1/changesets/b9654.patch | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id?1022607 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/35812 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2009/2013 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/36007 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.squid-cache.org/Advisories/SQUID-2009_2.txt | x_refsource_CONFIRM | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2009:161 | vendor-advisory, x_refsource_MANDRIVA | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2009:178 | vendor-advisory, x_refsource_MANDRIVA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T05:59:55.743Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/b9654.patch", }, { name: "1022607", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1022607", }, { name: "35812", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/35812", }, { name: "ADV-2009-2013", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2009/2013", }, { name: "36007", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/36007", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Advisories/SQUID-2009_2.txt", }, { name: "MDVSA-2009:161", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:161", }, { name: "MDVSA-2009:178", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:178", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2009-07-27T00:00:00", descriptions: [ { lang: "en", value: "Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce \"buffer limits and related bound checks,\" which allows remote attackers to cause a denial of service via (1) an incomplete request or (2) a request with a large header size, related to (a) HttpMsg.cc and (b) client_side.cc.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2009-08-07T09:00:00", orgId: "37e5125f-f79b-445b-8fad-9564f167944b", shortName: "certcc", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/b9654.patch", }, { name: "1022607", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1022607", }, { name: "35812", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/35812", }, { name: "ADV-2009-2013", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2009/2013", }, { name: "36007", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/36007", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Advisories/SQUID-2009_2.txt", }, { name: "MDVSA-2009:161", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:161", }, { name: "MDVSA-2009:178", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:178", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cert@cert.org", ID: "CVE-2009-2621", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce \"buffer limits and related bound checks,\" which allows remote attackers to cause a denial of service via (1) an incomplete request or (2) a request with a large header size, related to (a) HttpMsg.cc and (b) client_side.cc.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.squid-cache.org/Versions/v3/3.1/changesets/b9654.patch", refsource: "CONFIRM", url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/b9654.patch", }, { name: "1022607", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1022607", }, { name: "35812", refsource: "BID", url: "http://www.securityfocus.com/bid/35812", }, { name: "ADV-2009-2013", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2009/2013", }, { name: "36007", refsource: "SECUNIA", url: "http://secunia.com/advisories/36007", }, { name: "http://www.squid-cache.org/Advisories/SQUID-2009_2.txt", refsource: "CONFIRM", url: "http://www.squid-cache.org/Advisories/SQUID-2009_2.txt", }, { name: "MDVSA-2009:161", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:161", }, { name: "MDVSA-2009:178", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2009:178", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "37e5125f-f79b-445b-8fad-9564f167944b", assignerShortName: "certcc", cveId: "CVE-2009-2621", datePublished: "2009-07-28T17:00:00", dateReserved: "2009-07-28T00:00:00", dateUpdated: "2024-08-07T05:59:55.743Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-1172
Vulnerability from cvelistv5
Published
2018-05-16 21:00
Modified
2024-08-05 03:51
Severity ?
EPSS score ?
Summary
This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCheck(). A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition to users of the system. Was ZDI-CAN-6088.
References
| ▼ | URL | Tags |
|---|---|---|
| https://zerodayinitiative.com/advisories/ZDI-18-309 | x_refsource_MISC | |
| http://www.squid-cache.org/Advisories/SQUID-2018_3.txt | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Squid Software Foundation | The Squid Software Foundation Squid |
Version: 3.5.27-20180318 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:51:48.966Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://zerodayinitiative.com/advisories/ZDI-18-309", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Advisories/SQUID-2018_3.txt", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "The Squid Software Foundation Squid", vendor: "The Squid Software Foundation", versions: [ { status: "affected", version: "3.5.27-20180318", }, ], }, ], datePublic: "2018-04-18T00:00:00", descriptions: [ { lang: "en", value: "This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCheck(). A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition to users of the system. Was ZDI-CAN-6088.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476-NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2018-05-16T20:57:01", orgId: "99f1926a-a320-47d8-bbb5-42feb611262e", shortName: "zdi", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://zerodayinitiative.com/advisories/ZDI-18-309", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Advisories/SQUID-2018_3.txt", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "zdi-disclosures@trendmicro.com", ID: "CVE-2018-1172", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "The Squid Software Foundation Squid", version: { version_data: [ { version_value: "3.5.27-20180318", }, ], }, }, ], }, vendor_name: "The Squid Software Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCheck(). A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition to users of the system. Was ZDI-CAN-6088.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-476-NULL Pointer Dereference", }, ], }, ], }, references: { reference_data: [ { name: "https://zerodayinitiative.com/advisories/ZDI-18-309", refsource: "MISC", url: "https://zerodayinitiative.com/advisories/ZDI-18-309", }, { name: "http://www.squid-cache.org/Advisories/SQUID-2018_3.txt", refsource: "CONFIRM", url: "http://www.squid-cache.org/Advisories/SQUID-2018_3.txt", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "99f1926a-a320-47d8-bbb5-42feb611262e", assignerShortName: "zdi", cveId: "CVE-2018-1172", datePublished: "2018-05-16T21:00:00", dateReserved: "2017-12-05T00:00:00", dateUpdated: "2024-08-05T03:51:48.966Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-31807
Vulnerability from cvelistv5
Published
2021-06-08 00:00
Modified
2024-08-03 23:10
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T23:10:30.180Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf", }, { tags: [ "x_transferred", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch", }, { name: "FEDORA-2021-c0bec55ec7", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/", }, { name: "FEDORA-2021-24af72ff2c", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/", }, { name: "[debian-lts-announce] 20210614 [SECURITY] [DLA 2685-1] squid3 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210716-0007/", }, { name: "[oss-security] 20231011 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/11/3", }, { name: "20231016 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2023/Oct/14", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-17T04:06:20.125839", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf", }, { url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch", }, { name: "FEDORA-2021-c0bec55ec7", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/", }, { name: "FEDORA-2021-24af72ff2c", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/", }, { name: "[debian-lts-announce] 20210614 [SECURITY] [DLA 2685-1] squid3 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html", }, { url: "https://security.netapp.com/advisory/ntap-20210716-0007/", }, { name: "[oss-security] 20231011 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/10/11/3", }, { name: "20231016 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2023/Oct/14", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-31807", datePublished: "2021-06-08T00:00:00", dateReserved: "2021-04-26T00:00:00", dateUpdated: "2024-08-03T23:10:30.180Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-0189
Vulnerability from cvelistv5
Published
2013-02-08 20:00
Modified
2024-08-06 14:18
Severity ?
EPSS score ?
Summary
cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect order of arguments or incorrect comparison.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T14:18:09.426Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID-2012_1.patch", }, { name: "DSA-2631", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2013/dsa-2631", }, { name: "MDVSA-2013:129", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2013:129", }, { name: "USN-1713-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-1713-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bazaar.launchpad.net/~squid/squid/3.2/revision/11744", }, { name: "SUSE-SU-2016:1996", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0029", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=887962#c9", }, { name: "openSUSE-SU-2013:1443", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2013-09/msg00032.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v3/3.2/changesets/SQUID-2012_1.patch", }, { name: "[scm-commits] 20130125 [squid/f17] CVE-2013-0189: Incomplete fix for the CVE-2012-5643", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/scm-commits/2013-January/934637.html", }, { name: "52024", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/52024", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bazaar.launchpad.net/~squid/squid/3.2/revision/11743", }, { name: "54839", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/54839", }, { name: "SUSE-SU-2016:2089", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "57646", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/57646", }, { name: "openSUSE-SU-2013:1436", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2013-09/msg00025.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=895972", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-01-16T00:00:00", descriptions: [ { lang: "en", value: "cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect order of arguments or incorrect comparison.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-25T20:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID-2012_1.patch", }, { name: "DSA-2631", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2013/dsa-2631", }, { name: "MDVSA-2013:129", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2013:129", }, { name: "USN-1713-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-1713-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bazaar.launchpad.net/~squid/squid/3.2/revision/11744", }, { name: "SUSE-SU-2016:1996", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0029", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=887962#c9", }, { name: "openSUSE-SU-2013:1443", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2013-09/msg00032.html", }, { tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/Versions/v3/3.2/changesets/SQUID-2012_1.patch", }, { name: "[scm-commits] 20130125 [squid/f17] CVE-2013-0189: Incomplete fix for the CVE-2012-5643", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://lists.fedoraproject.org/pipermail/scm-commits/2013-January/934637.html", }, { name: "52024", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/52024", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bazaar.launchpad.net/~squid/squid/3.2/revision/11743", }, { name: "54839", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/54839", }, { name: "SUSE-SU-2016:2089", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "57646", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/57646", }, { name: "openSUSE-SU-2013:1436", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2013-09/msg00025.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=895972", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-0189", datePublished: "2013-02-08T20:00:00", dateReserved: "2012-12-06T00:00:00", dateUpdated: "2024-08-06T14:18:09.426Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-14058
Vulnerability from cvelistv5
Published
2020-06-30 18:30
Modified
2024-08-04 12:32
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a TLS connection to an attacker-controlled server for HTTPS. This occurs because unrecognized error values are mapped to NULL, but later code expects that each error value is mapped to a valid error string.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.squid-cache.org/Versions/v5/changesets/squid-5-c6d1a4f6a2cbebceebc8a3fcd8f539ceb7b7f723.patch | x_refsource_MISC | |
| http://www.squid-cache.org/Versions/v4/changesets/squid-4-93f5fda134a2a010b84ffedbe833d670e63ba4be.patch | x_refsource_MISC | |
| http://www.squid-cache.org/Advisories/SQUID-2020_6.txt | x_refsource_CONFIRM | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3RG5FGSTCAYVIJPJHIY3MRZ7NFT6HDO7/ | vendor-advisory, x_refsource_FEDORA | |
| https://security.netapp.com/advisory/ntap-20210312-0001/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:32:14.692Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v5/changesets/squid-5-c6d1a4f6a2cbebceebc8a3fcd8f539ceb7b7f723.patch", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-93f5fda134a2a010b84ffedbe833d670e63ba4be.patch", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Advisories/SQUID-2020_6.txt", }, { name: "FEDORA-2020-cbebc5617e", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3RG5FGSTCAYVIJPJHIY3MRZ7NFT6HDO7/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210312-0001/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2020-06-19T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a TLS connection to an attacker-controlled server for HTTPS. This occurs because unrecognized error values are mapped to NULL, but later code expects that each error value is mapped to a valid error string.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-03-12T12:06:31", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/Versions/v5/changesets/squid-5-c6d1a4f6a2cbebceebc8a3fcd8f539ceb7b7f723.patch", }, { tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-93f5fda134a2a010b84ffedbe833d670e63ba4be.patch", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Advisories/SQUID-2020_6.txt", }, { name: "FEDORA-2020-cbebc5617e", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3RG5FGSTCAYVIJPJHIY3MRZ7NFT6HDO7/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210312-0001/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-14058", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a TLS connection to an attacker-controlled server for HTTPS. This occurs because unrecognized error values are mapped to NULL, but later code expects that each error value is mapped to a valid error string.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.squid-cache.org/Versions/v5/changesets/squid-5-c6d1a4f6a2cbebceebc8a3fcd8f539ceb7b7f723.patch", refsource: "MISC", url: "http://www.squid-cache.org/Versions/v5/changesets/squid-5-c6d1a4f6a2cbebceebc8a3fcd8f539ceb7b7f723.patch", }, { name: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-93f5fda134a2a010b84ffedbe833d670e63ba4be.patch", refsource: "MISC", url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-93f5fda134a2a010b84ffedbe833d670e63ba4be.patch", }, { name: "http://www.squid-cache.org/Advisories/SQUID-2020_6.txt", refsource: "CONFIRM", url: "http://www.squid-cache.org/Advisories/SQUID-2020_6.txt", }, { name: "FEDORA-2020-cbebc5617e", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3RG5FGSTCAYVIJPJHIY3MRZ7NFT6HDO7/", }, { name: "https://security.netapp.com/advisory/ntap-20210312-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210312-0001/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-14058", datePublished: "2020-06-30T18:30:56", dateReserved: "2020-06-13T00:00:00", dateUpdated: "2024-08-04T12:32:14.692Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2010-0639
Vulnerability from cvelistv5
Published
2010-02-15 18:00
Modified
2024-08-07 00:52
Severity ?
EPSS score ?
Summary
The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037159.html | vendor-advisory, x_refsource_FEDORA | |
| http://osvdb.org/62297 | vdb-entry, x_refsource_OSVDB | |
| http://www.squid-cache.org/Advisories/SQUID-2010_2.txt | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2010/0371 | vdb-entry, x_refsource_VUPEN | |
| http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035961.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.vupen.com/english/advisories/2010/0603 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/38812 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.squid-cache.org/Versions/v3/3.0/changesets/3.0-ADV-2010_2.patch | x_refsource_MISC | |
| http://bugs.squid-cache.org/show_bug.cgi?id=2858 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/38212 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id?1023587 | vdb-entry, x_refsource_SECTRACK | |
| http://www.squid-cache.org/Versions/v2/2.7/changesets/12600.patch | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T00:52:20.117Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "FEDORA-2010-2434", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037159.html", }, { name: "62297", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/62297", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Advisories/SQUID-2010_2.txt", }, { name: "ADV-2010-0371", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2010/0371", }, { name: "FEDORA-2010-3064", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035961.html", }, { name: "ADV-2010-0603", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2010/0603", }, { name: "38812", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/38812", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v3/3.0/changesets/3.0-ADV-2010_2.patch", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://bugs.squid-cache.org/show_bug.cgi?id=2858", }, { name: "38212", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/38212", }, { name: "1023587", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1023587", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v2/2.7/changesets/12600.patch", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2010-02-12T00:00:00", descriptions: [ { lang: "en", value: "The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2010-03-26T09:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "FEDORA-2010-2434", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037159.html", }, { name: "62297", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/62297", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Advisories/SQUID-2010_2.txt", }, { name: "ADV-2010-0371", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2010/0371", }, { name: "FEDORA-2010-3064", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035961.html", }, { name: "ADV-2010-0603", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2010/0603", }, { name: "38812", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/38812", }, { tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/Versions/v3/3.0/changesets/3.0-ADV-2010_2.patch", }, { tags: [ "x_refsource_MISC", ], url: "http://bugs.squid-cache.org/show_bug.cgi?id=2858", }, { name: "38212", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/38212", }, { name: "1023587", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1023587", }, { tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/Versions/v2/2.7/changesets/12600.patch", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2010-0639", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "FEDORA-2010-2434", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037159.html", }, { name: "62297", refsource: "OSVDB", url: "http://osvdb.org/62297", }, { name: "http://www.squid-cache.org/Advisories/SQUID-2010_2.txt", refsource: "CONFIRM", url: "http://www.squid-cache.org/Advisories/SQUID-2010_2.txt", }, { name: "ADV-2010-0371", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2010/0371", }, { name: "FEDORA-2010-3064", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035961.html", }, { name: "ADV-2010-0603", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2010/0603", }, { name: "38812", refsource: "SECUNIA", url: "http://secunia.com/advisories/38812", }, { name: "http://www.squid-cache.org/Versions/v3/3.0/changesets/3.0-ADV-2010_2.patch", refsource: "MISC", url: "http://www.squid-cache.org/Versions/v3/3.0/changesets/3.0-ADV-2010_2.patch", }, { name: "http://bugs.squid-cache.org/show_bug.cgi?id=2858", refsource: "MISC", url: "http://bugs.squid-cache.org/show_bug.cgi?id=2858", }, { name: "38212", refsource: "BID", url: "http://www.securityfocus.com/bid/38212", }, { name: "1023587", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1023587", }, { name: "http://www.squid-cache.org/Versions/v2/2.7/changesets/12600.patch", refsource: "MISC", url: "http://www.squid-cache.org/Versions/v2/2.7/changesets/12600.patch", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2010-0639", datePublished: "2010-02-15T18:00:00", dateReserved: "2010-02-15T00:00:00", dateUpdated: "2024-08-07T00:52:20.117Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-12521
Vulnerability from cvelistv5
Published
2020-04-15 18:47
Modified
2024-08-04 23:24
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while processing.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12521.txt | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2020/04/23/1 | mailing-list, x_refsource_MLIST | |
| https://www.debian.org/security/2020/dsa-4682 | vendor-advisory, x_refsource_DEBIAN | |
| http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html | vendor-advisory, x_refsource_SUSE | |
| https://security.gentoo.org/glsa/202005-05 | vendor-advisory, x_refsource_GENTOO | |
| https://usn.ubuntu.com/4356-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20210205-0006/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:24:38.850Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12521.txt", }, { name: "[oss-security] 20200423 [ADVISORY] SQUID-2019:12 Multiple issues in ESI Response processing", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2020/04/23/1", }, { name: "DSA-4682", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4682", }, { name: "openSUSE-SU-2020:0623", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html", }, { name: "GLSA-202005-05", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202005-05", }, { name: "USN-4356-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4356-1/", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210205-0006/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while processing.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-02-05T11:06:18", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12521.txt", }, { name: "[oss-security] 20200423 [ADVISORY] SQUID-2019:12 Multiple issues in ESI Response processing", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2020/04/23/1", }, { name: "DSA-4682", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4682", }, { name: "openSUSE-SU-2020:0623", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html", }, { name: "GLSA-202005-05", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202005-05", }, { name: "USN-4356-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4356-1/", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210205-0006/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-12521", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while processing.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12521.txt", refsource: "MISC", url: "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12521.txt", }, { name: "[oss-security] 20200423 [ADVISORY] SQUID-2019:12 Multiple issues in ESI Response processing", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2020/04/23/1", }, { name: "DSA-4682", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4682", }, { name: "openSUSE-SU-2020:0623", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html", }, { name: "GLSA-202005-05", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202005-05", }, { name: "USN-4356-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4356-1/", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { name: "https://security.netapp.com/advisory/ntap-20210205-0006/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210205-0006/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-12521", datePublished: "2020-04-15T18:47:43", dateReserved: "2019-06-02T00:00:00", dateUpdated: "2024-08-04T23:24:38.850Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2011-4096
Vulnerability from cvelistv5
Published
2011-11-17 19:00
Modified
2024-08-06 23:53
Severity ?
EPSS score ?
Summary
The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record.
References
| ▼ | URL | Tags |
|---|---|---|
| http://bugs.squid-cache.org/show_bug.cgi?id=3237#c12 | x_refsource_MISC | |
| http://www.redhat.com/support/errata/RHSA-2011-1791.html | vendor-advisory, x_refsource_REDHAT | |
| http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html | vendor-advisory, x_refsource_SUSE | |
| http://www.openwall.com/lists/oss-security/2011/10/31/5 | mailing-list, x_refsource_MLIST | |
| http://www.securitytracker.com/id?1026265 | vdb-entry, x_refsource_SECTRACK | |
| http://www.openwall.com/lists/oss-security/2011/11/01/3 | mailing-list, x_refsource_MLIST | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2011:193 | vendor-advisory, x_refsource_MANDRIVA | |
| http://secunia.com/advisories/46609 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID_3_1_16.html | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html | vendor-advisory, x_refsource_SUSE | |
| http://secunia.com/advisories/47459 | third-party-advisory, x_refsource_SECUNIA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T23:53:32.679Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://bugs.squid-cache.org/show_bug.cgi?id=3237#c12", }, { name: "RHSA-2011:1791", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2011-1791.html", }, { name: "SUSE-SU-2016:1996", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { name: "[oss-security] 20111031 CVE Request -- Squid v3.1.16 -- Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2011/10/31/5", }, { name: "1026265", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1026265", }, { name: "[oss-security] 20111031 Re: CVE Request -- Squid v3.1.16 -- Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2011/11/01/3", }, { name: "MDVSA-2011:193", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:193", }, { name: "46609", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/46609", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID_3_1_16.html", }, { name: "SUSE-SU-2016:2089", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "47459", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/47459", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2011-10-31T00:00:00", descriptions: [ { lang: "en", value: "The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-25T20:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://bugs.squid-cache.org/show_bug.cgi?id=3237#c12", }, { name: "RHSA-2011:1791", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2011-1791.html", }, { name: "SUSE-SU-2016:1996", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { name: "[oss-security] 20111031 CVE Request -- Squid v3.1.16 -- Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2011/10/31/5", }, { name: "1026265", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1026265", }, { name: "[oss-security] 20111031 Re: CVE Request -- Squid v3.1.16 -- Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2011/11/01/3", }, { name: "MDVSA-2011:193", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:193", }, { name: "46609", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/46609", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID_3_1_16.html", }, { name: "SUSE-SU-2016:2089", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "47459", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/47459", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2011-4096", datePublished: "2011-11-17T19:00:00", dateReserved: "2011-10-18T00:00:00", dateUpdated: "2024-08-06T23:53:32.679Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-46724
Vulnerability from cvelistv5
Published
2023-11-01 19:09
Modified
2025-02-13 17:14
Severity ?
EPSS score ?
Summary
Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| squid-cache | squid |
Version: >= 3.3.0.1, < 6.4 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:53:20.863Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3", }, { name: "https://github.com/squid-cache/squid/commit/b70f864940225dfe69f9f653f948e787f99c3810", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/squid-cache/squid/commit/b70f864940225dfe69f9f653f948e787f99c3810", }, { name: "http://www.squid-cache.org/Versions/v5/SQUID-2023_4.patch", tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v5/SQUID-2023_4.patch", }, { name: "http://www.squid-cache.org/Versions/v6/SQUID-2023_4.patch", tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v6/SQUID-2023_4.patch", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20231208-0001/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-46724", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-05T20:13:11.511935Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-05T20:13:29.792Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "squid", vendor: "squid-cache", versions: [ { status: "affected", version: ">= 3.3.0.1, < 6.4", }, ], }, ], descriptions: [ { lang: "en", value: "Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-129", description: "CWE-129: Improper Validation of Array Index", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-786", description: "CWE-786: Access of Memory Location Before Start of Buffer", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-823", description: "CWE-823: Use of Out-of-range Pointer Offset", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-1285", description: "CWE-1285: Improper Validation of Specified Index, Position, or Offset in Input", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-29T03:06:29.936Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3", }, { name: "https://github.com/squid-cache/squid/commit/b70f864940225dfe69f9f653f948e787f99c3810", tags: [ "x_refsource_MISC", ], url: "https://github.com/squid-cache/squid/commit/b70f864940225dfe69f9f653f948e787f99c3810", }, { name: "http://www.squid-cache.org/Versions/v5/SQUID-2023_4.patch", tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/Versions/v5/SQUID-2023_4.patch", }, { name: "http://www.squid-cache.org/Versions/v6/SQUID-2023_4.patch", tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/Versions/v6/SQUID-2023_4.patch", }, { url: "https://security.netapp.com/advisory/ntap-20231208-0001/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/", }, ], source: { advisory: "GHSA-73m6-jm96-c6r3", discovery: "UNKNOWN", }, title: "SQUID-2023:4 Denial of Service in SSL Certificate validation", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-46724", datePublished: "2023-11-01T19:09:34.513Z", dateReserved: "2023-10-25T14:30:33.751Z", dateUpdated: "2025-02-13T17:14:32.361Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-0211
Vulnerability from cvelistv5
Published
2005-02-06 05:00
Modified
2024-08-07 21:05
Severity ?
EPSS score ?
Summary
Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recvfrom function call that uses an incorrect length parameter.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T21:05:25.302Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1013045", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1013045", }, { name: "13319", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/13319", }, { name: "VU#886006", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/886006", }, { name: "14076", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/14076", }, { name: "FLSA-2006:152809", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://fedoranews.org/updates/FEDORA--.shtml", }, { name: "12432", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/12432", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-wccp_buffer_overflow.patch", }, { name: "RHSA-2005:061", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-061.html", }, { name: "oval:org.mitre.oval:def:9573", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9573", }, { name: "MDKSA-2005:034", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034", }, { name: "DSA-667", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2005/dsa-667", }, { name: "20050207 [USN-77-1] Squid vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=110780531820947&w=2", }, { name: "SUSE-SA:2005:006", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2005_06_squid.html", }, { name: "RHSA-2005:060", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-060.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-wccp_buffer_overflow", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-01-28T00:00:00", descriptions: [ { lang: "en", value: "Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recvfrom function call that uses an incorrect length parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "1013045", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1013045", }, { name: "13319", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/13319", }, { name: "VU#886006", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/886006", }, { name: "14076", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/14076", }, { name: "FLSA-2006:152809", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://fedoranews.org/updates/FEDORA--.shtml", }, { name: "12432", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/12432", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-wccp_buffer_overflow.patch", }, { name: "RHSA-2005:061", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-061.html", }, { name: "oval:org.mitre.oval:def:9573", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9573", }, { name: "MDKSA-2005:034", tags: [ "vendor-advisory", "x_refsource_MANDRAKE", ], url: "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034", }, { name: "DSA-667", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2005/dsa-667", }, { name: "20050207 [USN-77-1] Squid vulnerabilities", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=110780531820947&w=2", }, { name: "SUSE-SA:2005:006", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2005_06_squid.html", }, { name: "RHSA-2005:060", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-060.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-wccp_buffer_overflow", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2005-0211", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recvfrom function call that uses an incorrect length parameter.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1013045", refsource: "SECTRACK", url: "http://securitytracker.com/id?1013045", }, { name: "13319", refsource: "OSVDB", url: "http://www.osvdb.org/13319", }, { name: "VU#886006", refsource: "CERT-VN", url: "http://www.kb.cert.org/vuls/id/886006", }, { name: "14076", refsource: "SECUNIA", url: "http://secunia.com/advisories/14076", }, { name: "FLSA-2006:152809", refsource: "FEDORA", url: "http://fedoranews.org/updates/FEDORA--.shtml", }, { name: "12432", refsource: "BID", url: "http://www.securityfocus.com/bid/12432", }, { name: "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-wccp_buffer_overflow.patch", refsource: "CONFIRM", url: "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-wccp_buffer_overflow.patch", }, { name: "RHSA-2005:061", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2005-061.html", }, { name: "oval:org.mitre.oval:def:9573", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9573", }, { name: "MDKSA-2005:034", refsource: "MANDRAKE", url: "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034", }, { name: "DSA-667", refsource: "DEBIAN", url: "http://www.debian.org/security/2005/dsa-667", }, { name: "20050207 [USN-77-1] Squid vulnerabilities", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=110780531820947&w=2", }, { name: "SUSE-SA:2005:006", refsource: "SUSE", url: "http://www.novell.com/linux/security/advisories/2005_06_squid.html", }, { name: "RHSA-2005:060", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2005-060.html", }, { name: "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-wccp_buffer_overflow", refsource: "CONFIRM", url: "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-wccp_buffer_overflow", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2005-0211", datePublished: "2005-02-06T05:00:00", dateReserved: "2005-02-01T00:00:00", dateUpdated: "2024-08-07T21:05:25.302Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-31806
Vulnerability from cvelistv5
Published
2021-05-27 00:00
Modified
2024-08-03 23:10
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T23:10:30.236Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf", }, { tags: [ "x_transferred", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch", }, { name: "DSA-4924", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2021/dsa-4924", }, { name: "FEDORA-2021-c0bec55ec7", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/", }, { name: "FEDORA-2021-24af72ff2c", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/", }, { name: "[debian-lts-announce] 20210614 [SECURITY] [DLA 2685-1] squid3 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210716-0007/", }, { name: "[oss-security] 20231011 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/11/3", }, { name: "20231016 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2023/Oct/14", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-17T04:06:21.884321", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf", }, { url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch", }, { name: "DSA-4924", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2021/dsa-4924", }, { name: "FEDORA-2021-c0bec55ec7", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/", }, { name: "FEDORA-2021-24af72ff2c", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/", }, { name: "[debian-lts-announce] 20210614 [SECURITY] [DLA 2685-1] squid3 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html", }, { url: "https://security.netapp.com/advisory/ntap-20210716-0007/", }, { name: "[oss-security] 20231011 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/10/11/3", }, { name: "20231016 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2023/Oct/14", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-31806", datePublished: "2021-05-27T00:00:00", dateReserved: "2021-04-26T00:00:00", dateUpdated: "2024-08-03T23:10:30.236Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-12529
Vulnerability from cvelistv5
Published
2019-07-11 18:33
Modified
2024-08-04 23:24
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checking its table. The length is then used to start decoding the string. There are no checks to ensure that the length it calculates isn't greater than the input buffer. This leads to adjacent memory being decoded as well. An attacker would not be able to retrieve the decoded data unless the Squid maintainer had configured the display of usernames on error pages.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:24:38.470Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v4/changesets/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/squid-cache/squid/commits/v4", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-dd46b5417809647f561d8a5e0e74c3aacd235258.patch", }, { name: "USN-4065-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4065-1/", }, { name: "[debian-lts-announce] 20190720 [SECURITY] [DLA 1858-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00018.html", }, { name: "USN-4065-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4065-2/", }, { name: "FEDORA-2019-cb50bcc189", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/", }, { name: "DSA-4507", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4507", }, { name: "20190825 [SECURITY] [DSA 4507-1] squid security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Aug/42", }, { name: "openSUSE-SU-2019:2540", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html", }, { name: "openSUSE-SU-2019:2541", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2019-06-19T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checking its table. The length is then used to start decoding the string. There are no checks to ensure that the length it calculates isn't greater than the input buffer. This leads to adjacent memory being decoded as well. An attacker would not be able to retrieve the decoded data unless the Squid maintainer had configured the display of usernames on error pages.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-10T23:06:10", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v4/changesets/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/squid-cache/squid/commits/v4", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-dd46b5417809647f561d8a5e0e74c3aacd235258.patch", }, { name: "USN-4065-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4065-1/", }, { name: "[debian-lts-announce] 20190720 [SECURITY] [DLA 1858-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00018.html", }, { name: "USN-4065-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4065-2/", }, { name: "FEDORA-2019-cb50bcc189", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/", }, { name: "DSA-4507", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2019/dsa-4507", }, { name: "20190825 [SECURITY] [DSA 4507-1] squid security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Aug/42", }, { name: "openSUSE-SU-2019:2540", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html", }, { name: "openSUSE-SU-2019:2541", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-12529", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checking its table. The length is then used to start decoding the string. There are no checks to ensure that the length it calculates isn't greater than the input buffer. This leads to adjacent memory being decoded as well. An attacker would not be able to retrieve the decoded data unless the Squid maintainer had configured the display of usernames on error pages.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.squid-cache.org/Versions/v4/changesets/", refsource: "CONFIRM", url: "http://www.squid-cache.org/Versions/v4/changesets/", }, { name: "https://github.com/squid-cache/squid/commits/v4", refsource: "CONFIRM", url: "https://github.com/squid-cache/squid/commits/v4", }, { name: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-dd46b5417809647f561d8a5e0e74c3aacd235258.patch", refsource: "CONFIRM", url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-dd46b5417809647f561d8a5e0e74c3aacd235258.patch", }, { name: "USN-4065-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4065-1/", }, { name: "[debian-lts-announce] 20190720 [SECURITY] [DLA 1858-1] squid3 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00018.html", }, { name: "USN-4065-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4065-2/", }, { name: "FEDORA-2019-cb50bcc189", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/", }, { name: "DSA-4507", refsource: "DEBIAN", url: "https://www.debian.org/security/2019/dsa-4507", }, { name: "20190825 [SECURITY] [DSA 4507-1] squid security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Aug/42", }, { name: "openSUSE-SU-2019:2540", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html", }, { name: "openSUSE-SU-2019:2541", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-12529", datePublished: "2019-07-11T18:33:55", dateReserved: "2019-06-02T00:00:00", dateUpdated: "2024-08-04T23:24:38.470Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-15049
Vulnerability from cvelistv5
Published
2020-06-30 17:55
Modified
2024-08-04 13:08
Severity ?
EPSS score ?
Summary
An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an uncommon shell whitespace character prefix to the length field-value.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T13:08:21.396Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-ea12a34d338b962707d5078d6d1fc7c6eb119a22.patch", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v5/changesets/squid-5-485c9a7bb1bba88754e07ad0094647ea57a6eb8d.patch", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-qf3v-rc95-96j5", }, { name: "FEDORA-2020-cbebc5617e", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3RG5FGSTCAYVIJPJHIY3MRZ7NFT6HDO7/", }, { name: "DSA-4732", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4732", }, { name: "openSUSE-SU-2020:1346", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html", }, { name: "openSUSE-SU-2020:1369", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html", }, { name: "USN-4551-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4551-1/", }, { name: "[debian-lts-announce] 20201002 [SECURITY] [DLA 2394-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210312-0001/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2020-06-26T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing \"+\\ \"-\" or an uncommon shell whitespace character prefix to the length field-value.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.9, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-03-12T12:06:30", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-ea12a34d338b962707d5078d6d1fc7c6eb119a22.patch", }, { tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/Versions/v5/changesets/squid-5-485c9a7bb1bba88754e07ad0094647ea57a6eb8d.patch", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-qf3v-rc95-96j5", }, { name: "FEDORA-2020-cbebc5617e", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3RG5FGSTCAYVIJPJHIY3MRZ7NFT6HDO7/", }, { name: "DSA-4732", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4732", }, { name: "openSUSE-SU-2020:1346", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html", }, { name: "openSUSE-SU-2020:1369", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html", }, { name: "USN-4551-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4551-1/", }, { name: "[debian-lts-announce] 20201002 [SECURITY] [DLA 2394-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210312-0001/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-15049", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing \"+\\ \"-\" or an uncommon shell whitespace character prefix to the length field-value.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-ea12a34d338b962707d5078d6d1fc7c6eb119a22.patch", refsource: "MISC", url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-ea12a34d338b962707d5078d6d1fc7c6eb119a22.patch", }, { name: "http://www.squid-cache.org/Versions/v5/changesets/squid-5-485c9a7bb1bba88754e07ad0094647ea57a6eb8d.patch", refsource: "MISC", url: "http://www.squid-cache.org/Versions/v5/changesets/squid-5-485c9a7bb1bba88754e07ad0094647ea57a6eb8d.patch", }, { name: "https://github.com/squid-cache/squid/security/advisories/GHSA-qf3v-rc95-96j5", refsource: "CONFIRM", url: "https://github.com/squid-cache/squid/security/advisories/GHSA-qf3v-rc95-96j5", }, { name: "FEDORA-2020-cbebc5617e", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3RG5FGSTCAYVIJPJHIY3MRZ7NFT6HDO7/", }, { name: "DSA-4732", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4732", }, { name: "openSUSE-SU-2020:1346", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html", }, { name: "openSUSE-SU-2020:1369", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html", }, { name: "USN-4551-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4551-1/", }, { name: "[debian-lts-announce] 20201002 [SECURITY] [DLA 2394-1] squid3 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html", }, { name: "https://security.netapp.com/advisory/ntap-20210312-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210312-0001/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-15049", datePublished: "2020-06-30T17:55:55", dateReserved: "2020-06-25T00:00:00", dateUpdated: "2024-08-04T13:08:21.396Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-23638
Vulnerability from cvelistv5
Published
2024-01-23 23:23
Modified
2025-02-13 17:39
Severity ?
EPSS score ?
Summary
Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client Manager reports. Squid older than 5.0.5 have not been tested and should be assumed to be vulnerable. All Squid-5.x up to and including 5.9 are vulnerable. All Squid-6.x up to and including 6.5 are vulnerable. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. As a workaround, prevent access to Cache Manager using Squid's main access control: `http_access deny manager`.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| squid-cache | squid |
Version: < 6.6 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T23:06:25.310Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/squid-cache/squid/security/advisories/GHSA-j49p-553x-48rx", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-j49p-553x-48rx", }, { name: "https://github.com/squid-cache/squid/commit/290ae202883ac28a48867079c2fb34c40efd382b", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/squid-cache/squid/commit/290ae202883ac28a48867079c2fb34c40efd382b", }, { name: "https://github.com/squid-cache/squid/commit/e8118a7381213f5cfcdeb4cec1d2d854bfd261c8", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/squid-cache/squid/commit/e8118a7381213f5cfcdeb4cec1d2d854bfd261c8", }, { name: "https://megamansec.github.io/Squid-Security-Audit/stream-assert.html", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://megamansec.github.io/Squid-Security-Audit/stream-assert.html", }, { name: "http://www.squid-cache.org/Versions/v5/SQUID-2023_11.patch", tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v5/SQUID-2023_11.patch", }, { name: "http://www.squid-cache.org/Versions/v6/SQUID-2023_11.patch", tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v6/SQUID-2023_11.patch", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240208-0010/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7R4KPSO3MQT3KAOZV7LC2GG3CYMCGK7H/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWQHRDRHDM5PQTU6BHH4C5KGL37X6TVI/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "squid", vendor: "squid-cache", versions: [ { status: "affected", version: "< 6.6", }, ], }, ], descriptions: [ { lang: "en", value: "Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client Manager reports. Squid older than 5.0.5 have not been tested and should be assumed to be vulnerable. All Squid-5.x up to and including 5.9 are vulnerable. All Squid-6.x up to and including 6.5 are vulnerable. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. As a workaround, prevent access to Cache Manager using Squid's main access control: `http_access deny manager`.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-825", description: "CWE-825: Expired Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-25T02:06:01.902Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/squid-cache/squid/security/advisories/GHSA-j49p-553x-48rx", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-j49p-553x-48rx", }, { name: "https://github.com/squid-cache/squid/commit/290ae202883ac28a48867079c2fb34c40efd382b", tags: [ "x_refsource_MISC", ], url: "https://github.com/squid-cache/squid/commit/290ae202883ac28a48867079c2fb34c40efd382b", }, { name: "https://github.com/squid-cache/squid/commit/e8118a7381213f5cfcdeb4cec1d2d854bfd261c8", tags: [ "x_refsource_MISC", ], url: "https://github.com/squid-cache/squid/commit/e8118a7381213f5cfcdeb4cec1d2d854bfd261c8", }, { name: "https://megamansec.github.io/Squid-Security-Audit/stream-assert.html", tags: [ "x_refsource_MISC", ], url: "https://megamansec.github.io/Squid-Security-Audit/stream-assert.html", }, { name: "http://www.squid-cache.org/Versions/v5/SQUID-2023_11.patch", tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/Versions/v5/SQUID-2023_11.patch", }, { name: "http://www.squid-cache.org/Versions/v6/SQUID-2023_11.patch", tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/Versions/v6/SQUID-2023_11.patch", }, { url: "https://security.netapp.com/advisory/ntap-20240208-0010/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7R4KPSO3MQT3KAOZV7LC2GG3CYMCGK7H/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWQHRDRHDM5PQTU6BHH4C5KGL37X6TVI/", }, ], source: { advisory: "GHSA-j49p-553x-48rx", discovery: "UNKNOWN", }, title: "SQUID-2023:11 Denial of Service in Cache Manager", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-23638", datePublished: "2024-01-23T23:23:19.070Z", dateReserved: "2024-01-19T00:18:53.232Z", dateUpdated: "2025-02-13T17:39:49.182Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2013-4115
Vulnerability from cvelistv5
Published
2013-08-09 22:00
Modified
2024-08-06 16:30
Severity ?
EPSS score ?
Summary
Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server termination) via a long name in a DNS lookup request.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T16:30:50.017Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10487.patch", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Advisories/SQUID-2013_2.txt", }, { name: "54076", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/54076", }, { name: "SUSE-SU-2016:1996", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { name: "openSUSE-SU-2013:1441", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2013-09/msg00030.html", }, { name: "openSUSE-SU-2013:1444", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2013-09/msg00033.html", }, { name: "54834", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/54834", }, { name: "openSUSE-SU-2013:1443", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2013-09/msg00032.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12587.patch", }, { name: "61111", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/61111", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11823.patch", }, { name: "54839", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/54839", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9200.patch", }, { name: "SUSE-SU-2016:2089", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "openSUSE-SU-2013:1435", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2013-09/msg00024.html", }, { name: "squid-idnsalookup-bo(85564)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/85564", }, { name: "openSUSE-SU-2013:1436", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2013-09/msg00025.html", }, { name: "[oss-security] 20130711 Re: CVE request: SQUID-2013:2: buffer overflow in HTTP request handling", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2013/07/11/8", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2013-07-10T00:00:00", descriptions: [ { lang: "en", value: "Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server termination) via a long name in a DNS lookup request.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10487.patch", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Advisories/SQUID-2013_2.txt", }, { name: "54076", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/54076", }, { name: "SUSE-SU-2016:1996", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { name: "openSUSE-SU-2013:1441", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2013-09/msg00030.html", }, { name: "openSUSE-SU-2013:1444", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2013-09/msg00033.html", }, { name: "54834", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/54834", }, { name: "openSUSE-SU-2013:1443", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2013-09/msg00032.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12587.patch", }, { name: "61111", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/61111", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11823.patch", }, { name: "54839", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/54839", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9200.patch", }, { name: "SUSE-SU-2016:2089", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "openSUSE-SU-2013:1435", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2013-09/msg00024.html", }, { name: "squid-idnsalookup-bo(85564)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/85564", }, { name: "openSUSE-SU-2013:1436", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2013-09/msg00025.html", }, { name: "[oss-security] 20130711 Re: CVE request: SQUID-2013:2: buffer overflow in HTTP request handling", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2013/07/11/8", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2013-4115", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server termination) via a long name in a DNS lookup request.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10487.patch", refsource: "CONFIRM", url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10487.patch", }, { name: "http://www.squid-cache.org/Advisories/SQUID-2013_2.txt", refsource: "CONFIRM", url: "http://www.squid-cache.org/Advisories/SQUID-2013_2.txt", }, { name: "54076", refsource: "SECUNIA", url: "http://secunia.com/advisories/54076", }, { name: "SUSE-SU-2016:1996", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { name: "openSUSE-SU-2013:1441", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2013-09/msg00030.html", }, { name: "openSUSE-SU-2013:1444", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2013-09/msg00033.html", }, { name: "54834", refsource: "SECUNIA", url: "http://secunia.com/advisories/54834", }, { name: "openSUSE-SU-2013:1443", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2013-09/msg00032.html", }, { name: "http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12587.patch", refsource: "CONFIRM", url: "http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12587.patch", }, { name: "61111", refsource: "BID", url: "http://www.securityfocus.com/bid/61111", }, { name: "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11823.patch", refsource: "CONFIRM", url: "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11823.patch", }, { name: "54839", refsource: "SECUNIA", url: "http://secunia.com/advisories/54839", }, { name: "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9200.patch", refsource: "CONFIRM", url: "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9200.patch", }, { name: "SUSE-SU-2016:2089", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "openSUSE-SU-2013:1435", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2013-09/msg00024.html", }, { name: "squid-idnsalookup-bo(85564)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/85564", }, { name: "openSUSE-SU-2013:1436", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2013-09/msg00025.html", }, { name: "[oss-security] 20130711 Re: CVE request: SQUID-2013:2: buffer overflow in HTTP request handling", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2013/07/11/8", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2013-4115", datePublished: "2013-08-09T22:00:00", dateReserved: "2013-06-12T00:00:00", dateUpdated: "2024-08-06T16:30:50.017Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-46784
Vulnerability from cvelistv5
Published
2022-07-17 00:00
Modified
2024-08-04 05:17
Severity ?
EPSS score ?
Summary
In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T05:17:42.311Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/squid-cache/squid/commit/5e2ea2b13bd98f53e29964ca26bb0d602a8a12b9", }, { tags: [ "x_transferred", ], url: "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2021_7.patch", }, { tags: [ "x_transferred", ], url: "http://www.squid-cache.org/Versions/v5/changesets/SQUID-2021_7.patch", }, { tags: [ "x_transferred", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-f5cp-6rh3-284w", }, { tags: [ "x_transferred", ], url: "https://security-tracker.debian.org/tracker/CVE-2021-46784", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20221223-0007/", }, { name: "[oss-security] 20231013 Re: Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/13/1", }, { name: "[oss-security] 20231013 Re: Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/13/10", }, { name: "[oss-security] 20231021 Re: Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/21/1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-21T23:06:16.659186", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/squid-cache/squid/commit/5e2ea2b13bd98f53e29964ca26bb0d602a8a12b9", }, { url: "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2021_7.patch", }, { url: "http://www.squid-cache.org/Versions/v5/changesets/SQUID-2021_7.patch", }, { url: "https://github.com/squid-cache/squid/security/advisories/GHSA-f5cp-6rh3-284w", }, { url: "https://security-tracker.debian.org/tracker/CVE-2021-46784", }, { url: "https://security.netapp.com/advisory/ntap-20221223-0007/", }, { name: "[oss-security] 20231013 Re: Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/10/13/1", }, { name: "[oss-security] 20231013 Re: Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/10/13/10", }, { name: "[oss-security] 20231021 Re: Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/10/21/1", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-46784", datePublished: "2022-07-17T00:00:00", dateReserved: "2022-04-21T00:00:00", dateUpdated: "2024-08-04T05:17:42.311Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2011-3205
Vulnerability from cvelistv5
Published
2011-09-06 15:00
Modified
2024-08-06 23:29
Severity ?
EPSS score ?
Summary
Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T23:29:55.437Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2011:1293", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2011-1293.html", }, { name: "46029", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/46029", }, { name: "45906", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/45906", }, { name: "FEDORA-2011-11854", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065534.html", }, { name: "SUSE-SU-2016:1996", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { name: "SUSE-SU-2011:1019", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00013.html", }, { name: "1025981", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1025981", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9193.patch", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10363.patch", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v2/2.HEAD/changesets/12710.patch", }, { name: "45965", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/45965", }, { name: "45805", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/45805", }, { name: "DSA-2304", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2011/dsa-2304", }, { name: "[oss-security] 20110830 Re: CVE-request(?): squid: buffer overflow in Gopher reply parser", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://openwall.com/lists/oss-security/2011/08/30/8", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Advisories/SQUID-2011_3.txt", }, { name: "openSUSE-SU-2011:1018", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00012.html", }, { name: "[oss-security] 20110829 CVE-request(?): squid: buffer overflow in Gopher reply parser", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://openwall.com/lists/oss-security/2011/08/29/2", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=734583", }, { name: "[oss-security] 20110830 Re: CVE-request(?): squid: buffer overflow in Gopher reply parser", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://openwall.com/lists/oss-security/2011/08/30/4", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11294.patch", }, { name: "SUSE-SU-2016:2089", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "49356", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/49356", }, { name: "74847", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/74847", }, { name: "45920", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/45920", }, { name: "MDVSA-2011:150", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:150", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2011-08-29T00:00:00", descriptions: [ { lang: "en", value: "Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-25T20:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2011:1293", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2011-1293.html", }, { name: "46029", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/46029", }, { name: "45906", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/45906", }, { name: "FEDORA-2011-11854", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065534.html", }, { name: "SUSE-SU-2016:1996", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { name: "SUSE-SU-2011:1019", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00013.html", }, { name: "1025981", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1025981", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9193.patch", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10363.patch", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v2/2.HEAD/changesets/12710.patch", }, { name: "45965", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/45965", }, { name: "45805", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/45805", }, { name: "DSA-2304", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2011/dsa-2304", }, { name: "[oss-security] 20110830 Re: CVE-request(?): squid: buffer overflow in Gopher reply parser", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://openwall.com/lists/oss-security/2011/08/30/8", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Advisories/SQUID-2011_3.txt", }, { name: "openSUSE-SU-2011:1018", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00012.html", }, { name: "[oss-security] 20110829 CVE-request(?): squid: buffer overflow in Gopher reply parser", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://openwall.com/lists/oss-security/2011/08/29/2", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=734583", }, { name: "[oss-security] 20110830 Re: CVE-request(?): squid: buffer overflow in Gopher reply parser", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://openwall.com/lists/oss-security/2011/08/30/4", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11294.patch", }, { name: "SUSE-SU-2016:2089", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "49356", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/49356", }, { name: "74847", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/74847", }, { name: "45920", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/45920", }, { name: "MDVSA-2011:150", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2011:150", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2011-3205", datePublished: "2011-09-06T15:00:00", dateReserved: "2011-08-19T00:00:00", dateUpdated: "2024-08-06T23:29:55.437Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-24606
Vulnerability from cvelistv5
Published
2020-08-24 17:06
Modified
2024-08-04 15:19
Severity ?
EPSS score ?
Summary
Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T15:19:08.544Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_9.patch", }, { name: "DSA-4751", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4751", }, { name: "USN-4477-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4477-1/", }, { name: "FEDORA-2020-73af8655eb", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/", }, { name: "FEDORA-2020-63f3bd656e", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMTFLVB7GLRF2CKGFPZ4G4R5DIIPHWI3/", }, { name: "openSUSE-SU-2020:1346", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html", }, { name: "openSUSE-SU-2020:1369", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html", }, { name: "FEDORA-2020-6c58bff862", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2/", }, { name: "USN-4551-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4551-1/", }, { name: "[debian-lts-announce] 20201002 [SECURITY] [DLA 2394-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210219-0007/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210226-0007/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210226-0006/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:C/UI:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-02-26T08:06:41", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg", }, { tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_9.patch", }, { name: "DSA-4751", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4751", }, { name: "USN-4477-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4477-1/", }, { name: "FEDORA-2020-73af8655eb", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/", }, { name: "FEDORA-2020-63f3bd656e", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMTFLVB7GLRF2CKGFPZ4G4R5DIIPHWI3/", }, { name: "openSUSE-SU-2020:1346", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html", }, { name: "openSUSE-SU-2020:1369", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html", }, { name: "FEDORA-2020-6c58bff862", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2/", }, { name: "USN-4551-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4551-1/", }, { name: "[debian-lts-announce] 20201002 [SECURITY] [DLA 2394-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210219-0007/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210226-0007/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210226-0006/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-24606", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:C/UI:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg", refsource: "MISC", url: "https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg", }, { name: "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_9.patch", refsource: "MISC", url: "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_9.patch", }, { name: "DSA-4751", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4751", }, { name: "USN-4477-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4477-1/", }, { name: "FEDORA-2020-73af8655eb", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/", }, { name: "FEDORA-2020-63f3bd656e", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BMTFLVB7GLRF2CKGFPZ4G4R5DIIPHWI3/", }, { name: "openSUSE-SU-2020:1346", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html", }, { name: "openSUSE-SU-2020:1369", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html", }, { name: "FEDORA-2020-6c58bff862", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2/", }, { name: "USN-4551-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4551-1/", }, { name: "[debian-lts-announce] 20201002 [SECURITY] [DLA 2394-1] squid3 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html", }, { name: "https://security.netapp.com/advisory/ntap-20210219-0007/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210219-0007/", }, { name: "https://security.netapp.com/advisory/ntap-20210226-0007/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210226-0007/", }, { name: "https://security.netapp.com/advisory/ntap-20210226-0006/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210226-0006/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-24606", datePublished: "2020-08-24T17:06:24", dateReserved: "2020-08-24T00:00:00", dateUpdated: "2024-08-04T15:19:08.544Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-7142
Vulnerability from cvelistv5
Published
2014-11-26 15:00
Modified
2024-08-06 12:40
Severity ?
EPSS score ?
Summary
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.squid-cache.org/Advisories/SQUID-2014_4.txt | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html | vendor-advisory, x_refsource_SUSE | |
| http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html | x_refsource_CONFIRM | |
| http://secunia.com/advisories/60242 | third-party-advisory, x_refsource_SECUNIA | |
| https://bugzilla.novell.com/show_bug.cgi?id=891268 | x_refsource_CONFIRM | |
| http://seclists.org/oss-sec/2014/q3/613 | mailing-list, x_refsource_MLIST | |
| http://seclists.org/oss-sec/2014/q3/539 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/70022 | vdb-entry, x_refsource_BID | |
| http://ubuntu.com/usn/usn-2422-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html | vendor-advisory, x_refsource_SUSE | |
| http://seclists.org/oss-sec/2014/q3/626 | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T12:40:19.097Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Advisories/SQUID-2014_4.txt", }, { name: "SUSE-SU-2016:1996", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", }, { name: "60242", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/60242", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.novell.com/show_bug.cgi?id=891268", }, { name: "[oss-security] 20140916 Re: Re: CVE-Request: squid pinger remote DoS", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://seclists.org/oss-sec/2014/q3/613", }, { name: "[oss-security] 20140909 CVE-Request: squid pinger remote DoS", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://seclists.org/oss-sec/2014/q3/539", }, { name: "70022", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/70022", }, { name: "USN-2422-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://ubuntu.com/usn/usn-2422-1", }, { name: "SUSE-SU-2016:2089", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "[oss-security] 20140922 Re: CVE-Request: squid pinger remote DoS", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://seclists.org/oss-sec/2014/q3/626", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-09-09T00:00:00", descriptions: [ { lang: "en", value: "The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-25T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Advisories/SQUID-2014_4.txt", }, { name: "SUSE-SU-2016:1996", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", }, { name: "60242", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/60242", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.novell.com/show_bug.cgi?id=891268", }, { name: "[oss-security] 20140916 Re: Re: CVE-Request: squid pinger remote DoS", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://seclists.org/oss-sec/2014/q3/613", }, { name: "[oss-security] 20140909 CVE-Request: squid pinger remote DoS", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://seclists.org/oss-sec/2014/q3/539", }, { name: "70022", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/70022", }, { name: "USN-2422-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://ubuntu.com/usn/usn-2422-1", }, { name: "SUSE-SU-2016:2089", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "[oss-security] 20140922 Re: CVE-Request: squid pinger remote DoS", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://seclists.org/oss-sec/2014/q3/626", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2014-7142", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.squid-cache.org/Advisories/SQUID-2014_4.txt", refsource: "CONFIRM", url: "http://www.squid-cache.org/Advisories/SQUID-2014_4.txt", }, { name: "SUSE-SU-2016:1996", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { name: "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", }, { name: "60242", refsource: "SECUNIA", url: "http://secunia.com/advisories/60242", }, { name: "https://bugzilla.novell.com/show_bug.cgi?id=891268", refsource: "CONFIRM", url: "https://bugzilla.novell.com/show_bug.cgi?id=891268", }, { name: "[oss-security] 20140916 Re: Re: CVE-Request: squid pinger remote DoS", refsource: "MLIST", url: "http://seclists.org/oss-sec/2014/q3/613", }, { name: "[oss-security] 20140909 CVE-Request: squid pinger remote DoS", refsource: "MLIST", url: "http://seclists.org/oss-sec/2014/q3/539", }, { name: "70022", refsource: "BID", url: "http://www.securityfocus.com/bid/70022", }, { name: "USN-2422-1", refsource: "UBUNTU", url: "http://ubuntu.com/usn/usn-2422-1", }, { name: "SUSE-SU-2016:2089", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "[oss-security] 20140922 Re: CVE-Request: squid pinger remote DoS", refsource: "MLIST", url: "http://seclists.org/oss-sec/2014/q3/626", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2014-7142", datePublished: "2014-11-26T15:00:00", dateReserved: "2014-09-22T00:00:00", dateUpdated: "2024-08-06T12:40:19.097Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-4051
Vulnerability from cvelistv5
Published
2016-04-25 14:00
Modified
2024-08-06 00:17
Severity ?
EPSS score ?
Summary
Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:17:30.083Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "GLSA-201607-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201607-01", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_5.txt", }, { name: "SUSE-SU-2016:1996", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { name: "1035646", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035646", }, { name: "[oss-security] 20160421 CVE Request: Squid HTTP Caching Proxy multiple issues", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/04/20/6", }, { name: "USN-2995-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2995-1", }, { name: "RHSA-2016:1140", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:1140", }, { name: "openSUSE-SU-2016:2081", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { name: "RHSA-2016:1138", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:1138", }, { name: "91787", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/91787", }, { name: "RHSA-2016:1139", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:1139", }, { name: "SUSE-SU-2016:2089", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "[oss-security] 20160420 Re: CVE Request: Squid HTTP Caching Proxy multiple issues", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/04/20/9", }, { name: "DSA-3625", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3625", }, { name: "86788", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/86788", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-04-20T00:00:00", descriptions: [ { lang: "en", value: "Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-28T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "GLSA-201607-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201607-01", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_5.txt", }, { name: "SUSE-SU-2016:1996", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { name: "1035646", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035646", }, { name: "[oss-security] 20160421 CVE Request: Squid HTTP Caching Proxy multiple issues", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/04/20/6", }, { name: "USN-2995-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2995-1", }, { name: "RHSA-2016:1140", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:1140", }, { name: "openSUSE-SU-2016:2081", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { name: "RHSA-2016:1138", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:1138", }, { name: "91787", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/91787", }, { name: "RHSA-2016:1139", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:1139", }, { name: "SUSE-SU-2016:2089", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "[oss-security] 20160420 Re: CVE Request: Squid HTTP Caching Proxy multiple issues", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/04/20/9", }, { name: "DSA-3625", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3625", }, { name: "86788", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/86788", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-4051", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "GLSA-201607-01", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201607-01", }, { name: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { name: "http://www.squid-cache.org/Advisories/SQUID-2016_5.txt", refsource: "CONFIRM", url: "http://www.squid-cache.org/Advisories/SQUID-2016_5.txt", }, { name: "SUSE-SU-2016:1996", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { name: "1035646", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035646", }, { name: "[oss-security] 20160421 CVE Request: Squid HTTP Caching Proxy multiple issues", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/04/20/6", }, { name: "USN-2995-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2995-1", }, { name: "RHSA-2016:1140", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:1140", }, { name: "openSUSE-SU-2016:2081", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { name: "RHSA-2016:1138", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:1138", }, { name: "91787", refsource: "BID", url: "http://www.securityfocus.com/bid/91787", }, { name: "RHSA-2016:1139", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:1139", }, { name: "SUSE-SU-2016:2089", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "[oss-security] 20160420 Re: CVE Request: Squid HTTP Caching Proxy multiple issues", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/04/20/9", }, { name: "DSA-3625", refsource: "DEBIAN", url: "http://www.debian.org/security/2016/dsa-3625", }, { name: "86788", refsource: "BID", url: "http://www.securityfocus.com/bid/86788", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-4051", datePublished: "2016-04-25T14:00:00", dateReserved: "2016-04-20T00:00:00", dateUpdated: "2024-08-06T00:17:30.083Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37894
Vulnerability from cvelistv5
Published
2024-06-25 19:39
Modified
2025-02-13 17:53
Severity ?
EPSS score ?
Summary
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| squid-cache | squid |
Version: >= 3.0, <= 3.5.28 Version: >= 4.0, <= 4.16 Version: >= 5.0, <= 5.9 Version: >= 6.0, <= 6.9 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37894", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-26T14:07:04.077026Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-26T14:07:11.424Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:57:39.982Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/squid-cache/squid/security/advisories/GHSA-wgvf-q977-9xjg", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-wgvf-q977-9xjg", }, { name: "https://github.com/squid-cache/squid/commit/f411fe7d75197852f0e5ee85027a06d58dd8df4c.patch", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/squid-cache/squid/commit/f411fe7d75197852f0e5ee85027a06d58dd8df4c.patch", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240719-0001/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "squid", vendor: "squid-cache", versions: [ { status: "affected", version: ">= 3.0, <= 3.5.28", }, { status: "affected", version: ">= 4.0, <= 4.16", }, { status: "affected", version: ">= 5.0, <= 5.9", }, { status: "affected", version: ">= 6.0, <= 6.9", }, ], }, ], descriptions: [ { lang: "en", value: "Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787: Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-19T13:06:23.373Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/squid-cache/squid/security/advisories/GHSA-wgvf-q977-9xjg", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-wgvf-q977-9xjg", }, { name: "https://github.com/squid-cache/squid/commit/f411fe7d75197852f0e5ee85027a06d58dd8df4c.patch", tags: [ "x_refsource_MISC", ], url: "https://github.com/squid-cache/squid/commit/f411fe7d75197852f0e5ee85027a06d58dd8df4c.patch", }, { url: "https://security.netapp.com/advisory/ntap-20240719-0001/", }, ], source: { advisory: "GHSA-wgvf-q977-9xjg", discovery: "UNKNOWN", }, title: "Squid vulnerable to heap corruption in ESI assign", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-37894", datePublished: "2024-06-25T19:39:02.376Z", dateReserved: "2024-06-10T19:54:41.361Z", dateUpdated: "2025-02-13T17:53:00.740Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-14059
Vulnerability from cvelistv5
Published
2020-06-30 18:23
Modified
2024-08-04 12:32
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid 5.x before 5.0.3. Due to an Incorrect Synchronization, a Denial of Service can occur when processing objects in an SMP cache because of an Ipc::Mem::PageStack::pop ABA problem during access to the memory page/slot management list.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.squid-cache.org/Versions/v5/changesets/squid-5-7a5af8db8e0377c06ed9ffbdcb1334389c7cd8ab.patch | x_refsource_MISC | |
| http://www.squid-cache.org/Advisories/SQUID-2020_5.txt | x_refsource_CONFIRM | |
| https://security.netapp.com/advisory/ntap-20210312-0001/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:32:14.706Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v5/changesets/squid-5-7a5af8db8e0377c06ed9ffbdcb1334389c7cd8ab.patch", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Advisories/SQUID-2020_5.txt", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210312-0001/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2020-06-19T00:00:00", descriptions: [ { lang: "en", value: "An issue was discovered in Squid 5.x before 5.0.3. Due to an Incorrect Synchronization, a Denial of Service can occur when processing objects in an SMP cache because of an Ipc::Mem::PageStack::pop ABA problem during access to the memory page/slot management list.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-03-12T12:06:30", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/Versions/v5/changesets/squid-5-7a5af8db8e0377c06ed9ffbdcb1334389c7cd8ab.patch", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Advisories/SQUID-2020_5.txt", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210312-0001/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-14059", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Squid 5.x before 5.0.3. Due to an Incorrect Synchronization, a Denial of Service can occur when processing objects in an SMP cache because of an Ipc::Mem::PageStack::pop ABA problem during access to the memory page/slot management list.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.squid-cache.org/Versions/v5/changesets/squid-5-7a5af8db8e0377c06ed9ffbdcb1334389c7cd8ab.patch", refsource: "MISC", url: "http://www.squid-cache.org/Versions/v5/changesets/squid-5-7a5af8db8e0377c06ed9ffbdcb1334389c7cd8ab.patch", }, { name: "http://www.squid-cache.org/Advisories/SQUID-2020_5.txt", refsource: "CONFIRM", url: "http://www.squid-cache.org/Advisories/SQUID-2020_5.txt", }, { name: "https://security.netapp.com/advisory/ntap-20210312-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210312-0001/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-14059", datePublished: "2020-06-30T18:23:39", dateReserved: "2020-06-13T00:00:00", dateUpdated: "2024-08-04T12:32:14.706Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-19131
Vulnerability from cvelistv5
Published
2018-11-09 11:00
Modified
2024-09-16 18:33
Severity ?
EPSS score ?
Summary
Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.squid-cache.org/Versions/v5/changesets/squid-5-6feeb15ff312f3e145763adf8d234ed6a0b3f11d.patch | x_refsource_MISC | |
| http://www.squid-cache.org/Advisories/SQUID-2018_4.txt | x_refsource_MISC | |
| https://github.com/squid-cache/squid/pull/306 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T11:30:04.024Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v5/changesets/squid-5-6feeb15ff312f3e145763adf8d234ed6a0b3f11d.patch", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/Advisories/SQUID-2018_4.txt", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/squid-cache/squid/pull/306", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-11-09T11:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/Versions/v5/changesets/squid-5-6feeb15ff312f3e145763adf8d234ed6a0b3f11d.patch", }, { tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/Advisories/SQUID-2018_4.txt", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/squid-cache/squid/pull/306", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-19131", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.squid-cache.org/Versions/v5/changesets/squid-5-6feeb15ff312f3e145763adf8d234ed6a0b3f11d.patch", refsource: "MISC", url: "http://www.squid-cache.org/Versions/v5/changesets/squid-5-6feeb15ff312f3e145763adf8d234ed6a0b3f11d.patch", }, { name: "http://www.squid-cache.org/Advisories/SQUID-2018_4.txt", refsource: "MISC", url: "http://www.squid-cache.org/Advisories/SQUID-2018_4.txt", }, { name: "https://github.com/squid-cache/squid/pull/306", refsource: "MISC", url: "https://github.com/squid-cache/squid/pull/306", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-19131", datePublished: "2018-11-09T11:00:00Z", dateReserved: "2018-11-09T00:00:00Z", dateUpdated: "2024-09-16T18:33:29.179Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-18679
Vulnerability from cvelistv5
Published
2019-11-26 16:14
Modified
2024-08-05 02:02
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:02:39.623Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/squid-cache/squid/pull/491", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1156324", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Advisories/SQUID-2019_11.txt", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch", }, { name: "USN-4213-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4213-1/", }, { name: "FEDORA-2019-0b16cbdd0e", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/", }, { name: "FEDORA-2019-9538783033", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/", }, { name: "[debian-lts-announce] 20191210 [SECURITY] [DLA 2028-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html", }, { name: "GLSA-202003-34", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202003-34", }, { name: "DSA-4682", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4682", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-10T23:06:12", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/squid-cache/squid/pull/491", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1156324", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Advisories/SQUID-2019_11.txt", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch", }, { name: "USN-4213-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4213-1/", }, { name: "FEDORA-2019-0b16cbdd0e", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/", }, { name: "FEDORA-2019-9538783033", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/", }, { name: "[debian-lts-announce] 20191210 [SECURITY] [DLA 2028-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html", }, { name: "GLSA-202003-34", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202003-34", }, { name: "DSA-4682", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4682", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-18679", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/squid-cache/squid/pull/491", refsource: "MISC", url: "https://github.com/squid-cache/squid/pull/491", }, { name: "https://bugzilla.suse.com/show_bug.cgi?id=1156324", refsource: "CONFIRM", url: "https://bugzilla.suse.com/show_bug.cgi?id=1156324", }, { name: "http://www.squid-cache.org/Advisories/SQUID-2019_11.txt", refsource: "CONFIRM", url: "http://www.squid-cache.org/Advisories/SQUID-2019_11.txt", }, { name: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch", refsource: "CONFIRM", url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch", }, { name: "USN-4213-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4213-1/", }, { name: "FEDORA-2019-0b16cbdd0e", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/", }, { name: "FEDORA-2019-9538783033", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/", }, { name: "[debian-lts-announce] 20191210 [SECURITY] [DLA 2028-1] squid3 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html", }, { name: "GLSA-202003-34", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202003-34", }, { name: "DSA-4682", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4682", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-18679", datePublished: "2019-11-26T16:14:03", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-05T02:02:39.623Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-28662
Vulnerability from cvelistv5
Published
2021-05-27 00:00
Modified
2024-08-03 21:47
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain response header over HTTP or HTTPS, there is a denial of service. This header can plausibly occur in benign network traffic.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T21:47:33.054Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-jjq6-mh2h-g39h", }, { tags: [ "x_transferred", ], url: "https://github.com/squid-cache/squid/commit/051824924c709bd6162a378f746fb859454c674e", }, { tags: [ "x_transferred", ], url: "http://www.squid-cache.org/Versions/v6/changesets/squid-6-051824924c709bd6162a378f746fb859454c674e.patch", }, { name: "DSA-4924", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2021/dsa-4924", }, { name: "FEDORA-2021-c0bec55ec7", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/", }, { name: "FEDORA-2021-24af72ff2c", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/", }, { name: "[oss-security] 20231011 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/11/3", }, { name: "20231016 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2023/Oct/14", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain response header over HTTP or HTTPS, there is a denial of service. This header can plausibly occur in benign network traffic.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-17T04:06:18.298369", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/squid-cache/squid/security/advisories/GHSA-jjq6-mh2h-g39h", }, { url: "https://github.com/squid-cache/squid/commit/051824924c709bd6162a378f746fb859454c674e", }, { url: "http://www.squid-cache.org/Versions/v6/changesets/squid-6-051824924c709bd6162a378f746fb859454c674e.patch", }, { name: "DSA-4924", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2021/dsa-4924", }, { name: "FEDORA-2021-c0bec55ec7", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/", }, { name: "FEDORA-2021-24af72ff2c", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/", }, { name: "[oss-security] 20231011 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/10/11/3", }, { name: "20231016 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2023/Oct/14", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-28662", datePublished: "2021-05-27T00:00:00", dateReserved: "2021-03-18T00:00:00", dateUpdated: "2024-08-03T21:47:33.054Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-18676
Vulnerability from cvelistv5
Published
2019-11-26 16:23
Modified
2024-08-05 01:54
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incorrect input validation, there is a heap-based buffer overflow that can result in Denial of Service to all clients using the proxy. Severity is high due to this vulnerability occurring before normal security checks; any remote client that can reach the proxy port can trivially perform the attack via a crafted URI scheme.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/squid-cache/squid/pull/275 | x_refsource_MISC | |
| http://www.squid-cache.org/Advisories/SQUID-2019_8.txt | x_refsource_CONFIRM | |
| https://bugzilla.suse.com/show_bug.cgi?id=1156329 | x_refsource_CONFIRM | |
| http://www.squid-cache.org/Versions/v4/changesets/squid-4-fbbdf75efd7a5cc244b4886a9d42ea458c5a3a73.patch | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/4213-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/ | vendor-advisory, x_refsource_FEDORA | |
| https://www.debian.org/security/2020/dsa-4682 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html | mailing-list, x_refsource_MLIST | |
| https://usn.ubuntu.com/4446-1/ | vendor-advisory, x_refsource_UBUNTU |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T01:54:14.482Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/squid-cache/squid/pull/275", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Advisories/SQUID-2019_8.txt", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1156329", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-fbbdf75efd7a5cc244b4886a9d42ea458c5a3a73.patch", }, { name: "USN-4213-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4213-1/", }, { name: "FEDORA-2019-0b16cbdd0e", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/", }, { name: "FEDORA-2019-9538783033", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/", }, { name: "DSA-4682", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4682", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { name: "USN-4446-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4446-1/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incorrect input validation, there is a heap-based buffer overflow that can result in Denial of Service to all clients using the proxy. Severity is high due to this vulnerability occurring before normal security checks; any remote client that can reach the proxy port can trivially perform the attack via a crafted URI scheme.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-08-05T19:06:07", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/squid-cache/squid/pull/275", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Advisories/SQUID-2019_8.txt", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1156329", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-fbbdf75efd7a5cc244b4886a9d42ea458c5a3a73.patch", }, { name: "USN-4213-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4213-1/", }, { name: "FEDORA-2019-0b16cbdd0e", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/", }, { name: "FEDORA-2019-9538783033", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/", }, { name: "DSA-4682", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4682", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { name: "USN-4446-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4446-1/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-18676", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incorrect input validation, there is a heap-based buffer overflow that can result in Denial of Service to all clients using the proxy. Severity is high due to this vulnerability occurring before normal security checks; any remote client that can reach the proxy port can trivially perform the attack via a crafted URI scheme.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/squid-cache/squid/pull/275", refsource: "MISC", url: "https://github.com/squid-cache/squid/pull/275", }, { name: "http://www.squid-cache.org/Advisories/SQUID-2019_8.txt", refsource: "CONFIRM", url: "http://www.squid-cache.org/Advisories/SQUID-2019_8.txt", }, { name: "https://bugzilla.suse.com/show_bug.cgi?id=1156329", refsource: "CONFIRM", url: "https://bugzilla.suse.com/show_bug.cgi?id=1156329", }, { name: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-fbbdf75efd7a5cc244b4886a9d42ea458c5a3a73.patch", refsource: "CONFIRM", url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-fbbdf75efd7a5cc244b4886a9d42ea458c5a3a73.patch", }, { name: "USN-4213-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4213-1/", }, { name: "FEDORA-2019-0b16cbdd0e", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/", }, { name: "FEDORA-2019-9538783033", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/", }, { name: "DSA-4682", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4682", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { name: "USN-4446-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4446-1/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-18676", datePublished: "2019-11-26T16:23:49", dateReserved: "2019-11-04T00:00:00", dateUpdated: "2024-08-05T01:54:14.482Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-12524
Vulnerability from cvelistv5
Published
2020-04-15 18:35
Modified
2024-08-04 23:24
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is implemented via url_regex. The handler for url_regex rules URL decodes an incoming request. This allows an attacker to encode their URL to bypass the url_regex check, and gain access to the blocked resource.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12524.txt | x_refsource_MISC | |
| https://www.debian.org/security/2020/dsa-4682 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html | mailing-list, x_refsource_MLIST | |
| https://usn.ubuntu.com/4446-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://security.netapp.com/advisory/ntap-20210205-0006/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:24:38.617Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12524.txt", }, { name: "DSA-4682", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4682", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { name: "USN-4446-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4446-1/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210205-0006/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is implemented via url_regex. The handler for url_regex rules URL decodes an incoming request. This allows an attacker to encode their URL to bypass the url_regex check, and gain access to the blocked resource.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-02-05T11:06:15", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12524.txt", }, { name: "DSA-4682", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4682", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { name: "USN-4446-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4446-1/", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210205-0006/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-12524", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is implemented via url_regex. The handler for url_regex rules URL decodes an incoming request. This allows an attacker to encode their URL to bypass the url_regex check, and gain access to the blocked resource.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12524.txt", refsource: "MISC", url: "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12524.txt", }, { name: "DSA-4682", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4682", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, { name: "USN-4446-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4446-1/", }, { name: "https://security.netapp.com/advisory/ntap-20210205-0006/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210205-0006/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-12524", datePublished: "2020-04-15T18:35:11", dateReserved: "2019-06-02T00:00:00", dateUpdated: "2024-08-04T23:24:38.617Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-4053
Vulnerability from cvelistv5
Published
2016-04-25 14:00
Modified
2024-08-06 00:17
Severity ?
EPSS score ?
Summary
Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:17:30.656Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_6.txt", }, { name: "GLSA-201607-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201607-01", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { name: "SUSE-SU-2016:1996", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { name: "[oss-security] 20160421 CVE Request: Squid HTTP Caching Proxy multiple issues", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/04/20/6", }, { name: "USN-2995-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2995-1", }, { name: "RHSA-2016:1140", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:1140", }, { name: "openSUSE-SU-2016:2081", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { name: "RHSA-2016:1138", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:1138", }, { name: "91787", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/91787", }, { name: "RHSA-2016:1139", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2016:1139", }, { name: "SUSE-SU-2016:2089", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "[oss-security] 20160420 Re: CVE Request: Squid HTTP Caching Proxy multiple issues", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/04/20/9", }, { name: "1035647", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035647", }, { name: "DSA-3625", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2016/dsa-3625", }, { name: "86788", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/86788", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-04-20T00:00:00", descriptions: [ { lang: "en", value: "Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-28T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Advisories/SQUID-2016_6.txt", }, { name: "GLSA-201607-01", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201607-01", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { name: "SUSE-SU-2016:1996", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { name: "[oss-security] 20160421 CVE Request: Squid HTTP Caching Proxy multiple issues", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/04/20/6", }, { name: "USN-2995-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2995-1", }, { name: "RHSA-2016:1140", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:1140", }, { name: "openSUSE-SU-2016:2081", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { name: "RHSA-2016:1138", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:1138", }, { name: "91787", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/91787", }, { name: "RHSA-2016:1139", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2016:1139", }, { name: "SUSE-SU-2016:2089", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "[oss-security] 20160420 Re: CVE Request: Squid HTTP Caching Proxy multiple issues", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/04/20/9", }, { name: "1035647", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035647", }, { name: "DSA-3625", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2016/dsa-3625", }, { name: "86788", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/86788", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-4053", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.squid-cache.org/Advisories/SQUID-2016_6.txt", refsource: "CONFIRM", url: "http://www.squid-cache.org/Advisories/SQUID-2016_6.txt", }, { name: "GLSA-201607-01", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201607-01", }, { name: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html", }, { name: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", refsource: "CONFIRM", url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", }, { name: "SUSE-SU-2016:1996", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html", }, { name: "[oss-security] 20160421 CVE Request: Squid HTTP Caching Proxy multiple issues", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/04/20/6", }, { name: "USN-2995-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2995-1", }, { name: "RHSA-2016:1140", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:1140", }, { name: "openSUSE-SU-2016:2081", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html", }, { name: "RHSA-2016:1138", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:1138", }, { name: "91787", refsource: "BID", url: "http://www.securityfocus.com/bid/91787", }, { name: "RHSA-2016:1139", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2016:1139", }, { name: "SUSE-SU-2016:2089", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html", }, { name: "[oss-security] 20160420 Re: CVE Request: Squid HTTP Caching Proxy multiple issues", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/04/20/9", }, { name: "1035647", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035647", }, { name: "DSA-3625", refsource: "DEBIAN", url: "http://www.debian.org/security/2016/dsa-3625", }, { name: "86788", refsource: "BID", url: "http://www.securityfocus.com/bid/86788", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-4053", datePublished: "2016-04-25T14:00:00", dateReserved: "2016-04-20T00:00:00", dateUpdated: "2024-08-06T00:17:30.656Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-28652
Vulnerability from cvelistv5
Published
2021-05-27 00:00
Modified
2024-08-03 21:47
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unspecified short query string. This attack is limited to clients with Cache Manager API access privilege.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T21:47:33.045Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugs.squid-cache.org/show_bug.cgi?id=5106", }, { tags: [ "x_transferred", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-m47m-9hvw-7447", }, { name: "DSA-4924", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2021/dsa-4924", }, { name: "FEDORA-2021-c0bec55ec7", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/", }, { name: "FEDORA-2021-24af72ff2c", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/", }, { name: "[debian-lts-announce] 20210614 [SECURITY] [DLA 2685-1] squid3 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html", }, { name: "[oss-security] 20231011 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/11/3", }, { name: "20231016 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2023/Oct/14", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unspecified short query string. This attack is limited to clients with Cache Manager API access privilege.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-17T04:06:13.161891", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://bugs.squid-cache.org/show_bug.cgi?id=5106", }, { url: "https://github.com/squid-cache/squid/security/advisories/GHSA-m47m-9hvw-7447", }, { name: "DSA-4924", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2021/dsa-4924", }, { name: "FEDORA-2021-c0bec55ec7", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/", }, { name: "FEDORA-2021-24af72ff2c", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/", }, { name: "[debian-lts-announce] 20210614 [SECURITY] [DLA 2685-1] squid3 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html", }, { name: "[oss-security] 20231011 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/10/11/3", }, { name: "20231016 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2023/Oct/14", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-28652", datePublished: "2021-05-27T00:00:00", dateReserved: "2021-03-17T00:00:00", dateUpdated: "2024-08-03T21:47:33.045Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-8517
Vulnerability from cvelistv5
Published
2020-02-04 19:54
Modified
2024-08-04 10:03
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating and a denial of service for all clients using the proxy.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.squid-cache.org/Advisories/SQUID-2020_3.txt | x_refsource_MISC | |
| http://www.squid-cache.org/Versions/v4/changesets/squid-4-6982f1187a26557e582172965e266f544ea562a5.patch | x_refsource_MISC | |
| https://usn.ubuntu.com/4289-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html | vendor-advisory, x_refsource_SUSE | |
| https://security.gentoo.org/glsa/202003-34 | vendor-advisory, x_refsource_GENTOO | |
| http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html | vendor-advisory, x_refsource_SUSE | |
| https://security.netapp.com/advisory/ntap-20210304-0002/ | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T10:03:46.372Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/Advisories/SQUID-2020_3.txt", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-6982f1187a26557e582172965e266f544ea562a5.patch", }, { name: "USN-4289-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4289-1/", }, { name: "openSUSE-SU-2020:0307", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html", }, { name: "GLSA-202003-34", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202003-34", }, { name: "openSUSE-SU-2020:0606", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html", }, { name: "openSUSE-SU-2020:0623", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210304-0002/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating and a denial of service for all clients using the proxy.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-03-04T12:06:28", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/Advisories/SQUID-2020_3.txt", }, { tags: [ "x_refsource_MISC", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-6982f1187a26557e582172965e266f544ea562a5.patch", }, { name: "USN-4289-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4289-1/", }, { name: "openSUSE-SU-2020:0307", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html", }, { name: "GLSA-202003-34", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202003-34", }, { name: "openSUSE-SU-2020:0606", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html", }, { name: "openSUSE-SU-2020:0623", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210304-0002/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-8517", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating and a denial of service for all clients using the proxy.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.squid-cache.org/Advisories/SQUID-2020_3.txt", refsource: "MISC", url: "http://www.squid-cache.org/Advisories/SQUID-2020_3.txt", }, { name: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-6982f1187a26557e582172965e266f544ea562a5.patch", refsource: "MISC", url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-6982f1187a26557e582172965e266f544ea562a5.patch", }, { name: "USN-4289-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4289-1/", }, { name: "openSUSE-SU-2020:0307", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html", }, { name: "GLSA-202003-34", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202003-34", }, { name: "openSUSE-SU-2020:0606", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html", }, { name: "openSUSE-SU-2020:0623", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html", }, { name: "https://security.netapp.com/advisory/ntap-20210304-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210304-0002/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-8517", datePublished: "2020-02-04T19:54:31", dateReserved: "2020-02-02T00:00:00", dateUpdated: "2024-08-04T10:03:46.372Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-33620
Vulnerability from cvelistv5
Published
2021-05-28 00:00
Modified
2024-08-03 23:58
Severity ?
EPSS score ?
Summary
Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T23:58:21.468Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-572g-rvwr-6c7f", }, { tags: [ "x_transferred", ], url: "http://www.squid-cache.org/Versions/v5/changesets/squid-5-8af775ed98bfd610f9ce762fe177e01b2675588c.patch", }, { tags: [ "x_transferred", ], url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-1e05a85bd28c22c9ca5d3ac9f5e86d6269ec0a8c.patch", }, { name: "FEDORA-2021-c0bec55ec7", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/", }, { name: "FEDORA-2021-24af72ff2c", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/", }, { name: "[debian-lts-announce] 20210614 [SECURITY] [DLA 2685-1] squid3 security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html", }, { name: "[oss-security] 20231011 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/11/3", }, { name: "20231016 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2023/Oct/14", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:L/S:U/UI:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-17T04:06:14.805254", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/squid-cache/squid/security/advisories/GHSA-572g-rvwr-6c7f", }, { url: "http://www.squid-cache.org/Versions/v5/changesets/squid-5-8af775ed98bfd610f9ce762fe177e01b2675588c.patch", }, { url: "http://www.squid-cache.org/Versions/v4/changesets/squid-4-1e05a85bd28c22c9ca5d3ac9f5e86d6269ec0a8c.patch", }, { name: "FEDORA-2021-c0bec55ec7", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/", }, { name: "FEDORA-2021-24af72ff2c", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/", }, { name: "[debian-lts-announce] 20210614 [SECURITY] [DLA 2685-1] squid3 security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html", }, { name: "[oss-security] 20231011 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2023/10/11/3", }, { name: "20231016 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2023/Oct/14", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-33620", datePublished: "2021-05-28T00:00:00", dateReserved: "2021-05-28T00:00:00", dateUpdated: "2024-08-03T23:58:21.468Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-49288
Vulnerability from cvelistv5
Published
2023-12-04 22:49
Modified
2025-02-13 17:18
Severity ?
EPSS score ?
Summary
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with "collapsed_forwarding on" are vulnerable. Configurations with "collapsed_forwarding off" or without a "collapsed_forwarding" directive are not vulnerable. This bug is fixed by Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should remove all collapsed_forwarding lines from their squid.conf.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| squid-cache | squid |
Version: >= 3.5, < 6.0.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T21:53:44.876Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/squid-cache/squid/security/advisories/GHSA-rj5h-46j6-q2g5", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-rj5h-46j6-q2g5", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240119-0006/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-49288", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-15T17:28:35.294191Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-15T17:38:43.439Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "squid", vendor: "squid-cache", versions: [ { status: "affected", version: ">= 3.5, < 6.0.1", }, ], }, ], descriptions: [ { lang: "en", value: "Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with \"collapsed_forwarding on\" are vulnerable. Configurations with \"collapsed_forwarding off\" or without a \"collapsed_forwarding\" directive are not vulnerable. This bug is fixed by Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should remove all collapsed_forwarding lines from their squid.conf.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.6, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-19T16:06:26.067Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/squid-cache/squid/security/advisories/GHSA-rj5h-46j6-q2g5", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-rj5h-46j6-q2g5", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/", }, { url: "https://security.netapp.com/advisory/ntap-20240119-0006/", }, ], source: { advisory: "GHSA-rj5h-46j6-q2g5", discovery: "UNKNOWN", }, title: "Denial of Service in HTTP Collapsed Forwarding in Squid", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-49288", datePublished: "2023-12-04T22:49:31.317Z", dateReserved: "2023-11-24T16:45:24.312Z", dateUpdated: "2025-02-13T17:18:39.710Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-12528
Vulnerability from cvelistv5
Published
2020-02-04 20:07
Modified
2024-08-04 23:24
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:24:38.601Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.squid-cache.org/Advisories/SQUID-2020_2.txt", }, { name: "USN-4289-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4289-1/", }, { name: "openSUSE-SU-2020:0307", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html", }, { name: "GLSA-202003-34", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202003-34", }, { name: "FEDORA-2020-ab8e7463ab", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/", }, { name: "FEDORA-2020-790296a8f4", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/", }, { name: "openSUSE-SU-2020:0606", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html", }, { name: "DSA-4682", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2020/dsa-4682", }, { name: "openSUSE-SU-2020:0623", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-10T23:06:17", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.squid-cache.org/Advisories/SQUID-2020_2.txt", }, { name: "USN-4289-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4289-1/", }, { name: "openSUSE-SU-2020:0307", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html", }, { name: "GLSA-202003-34", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202003-34", }, { name: "FEDORA-2020-ab8e7463ab", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/", }, { name: "FEDORA-2020-790296a8f4", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/", }, { name: "openSUSE-SU-2020:0606", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html", }, { name: "DSA-4682", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2020/dsa-4682", }, { name: "openSUSE-SU-2020:0623", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-12528", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.squid-cache.org/Advisories/SQUID-2020_2.txt", refsource: "CONFIRM", url: "http://www.squid-cache.org/Advisories/SQUID-2020_2.txt", }, { name: "USN-4289-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4289-1/", }, { name: "openSUSE-SU-2020:0307", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html", }, { name: "GLSA-202003-34", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202003-34", }, { name: "FEDORA-2020-ab8e7463ab", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/", }, { name: "FEDORA-2020-790296a8f4", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/", }, { name: "openSUSE-SU-2020:0606", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html", }, { name: "DSA-4682", refsource: "DEBIAN", url: "https://www.debian.org/security/2020/dsa-4682", }, { name: "openSUSE-SU-2020:0623", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-12528", datePublished: "2020-02-04T20:07:15", dateReserved: "2019-06-02T00:00:00", dateUpdated: "2024-08-04T23:24:38.601Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-13345
Vulnerability from cvelistv5
Published
2019-07-05 15:45
Modified
2024-08-04 23:49
Severity ?
EPSS score ?
Summary
The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:49:24.644Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/squid-cache/squid/pull/429", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugs.squid-cache.org/show_bug.cgi?id=4957", }, { name: "[debian-lts-announce] 20190707 [SECURITY] [DLA 1847-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00006.html", }, { name: "USN-4059-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4059-1/", }, { name: "USN-4059-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/4059-2/", }, { name: "109095", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/109095", }, { name: "FEDORA-2019-c1e06901bc", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X2ERPHSPUGOYVVRPQRASQBFGS2EJISFC/", }, { name: "FEDORA-2019-cb50bcc189", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/", }, { name: "openSUSE-SU-2019:1963", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00067.html", }, { name: "DSA-4507", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2019/dsa-4507", }, { name: "20190825 [SECURITY] [DSA 4507-1] squid security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "https://seclists.org/bugtraq/2019/Aug/42", }, { name: "RHSA-2019:3476", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2019:3476", }, { name: "openSUSE-SU-2019:2540", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html", }, { name: "openSUSE-SU-2019:2541", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-10T23:06:14", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/squid-cache/squid/pull/429", }, { tags: [ "x_refsource_MISC", ], url: "https://bugs.squid-cache.org/show_bug.cgi?id=4957", }, { name: "[debian-lts-announce] 20190707 [SECURITY] [DLA 1847-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00006.html", }, { name: "USN-4059-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4059-1/", }, { name: "USN-4059-2", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/4059-2/", }, { name: "109095", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/109095", }, { name: "FEDORA-2019-c1e06901bc", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X2ERPHSPUGOYVVRPQRASQBFGS2EJISFC/", }, { name: "FEDORA-2019-cb50bcc189", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/", }, { name: "openSUSE-SU-2019:1963", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00067.html", }, { name: "DSA-4507", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2019/dsa-4507", }, { name: "20190825 [SECURITY] [DSA 4507-1] squid security update", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "https://seclists.org/bugtraq/2019/Aug/42", }, { name: "RHSA-2019:3476", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2019:3476", }, { name: "openSUSE-SU-2019:2540", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html", }, { name: "openSUSE-SU-2019:2541", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-13345", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/squid-cache/squid/pull/429", refsource: "MISC", url: "https://github.com/squid-cache/squid/pull/429", }, { name: "https://bugs.squid-cache.org/show_bug.cgi?id=4957", refsource: "MISC", url: "https://bugs.squid-cache.org/show_bug.cgi?id=4957", }, { name: "[debian-lts-announce] 20190707 [SECURITY] [DLA 1847-1] squid3 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2019/07/msg00006.html", }, { name: "USN-4059-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4059-1/", }, { name: "USN-4059-2", refsource: "UBUNTU", url: "https://usn.ubuntu.com/4059-2/", }, { name: "109095", refsource: "BID", url: "http://www.securityfocus.com/bid/109095", }, { name: "FEDORA-2019-c1e06901bc", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X2ERPHSPUGOYVVRPQRASQBFGS2EJISFC/", }, { name: "FEDORA-2019-cb50bcc189", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/", }, { name: "openSUSE-SU-2019:1963", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00067.html", }, { name: "DSA-4507", refsource: "DEBIAN", url: "https://www.debian.org/security/2019/dsa-4507", }, { name: "20190825 [SECURITY] [DSA 4507-1] squid security update", refsource: "BUGTRAQ", url: "https://seclists.org/bugtraq/2019/Aug/42", }, { name: "RHSA-2019:3476", refsource: "REDHAT", url: "https://access.redhat.com/errata/RHSA-2019:3476", }, { name: "openSUSE-SU-2019:2540", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html", }, { name: "openSUSE-SU-2019:2541", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html", }, { name: "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-13345", datePublished: "2019-07-05T15:45:45", dateReserved: "2019-07-05T00:00:00", dateUpdated: "2024-08-04T23:49:24.644Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-25617
Vulnerability from cvelistv5
Published
2024-02-14 20:55
Modified
2025-02-13 17:40
Severity ?
EPSS score ?
Summary
Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to perform Denial of Service when sending oversized headers in HTTP messages. In versions of Squid prior to 6.5 this can be achieved if the request_header_max_size or reply_header_max_size settings are unchanged from the default. In Squid version 6.5 and later, the default setting of these parameters is safe. Squid will emit a critical warning in cache.log if the administrator is setting these parameters to unsafe values. Squid will not at this time prevent these settings from being changed to unsafe values. Users are advised to upgrade to version 6.5. There are no known workarounds for this vulnerability. This issue is also tracked as SQUID-2024:2
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| squid-cache | squid |
Version: < 6.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T23:44:09.683Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/squid-cache/squid/security/advisories/GHSA-h5x6-w8mv-xfpr", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-h5x6-w8mv-xfpr", }, { name: "https://github.com/squid-cache/squid/commit/72a3bbd5e431597c3fdb56d752bc56b010ba3817", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/squid-cache/squid/commit/72a3bbd5e431597c3fdb56d752bc56b010ba3817", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240322-0006/", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "squid", vendor: "squid-cache", versions: [ { lessThan: "6.5", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-25617", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-16T18:04:53.172761Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-16T18:06:08.382Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "squid", vendor: "squid-cache", versions: [ { status: "affected", version: "< 6.5", }, ], }, ], descriptions: [ { lang: "en", value: "Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to perform Denial of Service when sending oversized headers in HTTP messages. In versions of Squid prior to 6.5 this can be achieved if the request_header_max_size or reply_header_max_size settings are unchanged from the default. In Squid version 6.5 and later, the default setting of these parameters is safe. Squid will emit a critical warning in cache.log if the administrator is setting these parameters to unsafe values. Squid will not at this time prevent these settings from being changed to unsafe values. Users are advised to upgrade to version 6.5. There are no known workarounds for this vulnerability. This issue is also tracked as SQUID-2024:2", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400: Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-182", description: "CWE-182: Collapse of Data into Unsafe Value", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-22T19:06:02.563Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/squid-cache/squid/security/advisories/GHSA-h5x6-w8mv-xfpr", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/squid-cache/squid/security/advisories/GHSA-h5x6-w8mv-xfpr", }, { name: "https://github.com/squid-cache/squid/commit/72a3bbd5e431597c3fdb56d752bc56b010ba3817", tags: [ "x_refsource_MISC", ], url: "https://github.com/squid-cache/squid/commit/72a3bbd5e431597c3fdb56d752bc56b010ba3817", }, { url: "https://security.netapp.com/advisory/ntap-20240322-0006/", }, ], source: { advisory: "GHSA-h5x6-w8mv-xfpr", discovery: "UNKNOWN", }, title: "Denial of Service in HTTP Header parser in squid proxy", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-25617", datePublished: "2024-02-14T20:55:52.004Z", dateReserved: "2024-02-08T22:26:33.510Z", dateUpdated: "2025-02-13T17:40:50.579Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }