Vulnerabilites related to squid-cache - squid
cve-2022-41317
Vulnerability from cvelistv5
Published
2022-12-25 00:00
Modified
2024-08-03 12:42
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:42:46.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-rcg9-7fqm-83mq"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_1.patch"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_1.patch"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2022/09/23/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-25T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-rcg9-7fqm-83mq"
},
{
"url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_1.patch"
},
{
"url": "http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_1.patch"
},
{
"url": "https://www.openwall.com/lists/oss-security/2022/09/23/1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-41317",
"datePublished": "2022-12-25T00:00:00",
"dateReserved": "2022-09-23T00:00:00",
"dateUpdated": "2024-08-03T12:42:46.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-11945
Vulnerability from cvelistv5
Published
2020-04-23 14:16
Modified
2024-08-04 11:42
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials).
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.741Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://master.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/pull/585"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/commit/eeebf0f37a72a2de08348e85ae34b02c34e9a811"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/04/23/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1170313"
},
{
"name": "DSA-4682",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"name": "openSUSE-SU-2020:0623",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html"
},
{
"name": "GLSA-202005-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202005-05"
},
{
"name": "FEDORA-2020-848065cc4c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4FWQRYZJPHAZBLXJ56FPCHJN5X2FP3VA/"
},
{
"name": "FEDORA-2020-a6a921a591",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RV2VZWFJNO3B56IVN56HHKJASG5DYUIX/"
},
{
"name": "FEDORA-2020-56e809930e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4MWXEZAJSOGRJSS2JCJK4WBSND4IV46/"
},
{
"name": "USN-4356-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4356-1/"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210304-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-04T12:06:30",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://master.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/squid-cache/squid/pull/585"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/squid-cache/squid/commit/eeebf0f37a72a2de08348e85ae34b02c34e9a811"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openwall.com/lists/oss-security/2020/04/23/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1170313"
},
{
"name": "DSA-4682",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"name": "openSUSE-SU-2020:0623",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html"
},
{
"name": "GLSA-202005-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202005-05"
},
{
"name": "FEDORA-2020-848065cc4c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4FWQRYZJPHAZBLXJ56FPCHJN5X2FP3VA/"
},
{
"name": "FEDORA-2020-a6a921a591",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RV2VZWFJNO3B56IVN56HHKJASG5DYUIX/"
},
{
"name": "FEDORA-2020-56e809930e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4MWXEZAJSOGRJSS2JCJK4WBSND4IV46/"
},
{
"name": "USN-4356-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4356-1/"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210304-0004/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11945",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch",
"refsource": "MISC",
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch"
},
{
"name": "http://master.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch",
"refsource": "MISC",
"url": "http://master.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch"
},
{
"name": "https://github.com/squid-cache/squid/pull/585",
"refsource": "MISC",
"url": "https://github.com/squid-cache/squid/pull/585"
},
{
"name": "https://github.com/squid-cache/squid/commit/eeebf0f37a72a2de08348e85ae34b02c34e9a811",
"refsource": "MISC",
"url": "https://github.com/squid-cache/squid/commit/eeebf0f37a72a2de08348e85ae34b02c34e9a811"
},
{
"name": "http://www.openwall.com/lists/oss-security/2020/04/23/2",
"refsource": "CONFIRM",
"url": "http://www.openwall.com/lists/oss-security/2020/04/23/2"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1170313",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1170313"
},
{
"name": "DSA-4682",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"name": "openSUSE-SU-2020:0623",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html"
},
{
"name": "GLSA-202005-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202005-05"
},
{
"name": "FEDORA-2020-848065cc4c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4FWQRYZJPHAZBLXJ56FPCHJN5X2FP3VA/"
},
{
"name": "FEDORA-2020-a6a921a591",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RV2VZWFJNO3B56IVN56HHKJASG5DYUIX/"
},
{
"name": "FEDORA-2020-56e809930e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4MWXEZAJSOGRJSS2JCJK4WBSND4IV46/"
},
{
"name": "USN-4356-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4356-1/"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210304-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210304-0004/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11945",
"datePublished": "2020-04-23T14:16:55",
"dateReserved": "2020-04-20T00:00:00",
"dateUpdated": "2024-08-04T11:42:00.741Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0128
Vulnerability from cvelistv5
Published
2014-04-14 15:00
Modified
2024-08-06 09:05
Severity ?
EPSS score ?
Summary
Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2014-04/msg00030.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-updates/2014-04/msg00060.html | vendor-advisory, x_refsource_SUSE | |
| http://secunia.com/advisories/57889 | third-party-advisory, x_refsource_SECUNIA | |
| http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html | vendor-advisory, x_refsource_SUSE | |
| http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html | x_refsource_CONFIRM | |
| http://secunia.com/advisories/57288 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/66112 | vdb-entry, x_refsource_BID | |
| http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html | vendor-advisory, x_refsource_SUSE | |
| http://www.squid-cache.org/Advisories/SQUID-2014_1.txt | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:38.744Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2014:0513",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00030.html"
},
{
"name": "openSUSE-SU-2014:0559",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00060.html"
},
{
"name": "57889",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57889"
},
{
"name": "SUSE-SU-2016:1996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "57288",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57288"
},
{
"name": "66112",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66112"
},
{
"name": "SUSE-SU-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2014_1.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-15T17:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openSUSE-SU-2014:0513",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00030.html"
},
{
"name": "openSUSE-SU-2014:0559",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00060.html"
},
{
"name": "57889",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57889"
},
{
"name": "SUSE-SU-2016:1996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "57288",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57288"
},
{
"name": "66112",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66112"
},
{
"name": "SUSE-SU-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2014_1.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0128",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2014:0513",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00030.html"
},
{
"name": "openSUSE-SU-2014:0559",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00060.html"
},
{
"name": "57889",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57889"
},
{
"name": "SUSE-SU-2016:1996",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "57288",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57288"
},
{
"name": "66112",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66112"
},
{
"name": "SUSE-SU-2016:2089",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2014_1.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2014_1.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0128",
"datePublished": "2014-04-14T15:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:38.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-2951
Vulnerability from cvelistv5
Published
2010-10-12 20:00
Modified
2024-08-07 02:55
Severity ?
EPSS score ?
Summary
dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not enabled, accesses an invalid socket during an IPv4 TCP DNS query, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors that trigger an IPv4 DNS response with the TC bit set.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2010/08/25/6 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2010/08/24/7 | mailing-list, x_refsource_MLIST | |
| http://bugs.squid-cache.org/show_bug.cgi?id=3009 | x_refsource_CONFIRM | |
| http://marc.info/?l=squid-users&m=128263555724981&w=2 | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=626927 | x_refsource_CONFIRM | |
| http://bugs.squid-cache.org/show_bug.cgi?id=3021 | x_refsource_CONFIRM | |
| http://bazaar.launchpad.net/~squid/squid/3.1/revision/10072 | x_refsource_CONFIRM | |
| http://bugs.gentoo.org/show_bug.cgi?id=334263 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2010/08/24/6 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2010/08/25/2 | mailing-list, x_refsource_MLIST | |
| http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10072.patch | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:55:45.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20100825 Re: CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/08/25/6"
},
{
"name": "[oss-security] 20100825 Re: CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/08/24/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.squid-cache.org/show_bug.cgi?id=3009"
},
{
"name": "[squid-users] 20100824 Squid 3.1.7 is available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=squid-users\u0026m=128263555724981\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=626927"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.squid-cache.org/show_bug.cgi?id=3021"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bazaar.launchpad.net/~squid/squid/3.1/revision/10072"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=334263"
},
{
"name": "[oss-security] 20100824 CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/08/24/6"
},
{
"name": "[oss-security] 20100825 Re: CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/08/25/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10072.patch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not enabled, accesses an invalid socket during an IPv4 TCP DNS query, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors that trigger an IPv4 DNS response with the TC bit set."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-10-12T20:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20100825 Re: CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/08/25/6"
},
{
"name": "[oss-security] 20100825 Re: CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/08/24/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.squid-cache.org/show_bug.cgi?id=3009"
},
{
"name": "[squid-users] 20100824 Squid 3.1.7 is available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=squid-users\u0026m=128263555724981\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=626927"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.squid-cache.org/show_bug.cgi?id=3021"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bazaar.launchpad.net/~squid/squid/3.1/revision/10072"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=334263"
},
{
"name": "[oss-security] 20100824 CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/08/24/6"
},
{
"name": "[oss-security] 20100825 Re: CVE Request -- Squid v3.1.6 -- DoS (crash) while processing large DNS replies with no IPv6 resolver present",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/08/25/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10072.patch"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-2951",
"datePublished": "2010-10-12T20:00:00Z",
"dateReserved": "2010-08-04T00:00:00Z",
"dateUpdated": "2024-08-07T02:55:45.461Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-18678
Vulnerability from cvelistv5
Published
2019-11-26 16:15
Modified
2024-08-05 02:02
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. The resulting Response messages corrupt caches (between a client and Squid) with attacker-controlled content at arbitrary URLs. Effects are isolated to software between the attacker client and Squid. There are no effects on Squid itself, nor on any upstream servers. The issue is related to a request header containing whitespace between a header name and a colon.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:38.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/pull/445"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1156323"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_10.txt"
},
{
"name": "USN-4213-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4213-1/"
},
{
"name": "FEDORA-2019-0b16cbdd0e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/"
},
{
"name": "FEDORA-2019-9538783033",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/"
},
{
"name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2028-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html"
},
{
"name": "GLSA-202003-34",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-34"
},
{
"name": "DSA-4682",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. The resulting Response messages corrupt caches (between a client and Squid) with attacker-controlled content at arbitrary URLs. Effects are isolated to software between the attacker client and Squid. There are no effects on Squid itself, nor on any upstream servers. The issue is related to a request header containing whitespace between a header name and a colon."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-10T23:06:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/squid-cache/squid/pull/445"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1156323"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_10.txt"
},
{
"name": "USN-4213-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4213-1/"
},
{
"name": "FEDORA-2019-0b16cbdd0e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/"
},
{
"name": "FEDORA-2019-9538783033",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/"
},
{
"name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2028-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html"
},
{
"name": "GLSA-202003-34",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-34"
},
{
"name": "DSA-4682",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18678",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. The resulting Response messages corrupt caches (between a client and Squid) with attacker-controlled content at arbitrary URLs. Effects are isolated to software between the attacker client and Squid. There are no effects on Squid itself, nor on any upstream servers. The issue is related to a request header containing whitespace between a header name and a colon."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/squid-cache/squid/pull/445",
"refsource": "MISC",
"url": "https://github.com/squid-cache/squid/pull/445"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1156323",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1156323"
},
{
"name": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2019_10.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_10.txt"
},
{
"name": "USN-4213-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4213-1/"
},
{
"name": "FEDORA-2019-0b16cbdd0e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/"
},
{
"name": "FEDORA-2019-9538783033",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/"
},
{
"name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2028-1] squid3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html"
},
{
"name": "GLSA-202003-34",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-34"
},
{
"name": "DSA-4682",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18678",
"datePublished": "2019-11-26T16:15:42",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-05T02:02:38.289Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2855
Vulnerability from cvelistv5
Published
2009-08-18 20:41
Modified
2024-08-07 06:07
Severity ?
EPSS score ?
Summary
The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:07:36.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20090803 Re: squid DoS in external auth header parser",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/08/03/3"
},
{
"name": "36091",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36091"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534982"
},
{
"name": "[oss-security] 20090804 Re: squid DoS in external auth header parser",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/08/04/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=2704"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=2541"
},
{
"name": "1022757",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022757"
},
{
"name": "oval:org.mitre.oval:def:10592",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10592"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=518182"
},
{
"name": "[oss-security] 20090720 squid DoS in external auth header parser",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/07/20/10"
},
{
"name": "squid-strlistgetitem-dos(52610)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52610"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=31%3Bfilename=diff%3Batt=1%3Bbug=534982"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20090803 Re: squid DoS in external auth header parser",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/08/03/3"
},
{
"name": "36091",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36091"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534982"
},
{
"name": "[oss-security] 20090804 Re: squid DoS in external auth header parser",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/08/04/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=2704"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=2541"
},
{
"name": "1022757",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022757"
},
{
"name": "oval:org.mitre.oval:def:10592",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10592"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=518182"
},
{
"name": "[oss-security] 20090720 squid DoS in external auth header parser",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/07/20/10"
},
{
"name": "squid-strlistgetitem-dos(52610)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52610"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=31%3Bfilename=diff%3Batt=1%3Bbug=534982"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20090803 Re: squid DoS in external auth header parser",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/08/03/3"
},
{
"name": "36091",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36091"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534982",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534982"
},
{
"name": "[oss-security] 20090804 Re: squid DoS in external auth header parser",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/08/04/6"
},
{
"name": "http://www.squid-cache.org/bugs/show_bug.cgi?id=2704",
"refsource": "MISC",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=2704"
},
{
"name": "http://www.squid-cache.org/bugs/show_bug.cgi?id=2541",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=2541"
},
{
"name": "1022757",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022757"
},
{
"name": "oval:org.mitre.oval:def:10592",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10592"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=518182",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=518182"
},
{
"name": "[oss-security] 20090720 squid DoS in external auth header parser",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/07/20/10"
},
{
"name": "squid-strlistgetitem-dos(52610)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52610"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=31;filename=diff;att=1;bug=534982",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=31;filename=diff;att=1;bug=534982"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2855",
"datePublished": "2009-08-18T20:41:00",
"dateReserved": "2009-08-18T00:00:00",
"dateUpdated": "2024-08-07T06:07:36.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4115
Vulnerability from cvelistv5
Published
2013-08-09 22:00
Modified
2024-08-06 16:30
Severity ?
EPSS score ?
Summary
Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server termination) via a long name in a DNS lookup request.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:50.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10487.patch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2013_2.txt"
},
{
"name": "54076",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54076"
},
{
"name": "SUSE-SU-2016:1996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "openSUSE-SU-2013:1441",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00030.html"
},
{
"name": "openSUSE-SU-2013:1444",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00033.html"
},
{
"name": "54834",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54834"
},
{
"name": "openSUSE-SU-2013:1443",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12587.patch"
},
{
"name": "61111",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61111"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11823.patch"
},
{
"name": "54839",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54839"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9200.patch"
},
{
"name": "SUSE-SU-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "openSUSE-SU-2013:1435",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00024.html"
},
{
"name": "squid-idnsalookup-bo(85564)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85564"
},
{
"name": "openSUSE-SU-2013:1436",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00025.html"
},
{
"name": "[oss-security] 20130711 Re: CVE request: SQUID-2013:2: buffer overflow in HTTP request handling",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/11/8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server termination) via a long name in a DNS lookup request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10487.patch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2013_2.txt"
},
{
"name": "54076",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54076"
},
{
"name": "SUSE-SU-2016:1996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "openSUSE-SU-2013:1441",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00030.html"
},
{
"name": "openSUSE-SU-2013:1444",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00033.html"
},
{
"name": "54834",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54834"
},
{
"name": "openSUSE-SU-2013:1443",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12587.patch"
},
{
"name": "61111",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61111"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11823.patch"
},
{
"name": "54839",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54839"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9200.patch"
},
{
"name": "SUSE-SU-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "openSUSE-SU-2013:1435",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00024.html"
},
{
"name": "squid-idnsalookup-bo(85564)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85564"
},
{
"name": "openSUSE-SU-2013:1436",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00025.html"
},
{
"name": "[oss-security] 20130711 Re: CVE request: SQUID-2013:2: buffer overflow in HTTP request handling",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/07/11/8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4115",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server termination) via a long name in a DNS lookup request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10487.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10487.patch"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2013_2.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2013_2.txt"
},
{
"name": "54076",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54076"
},
{
"name": "SUSE-SU-2016:1996",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "openSUSE-SU-2013:1441",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00030.html"
},
{
"name": "openSUSE-SU-2013:1444",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00033.html"
},
{
"name": "54834",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54834"
},
{
"name": "openSUSE-SU-2013:1443",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00032.html"
},
{
"name": "http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12587.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12587.patch"
},
{
"name": "61111",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61111"
},
{
"name": "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11823.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11823.patch"
},
{
"name": "54839",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54839"
},
{
"name": "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9200.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9200.patch"
},
{
"name": "SUSE-SU-2016:2089",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "openSUSE-SU-2013:1435",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00024.html"
},
{
"name": "squid-idnsalookup-bo(85564)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85564"
},
{
"name": "openSUSE-SU-2013:1436",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00025.html"
},
{
"name": "[oss-security] 20130711 Re: CVE request: SQUID-2013:2: buffer overflow in HTTP request handling",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/07/11/8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4115",
"datePublished": "2013-08-09T22:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:30:50.017Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-41318
Vulnerability from cvelistv5
Published
2022-12-25 00:00
Modified
2024-08-03 12:42
Severity ?
EPSS score ?
Summary
A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a client. This is fixed in 5.7.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:42:44.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-394c-rr7q-6g78"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_2.patch"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_2.patch"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2022/09/23/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a client. This is fixed in 5.7."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-25T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-394c-rr7q-6g78"
},
{
"url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_2.patch"
},
{
"url": "http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_2.patch"
},
{
"url": "https://www.openwall.com/lists/oss-security/2022/09/23/2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-41318",
"datePublished": "2022-12-25T00:00:00",
"dateReserved": "2022-09-23T00:00:00",
"dateUpdated": "2024-08-03T12:42:44.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-28652
Vulnerability from cvelistv5
Published
2021-05-27 00:00
Modified
2024-08-03 21:47
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unspecified short query string. This attack is limited to clients with Cache Manager API access privilege.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:47:33.045Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugs.squid-cache.org/show_bug.cgi?id=5106"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-m47m-9hvw-7447"
},
{
"name": "DSA-4924",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4924"
},
{
"name": "FEDORA-2021-c0bec55ec7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/"
},
{
"name": "FEDORA-2021-24af72ff2c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/"
},
{
"name": "[debian-lts-announce] 20210614 [SECURITY] [DLA 2685-1] squid3 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html"
},
{
"name": "[oss-security] 20231011 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/11/3"
},
{
"name": "20231016 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unspecified short query string. This attack is limited to clients with Cache Manager API access privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-17T04:06:13.161891",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugs.squid-cache.org/show_bug.cgi?id=5106"
},
{
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-m47m-9hvw-7447"
},
{
"name": "DSA-4924",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4924"
},
{
"name": "FEDORA-2021-c0bec55ec7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/"
},
{
"name": "FEDORA-2021-24af72ff2c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/"
},
{
"name": "[debian-lts-announce] 20210614 [SECURITY] [DLA 2685-1] squid3 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html"
},
{
"name": "[oss-security] 20231011 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/11/3"
},
{
"name": "20231016 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-28652",
"datePublished": "2021-05-27T00:00:00",
"dateReserved": "2021-03-17T00:00:00",
"dateUpdated": "2024-08-03T21:47:33.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-31807
Vulnerability from cvelistv5
Published
2021-06-08 00:00
Modified
2024-08-03 23:10
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:10:30.180Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch"
},
{
"name": "FEDORA-2021-c0bec55ec7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/"
},
{
"name": "FEDORA-2021-24af72ff2c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/"
},
{
"name": "[debian-lts-announce] 20210614 [SECURITY] [DLA 2685-1] squid3 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210716-0007/"
},
{
"name": "[oss-security] 20231011 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/11/3"
},
{
"name": "20231016 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-17T04:06:20.125839",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf"
},
{
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch"
},
{
"name": "FEDORA-2021-c0bec55ec7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/"
},
{
"name": "FEDORA-2021-24af72ff2c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/"
},
{
"name": "[debian-lts-announce] 20210614 [SECURITY] [DLA 2685-1] squid3 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20210716-0007/"
},
{
"name": "[oss-security] 20231011 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/11/3"
},
{
"name": "20231016 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31807",
"datePublished": "2021-06-08T00:00:00",
"dateReserved": "2021-04-26T00:00:00",
"dateUpdated": "2024-08-03T23:10:30.180Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-14059
Vulnerability from cvelistv5
Published
2020-06-30 18:23
Modified
2024-08-04 12:32
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid 5.x before 5.0.3. Due to an Incorrect Synchronization, a Denial of Service can occur when processing objects in an SMP cache because of an Ipc::Mem::PageStack::pop ABA problem during access to the memory page/slot management list.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.squid-cache.org/Versions/v5/changesets/squid-5-7a5af8db8e0377c06ed9ffbdcb1334389c7cd8ab.patch | x_refsource_MISC | |
| http://www.squid-cache.org/Advisories/SQUID-2020_5.txt | x_refsource_CONFIRM | |
| https://security.netapp.com/advisory/ntap-20210312-0001/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:32:14.706Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v5/changesets/squid-5-7a5af8db8e0377c06ed9ffbdcb1334389c7cd8ab.patch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2020_5.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210312-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-06-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid 5.x before 5.0.3. Due to an Incorrect Synchronization, a Denial of Service can occur when processing objects in an SMP cache because of an Ipc::Mem::PageStack::pop ABA problem during access to the memory page/slot management list."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-12T12:06:30",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Versions/v5/changesets/squid-5-7a5af8db8e0377c06ed9ffbdcb1334389c7cd8ab.patch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2020_5.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210312-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-14059",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Squid 5.x before 5.0.3. Due to an Incorrect Synchronization, a Denial of Service can occur when processing objects in an SMP cache because of an Ipc::Mem::PageStack::pop ABA problem during access to the memory page/slot management list."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Versions/v5/changesets/squid-5-7a5af8db8e0377c06ed9ffbdcb1334389c7cd8ab.patch",
"refsource": "MISC",
"url": "http://www.squid-cache.org/Versions/v5/changesets/squid-5-7a5af8db8e0377c06ed9ffbdcb1334389c7cd8ab.patch"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2020_5.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2020_5.txt"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210312-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210312-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-14059",
"datePublished": "2020-06-30T18:23:39",
"dateReserved": "2020-06-13T00:00:00",
"dateUpdated": "2024-08-04T12:32:14.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4052
Vulnerability from cvelistv5
Published
2016-04-25 14:00
Modified
2024-08-06 00:17
Severity ?
EPSS score ?
Summary
Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:17:29.854Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_6.txt"
},
{
"name": "GLSA-201607-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "SUSE-SU-2016:1996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "[oss-security] 20160421 CVE Request: Squid HTTP Caching Proxy multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/6"
},
{
"name": "USN-2995-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2995-1"
},
{
"name": "RHSA-2016:1140",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1140"
},
{
"name": "openSUSE-SU-2016:2081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"name": "RHSA-2016:1138",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1138"
},
{
"name": "91787",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "RHSA-2016:1139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1139"
},
{
"name": "SUSE-SU-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "[oss-security] 20160420 Re: CVE Request: Squid HTTP Caching Proxy multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/9"
},
{
"name": "1035647",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035647"
},
{
"name": "DSA-3625",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3625"
},
{
"name": "86788",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/86788"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-28T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_6.txt"
},
{
"name": "GLSA-201607-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "SUSE-SU-2016:1996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "[oss-security] 20160421 CVE Request: Squid HTTP Caching Proxy multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/6"
},
{
"name": "USN-2995-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2995-1"
},
{
"name": "RHSA-2016:1140",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1140"
},
{
"name": "openSUSE-SU-2016:2081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"name": "RHSA-2016:1138",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1138"
},
{
"name": "91787",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "RHSA-2016:1139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1139"
},
{
"name": "SUSE-SU-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "[oss-security] 20160420 Re: CVE Request: Squid HTTP Caching Proxy multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/9"
},
{
"name": "1035647",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035647"
},
{
"name": "DSA-3625",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3625"
},
{
"name": "86788",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/86788"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2016_6.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_6.txt"
},
{
"name": "GLSA-201607-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "SUSE-SU-2016:1996",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "[oss-security] 20160421 CVE Request: Squid HTTP Caching Proxy multiple issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/6"
},
{
"name": "USN-2995-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2995-1"
},
{
"name": "RHSA-2016:1140",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1140"
},
{
"name": "openSUSE-SU-2016:2081",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"name": "RHSA-2016:1138",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1138"
},
{
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "RHSA-2016:1139",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1139"
},
{
"name": "SUSE-SU-2016:2089",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "[oss-security] 20160420 Re: CVE Request: Squid HTTP Caching Proxy multiple issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/9"
},
{
"name": "1035647",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035647"
},
{
"name": "DSA-3625",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3625"
},
{
"name": "86788",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/86788"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4052",
"datePublished": "2016-04-25T14:00:00",
"dateReserved": "2016-04-20T00:00:00",
"dateUpdated": "2024-08-06T00:17:29.854Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10002
Vulnerability from cvelistv5
Published
2017-01-27 17:00
Modified
2024-08-06 03:07
Severity ?
EPSS score ?
Summary
Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.squid-cache.org/Advisories/SQUID-2016_11.txt | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1037513 | vdb-entry, x_refsource_SECTRACK | |
| http://www.openwall.com/lists/oss-security/2016/12/18/1 | mailing-list, x_refsource_MLIST | |
| http://rhn.redhat.com/errata/RHSA-2017-0183.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2017-0182.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/94953 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2016/dsa-3745 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.821Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_11.txt"
},
{
"name": "1037513",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037513"
},
{
"name": "[oss-security] 20161217 Re: CVE Request - squid HTTP proxy multiple Information Disclosure issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/18/1"
},
{
"name": "RHSA-2017:0183",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0183.html"
},
{
"name": "RHSA-2017:0182",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0182.html"
},
{
"name": "94953",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94953"
},
{
"name": "DSA-3745",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3745"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_11.txt"
},
{
"name": "1037513",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037513"
},
{
"name": "[oss-security] 20161217 Re: CVE Request - squid HTTP proxy multiple Information Disclosure issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/18/1"
},
{
"name": "RHSA-2017:0183",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0183.html"
},
{
"name": "RHSA-2017:0182",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2017-0182.html"
},
{
"name": "94953",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94953"
},
{
"name": "DSA-3745",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3745"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10002",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2016_11.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_11.txt"
},
{
"name": "1037513",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037513"
},
{
"name": "[oss-security] 20161217 Re: CVE Request - squid HTTP proxy multiple Information Disclosure issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/18/1"
},
{
"name": "RHSA-2017:0183",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0183.html"
},
{
"name": "RHSA-2017:0182",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0182.html"
},
{
"name": "94953",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94953"
},
{
"name": "DSA-3745",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3745"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10002",
"datePublished": "2017-01-27T17:00:00",
"dateReserved": "2016-12-17T00:00:00",
"dateUpdated": "2024-08-06T03:07:31.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4554
Vulnerability from cvelistv5
Published
2016-05-10 19:00
Modified
2024-08-06 00:32
Severity ?
EPSS score ?
Summary
mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.859Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201607-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v3/3.3/changesets/SQUID-2016_8.patch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_8.patch"
},
{
"name": "SUSE-SU-2016:1996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID-2016_8.patch"
},
{
"name": "USN-2995-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2995-1"
},
{
"name": "1035769",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035769"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v3/3.2/changesets/SQUID-2016_8.patch"
},
{
"name": "RHSA-2016:1140",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1140"
},
{
"name": "openSUSE-SU-2016:2081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"name": "RHSA-2016:1138",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1138"
},
{
"name": "RHSA-2016:1139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1139"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_8.txt"
},
{
"name": "SUSE-SU-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_8.patch"
},
{
"name": "DSA-3625",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3625"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a \"header smuggling\" issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-28T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201607-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v3/3.3/changesets/SQUID-2016_8.patch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_8.patch"
},
{
"name": "SUSE-SU-2016:1996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID-2016_8.patch"
},
{
"name": "USN-2995-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2995-1"
},
{
"name": "1035769",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035769"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v3/3.2/changesets/SQUID-2016_8.patch"
},
{
"name": "RHSA-2016:1140",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1140"
},
{
"name": "openSUSE-SU-2016:2081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"name": "RHSA-2016:1138",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1138"
},
{
"name": "RHSA-2016:1139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1139"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_8.txt"
},
{
"name": "SUSE-SU-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_8.patch"
},
{
"name": "DSA-3625",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3625"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4554",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a \"header smuggling\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201607-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "http://www.squid-cache.org/Versions/v3/3.3/changesets/SQUID-2016_8.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v3/3.3/changesets/SQUID-2016_8.patch"
},
{
"name": "http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_8.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_8.patch"
},
{
"name": "SUSE-SU-2016:1996",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID-2016_8.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID-2016_8.patch"
},
{
"name": "USN-2995-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2995-1"
},
{
"name": "1035769",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035769"
},
{
"name": "http://www.squid-cache.org/Versions/v3/3.2/changesets/SQUID-2016_8.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v3/3.2/changesets/SQUID-2016_8.patch"
},
{
"name": "RHSA-2016:1140",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1140"
},
{
"name": "openSUSE-SU-2016:2081",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"name": "RHSA-2016:1138",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1138"
},
{
"name": "RHSA-2016:1139",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1139"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2016_8.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_8.txt"
},
{
"name": "SUSE-SU-2016:2089",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_8.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_8.patch"
},
{
"name": "DSA-3625",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3625"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4554",
"datePublished": "2016-05-10T19:00:00",
"dateReserved": "2016-05-06T00:00:00",
"dateUpdated": "2024-08-06T00:32:25.859Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-12854
Vulnerability from cvelistv5
Published
2019-08-15 16:15
Modified
2024-08-04 23:32
Severity ?
EPSS score ?
Summary
Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.squid-cache.org/Advisories/SQUID-2019_1.txt | x_refsource_MISC | |
| https://bugs.squid-cache.org/show_bug.cgi?id=4937 | x_refsource_MISC | |
| http://www.squid-cache.org/Versions/v4/changesets/squid-4-2981a957716c61ff7e21eee1d7d6eb5a237e466d.patch | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/ | x_refsource_CONFIRM | |
| https://www.debian.org/security/2019/dsa-4507 | vendor-advisory, x_refsource_DEBIAN | |
| https://seclists.org/bugtraq/2019/Aug/42 | mailing-list, x_refsource_BUGTRAQ | |
| http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html | vendor-advisory, x_refsource_SUSE | |
| https://usn.ubuntu.com/4213-1/ | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:32:55.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_1.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.squid-cache.org/show_bug.cgi?id=4937"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-2981a957716c61ff7e21eee1d7d6eb5a237e466d.patch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/"
},
{
"name": "DSA-4507",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4507"
},
{
"name": "20190825 [SECURITY] [DSA 4507-1] squid security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/42"
},
{
"name": "openSUSE-SU-2019:2540",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html"
},
{
"name": "openSUSE-SU-2019:2541",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html"
},
{
"name": "USN-4213-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4213-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-04T19:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_1.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.squid-cache.org/show_bug.cgi?id=4937"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-2981a957716c61ff7e21eee1d7d6eb5a237e466d.patch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/"
},
{
"name": "DSA-4507",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4507"
},
{
"name": "20190825 [SECURITY] [DSA 4507-1] squid security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/42"
},
{
"name": "openSUSE-SU-2019:2540",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html"
},
{
"name": "openSUSE-SU-2019:2541",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html"
},
{
"name": "USN-4213-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4213-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12854",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2019_1.txt",
"refsource": "MISC",
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_1.txt"
},
{
"name": "https://bugs.squid-cache.org/show_bug.cgi?id=4937",
"refsource": "MISC",
"url": "https://bugs.squid-cache.org/show_bug.cgi?id=4937"
},
{
"name": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-2981a957716c61ff7e21eee1d7d6eb5a237e466d.patch",
"refsource": "MISC",
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-2981a957716c61ff7e21eee1d7d6eb5a237e466d.patch"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/",
"refsource": "CONFIRM",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/"
},
{
"name": "DSA-4507",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4507"
},
{
"name": "20190825 [SECURITY] [DSA 4507-1] squid security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/42"
},
{
"name": "openSUSE-SU-2019:2540",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html"
},
{
"name": "openSUSE-SU-2019:2541",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html"
},
{
"name": "USN-4213-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4213-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12854",
"datePublished": "2019-08-15T16:15:23",
"dateReserved": "2019-06-16T00:00:00",
"dateUpdated": "2024-08-04T23:32:55.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-7141
Vulnerability from cvelistv5
Published
2014-11-26 15:00
Modified
2024-08-06 12:40
Severity ?
EPSS score ?
Summary
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.squid-cache.org/Advisories/SQUID-2014_4.txt | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html | vendor-advisory, x_refsource_SUSE | |
| http://seclists.org/oss-sec/2014/q3/612 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/60242 | third-party-advisory, x_refsource_SECUNIA | |
| https://bugzilla.novell.com/show_bug.cgi?id=891268 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/69688 | vdb-entry, x_refsource_BID | |
| http://seclists.org/oss-sec/2014/q3/539 | mailing-list, x_refsource_MLIST | |
| http://ubuntu.com/usn/usn-2422-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html | vendor-advisory, x_refsource_SUSE | |
| http://seclists.org/oss-sec/2014/q3/626 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:40:19.045Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2014_4.txt"
},
{
"name": "SUSE-SU-2016:1996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "[oss-security] 20140916 Re: CVE-Request: squid pinger remote DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/612"
},
{
"name": "60242",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60242"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=891268"
},
{
"name": "69688",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69688"
},
{
"name": "[oss-security] 20140909 CVE-Request: squid pinger remote DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/539"
},
{
"name": "USN-2422-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-2422-1"
},
{
"name": "SUSE-SU-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "[oss-security] 20140922 Re: CVE-Request: squid pinger remote DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/626"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2014_4.txt"
},
{
"name": "SUSE-SU-2016:1996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "[oss-security] 20140916 Re: CVE-Request: squid pinger remote DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/612"
},
{
"name": "60242",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60242"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=891268"
},
{
"name": "69688",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69688"
},
{
"name": "[oss-security] 20140909 CVE-Request: squid pinger remote DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/539"
},
{
"name": "USN-2422-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-2422-1"
},
{
"name": "SUSE-SU-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "[oss-security] 20140922 Re: CVE-Request: squid pinger remote DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/626"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7141",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2014_4.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2014_4.txt"
},
{
"name": "SUSE-SU-2016:1996",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "[oss-security] 20140916 Re: CVE-Request: squid pinger remote DoS",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/612"
},
{
"name": "60242",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60242"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=891268",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=891268"
},
{
"name": "69688",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69688"
},
{
"name": "[oss-security] 20140909 CVE-Request: squid pinger remote DoS",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/539"
},
{
"name": "USN-2422-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-2422-1"
},
{
"name": "SUSE-SU-2016:2089",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "[oss-security] 20140922 Re: CVE-Request: squid pinger remote DoS",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/626"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7141",
"datePublished": "2014-11-26T15:00:00",
"dateReserved": "2014-09-22T00:00:00",
"dateUpdated": "2024-08-06T12:40:19.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-9749
Vulnerability from cvelistv5
Published
2015-11-06 21:00
Modified
2024-08-06 13:55
Severity ?
EPSS score ?
Summary
Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay vulnerability."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2015/10/01/1 | mailing-list, x_refsource_MLIST | |
| http://bugs.squid-cache.org/show_bug.cgi?id=4066 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2015/10/11/4 | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-updates/2015-10/msg00052.html | vendor-advisory, x_refsource_SUSE | |
| http://www.openwall.com/lists/oss-security/2015/10/12/2 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:55:04.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20151001 CVE Request: squid: Nonce replay vulnerability in Digest authentication",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/01/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.squid-cache.org/show_bug.cgi?id=4066"
},
{
"name": "[oss-security] 20151011 Re: CVE Request: squid: Nonce replay vulnerability in Digest authentication",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/11/4"
},
{
"name": "openSUSE-SU-2015:1835",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00052.html"
},
{
"name": "[oss-security] 20151012 Re: Re: CVE Request: squid: Nonce replay vulnerability in Digest authentication",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/12/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka \"Nonce replay vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-11-06T20:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20151001 CVE Request: squid: Nonce replay vulnerability in Digest authentication",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/01/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.squid-cache.org/show_bug.cgi?id=4066"
},
{
"name": "[oss-security] 20151011 Re: CVE Request: squid: Nonce replay vulnerability in Digest authentication",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/11/4"
},
{
"name": "openSUSE-SU-2015:1835",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00052.html"
},
{
"name": "[oss-security] 20151012 Re: Re: CVE Request: squid: Nonce replay vulnerability in Digest authentication",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/10/12/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9749",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka \"Nonce replay vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20151001 CVE Request: squid: Nonce replay vulnerability in Digest authentication",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/10/01/1"
},
{
"name": "http://bugs.squid-cache.org/show_bug.cgi?id=4066",
"refsource": "CONFIRM",
"url": "http://bugs.squid-cache.org/show_bug.cgi?id=4066"
},
{
"name": "[oss-security] 20151011 Re: CVE Request: squid: Nonce replay vulnerability in Digest authentication",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/10/11/4"
},
{
"name": "openSUSE-SU-2015:1835",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00052.html"
},
{
"name": "[oss-security] 20151012 Re: Re: CVE Request: squid: Nonce replay vulnerability in Digest authentication",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/10/12/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9749",
"datePublished": "2015-11-06T21:00:00",
"dateReserved": "2015-10-04T00:00:00",
"dateUpdated": "2024-08-06T13:55:04.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-50269
Vulnerability from cvelistv5
Published
2023-12-14 17:09
Modified
2025-02-13 17:19
Severity ?
EPSS score ?
Summary
Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to perform Denial of Service attack by sending a large X-Forwarded-For header when the follow_x_forwarded_for feature is configured. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| squid-cache | squid |
Version: >= 2.6, <= 2.7.STABLE9 Version: >= 3.1, <= 5.9 Version: >= 6.0.1, < 6.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:46.315Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/squid-cache/squid/security/advisories/GHSA-wgq4-4cfg-c4x3",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-wgq4-4cfg-c4x3"
},
{
"name": "http://www.squid-cache.org/Versions/v5/SQUID-2023_10.patch",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v5/SQUID-2023_10.patch"
},
{
"name": "http://www.squid-cache.org/Versions/v6/SQUID-2023_10.patch",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v6/SQUID-2023_10.patch"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240119-0005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "squid",
"vendor": "squid-cache",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.6, \u003c= 2.7.STABLE9"
},
{
"status": "affected",
"version": "\u003e= 3.1, \u003c= 5.9"
},
{
"status": "affected",
"version": "\u003e= 6.0.1, \u003c 6.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to perform Denial of Service attack by sending a large X-Forwarded-For header when the follow_x_forwarded_for feature is configured. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid\u0027s patch archives."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674: Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-19T16:06:57.654Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/squid-cache/squid/security/advisories/GHSA-wgq4-4cfg-c4x3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-wgq4-4cfg-c4x3"
},
{
"name": "http://www.squid-cache.org/Versions/v5/SQUID-2023_10.patch",
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Versions/v5/SQUID-2023_10.patch"
},
{
"name": "http://www.squid-cache.org/Versions/v6/SQUID-2023_10.patch",
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Versions/v6/SQUID-2023_10.patch"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240119-0005/"
}
],
"source": {
"advisory": "GHSA-wgq4-4cfg-c4x3",
"discovery": "UNKNOWN"
},
"title": "SQUID-2023:10 Denial of Service in HTTP Request parsing"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-50269",
"datePublished": "2023-12-14T17:09:25.168Z",
"dateReserved": "2023-12-05T20:42:59.381Z",
"dateUpdated": "2025-02-13T17:19:03.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-19132
Vulnerability from cvelistv5
Published
2018-11-09 11:00
Modified
2024-08-05 11:30
Severity ?
EPSS score ?
Summary
Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/squid-cache/squid/pull/313 | x_refsource_MISC | |
| http://www.squid-cache.org/Versions/v5/changesets/squid-5-644131ff1e00c1895d77561f561d29c104ba6b11.patch | x_refsource_MISC | |
| http://www.squid-cache.org/Advisories/SQUID-2018_5.txt | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2018/11/msg00032.html | mailing-list, x_refsource_MLIST | |
| https://usn.ubuntu.com/4059-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:30:03.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/pull/313"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v5/changesets/squid-5-644131ff1e00c1895d77561f561d29c104ba6b11.patch"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2018_5.txt"
},
{
"name": "[debian-lts-announce] 20181126 [SECURITY] [DLA 1596-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00032.html"
},
{
"name": "USN-4059-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4059-1/"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-10T23:06:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/squid-cache/squid/pull/313"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Versions/v5/changesets/squid-5-644131ff1e00c1895d77561f561d29c104ba6b11.patch"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2018_5.txt"
},
{
"name": "[debian-lts-announce] 20181126 [SECURITY] [DLA 1596-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00032.html"
},
{
"name": "USN-4059-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4059-1/"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19132",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/squid-cache/squid/pull/313",
"refsource": "MISC",
"url": "https://github.com/squid-cache/squid/pull/313"
},
{
"name": "http://www.squid-cache.org/Versions/v5/changesets/squid-5-644131ff1e00c1895d77561f561d29c104ba6b11.patch",
"refsource": "MISC",
"url": "http://www.squid-cache.org/Versions/v5/changesets/squid-5-644131ff1e00c1895d77561f561d29c104ba6b11.patch"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2018_5.txt",
"refsource": "MISC",
"url": "http://www.squid-cache.org/Advisories/SQUID-2018_5.txt"
},
{
"name": "[debian-lts-announce] 20181126 [SECURITY] [DLA 1596-1] squid3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00032.html"
},
{
"name": "USN-4059-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4059-1/"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19132",
"datePublished": "2018-11-09T11:00:00",
"dateReserved": "2018-11-09T00:00:00",
"dateUpdated": "2024-08-05T11:30:03.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2570
Vulnerability from cvelistv5
Published
2016-02-27 02:00
Modified
2024-08-05 23:32
Severity ?
EPSS score ?
Summary
The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.
References
| ▼ | URL | Tags |
|---|---|---|
| https://usn.ubuntu.com/3557-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://security.gentoo.org/glsa/201607-01 | vendor-advisory, x_refsource_GENTOO | |
| http://www.squid-cache.org/Advisories/SQUID-2016_2.txt | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html | vendor-advisory, x_refsource_SUSE | |
| http://www.squid-cache.org/Versions/v4/changesets/squid-4-14549.patch | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2016-2600.html | vendor-advisory, x_refsource_REDHAT | |
| http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html | vendor-advisory, x_refsource_SUSE | |
| http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13993.patch | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/02/26/2 | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html | vendor-advisory, x_refsource_SUSE | |
| http://www.securitytracker.com/id/1035101 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:32:20.956Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3557-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3557-1/"
},
{
"name": "GLSA-201607-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_2.txt"
},
{
"name": "SUSE-SU-2016:1996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-14549.patch"
},
{
"name": "RHSA-2016:2600",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2600.html"
},
{
"name": "openSUSE-SU-2016:2081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13993.patch"
},
{
"name": "[oss-security] 20160226 Re: CVE request: Squid HTTP Caching Proxy multiple denial of service issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/02/26/2"
},
{
"name": "SUSE-SU-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "1035101",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035101"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-15T09:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-3557-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3557-1/"
},
{
"name": "GLSA-201607-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_2.txt"
},
{
"name": "SUSE-SU-2016:1996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-14549.patch"
},
{
"name": "RHSA-2016:2600",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2600.html"
},
{
"name": "openSUSE-SU-2016:2081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13993.patch"
},
{
"name": "[oss-security] 20160226 Re: CVE request: Squid HTTP Caching Proxy multiple denial of service issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/02/26/2"
},
{
"name": "SUSE-SU-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "1035101",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035101"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2570",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3557-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3557-1/"
},
{
"name": "GLSA-201607-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2016_2.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_2.txt"
},
{
"name": "SUSE-SU-2016:1996",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-14549.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-14549.patch"
},
{
"name": "RHSA-2016:2600",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2600.html"
},
{
"name": "openSUSE-SU-2016:2081",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"name": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13993.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13993.patch"
},
{
"name": "[oss-security] 20160226 Re: CVE request: Squid HTTP Caching Proxy multiple denial of service issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/02/26/2"
},
{
"name": "SUSE-SU-2016:2089",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "1035101",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035101"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2570",
"datePublished": "2016-02-27T02:00:00",
"dateReserved": "2016-02-26T00:00:00",
"dateUpdated": "2024-08-05T23:32:20.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4053
Vulnerability from cvelistv5
Published
2016-04-25 14:00
Modified
2024-08-06 00:17
Severity ?
EPSS score ?
Summary
Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:17:30.656Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_6.txt"
},
{
"name": "GLSA-201607-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "SUSE-SU-2016:1996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "[oss-security] 20160421 CVE Request: Squid HTTP Caching Proxy multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/6"
},
{
"name": "USN-2995-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2995-1"
},
{
"name": "RHSA-2016:1140",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1140"
},
{
"name": "openSUSE-SU-2016:2081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"name": "RHSA-2016:1138",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1138"
},
{
"name": "91787",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "RHSA-2016:1139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1139"
},
{
"name": "SUSE-SU-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "[oss-security] 20160420 Re: CVE Request: Squid HTTP Caching Proxy multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/9"
},
{
"name": "1035647",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035647"
},
{
"name": "DSA-3625",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3625"
},
{
"name": "86788",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/86788"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-28T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_6.txt"
},
{
"name": "GLSA-201607-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "SUSE-SU-2016:1996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "[oss-security] 20160421 CVE Request: Squid HTTP Caching Proxy multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/6"
},
{
"name": "USN-2995-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2995-1"
},
{
"name": "RHSA-2016:1140",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1140"
},
{
"name": "openSUSE-SU-2016:2081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"name": "RHSA-2016:1138",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1138"
},
{
"name": "91787",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "RHSA-2016:1139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1139"
},
{
"name": "SUSE-SU-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "[oss-security] 20160420 Re: CVE Request: Squid HTTP Caching Proxy multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/9"
},
{
"name": "1035647",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035647"
},
{
"name": "DSA-3625",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3625"
},
{
"name": "86788",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/86788"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4053",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2016_6.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_6.txt"
},
{
"name": "GLSA-201607-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "SUSE-SU-2016:1996",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "[oss-security] 20160421 CVE Request: Squid HTTP Caching Proxy multiple issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/6"
},
{
"name": "USN-2995-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2995-1"
},
{
"name": "RHSA-2016:1140",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1140"
},
{
"name": "openSUSE-SU-2016:2081",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"name": "RHSA-2016:1138",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1138"
},
{
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "RHSA-2016:1139",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1139"
},
{
"name": "SUSE-SU-2016:2089",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "[oss-security] 20160420 Re: CVE Request: Squid HTTP Caching Proxy multiple issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/9"
},
{
"name": "1035647",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035647"
},
{
"name": "DSA-3625",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3625"
},
{
"name": "86788",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/86788"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4053",
"datePublished": "2016-04-25T14:00:00",
"dateReserved": "2016-04-20T00:00:00",
"dateUpdated": "2024-08-06T00:17:30.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1172
Vulnerability from cvelistv5
Published
2018-05-16 21:00
Modified
2024-08-05 03:51
Severity ?
EPSS score ?
Summary
This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCheck(). A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition to users of the system. Was ZDI-CAN-6088.
References
| ▼ | URL | Tags |
|---|---|---|
| https://zerodayinitiative.com/advisories/ZDI-18-309 | x_refsource_MISC | |
| http://www.squid-cache.org/Advisories/SQUID-2018_3.txt | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Squid Software Foundation | The Squid Software Foundation Squid |
Version: 3.5.27-20180318 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:48.966Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://zerodayinitiative.com/advisories/ZDI-18-309"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2018_3.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "The Squid Software Foundation Squid",
"vendor": "The Squid Software Foundation",
"versions": [
{
"status": "affected",
"version": "3.5.27-20180318"
}
]
}
],
"datePublic": "2018-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCheck(). A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition to users of the system. Was ZDI-CAN-6088."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476-NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-16T20:57:01",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://zerodayinitiative.com/advisories/ZDI-18-309"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2018_3.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2018-1172",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "The Squid Software Foundation Squid",
"version": {
"version_data": [
{
"version_value": "3.5.27-20180318"
}
]
}
}
]
},
"vendor_name": "The Squid Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCheck(). A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition to users of the system. Was ZDI-CAN-6088."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476-NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zerodayinitiative.com/advisories/ZDI-18-309",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-309"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2018_3.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2018_3.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2018-1172",
"datePublished": "2018-05-16T21:00:00",
"dateReserved": "2017-12-05T00:00:00",
"dateUpdated": "2024-08-05T03:51:48.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1839
Vulnerability from cvelistv5
Published
2013-09-30 20:00
Modified
2024-08-06 15:13
Severity ?
EPSS score ?
Summary
The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x before 3.2.9 and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a "," character in an Accept-Language header.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/58316 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/52588 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.squid-cache.org/Advisories/SQUID-2013_1.txt | x_refsource_CONFIRM | |
| http://archives.neohapsis.com/archives/bugtraq/2013-03/0025.html | mailing-list, x_refsource_BUGTRAQ | |
| http://archives.neohapsis.com/archives/bugtraq/2013-03/0069.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.openwall.com/lists/oss-security/2013/03/11/7 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:33.008Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "58316",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58316"
},
{
"name": "52588",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52588"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2013_1.txt"
},
{
"name": "20130305 Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-03/0025.html"
},
{
"name": "20130307 Re: Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-03/0069.html"
},
{
"name": "[oss-security] 20130311 Re: Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/11/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x before 3.2.9 and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a \",\" character in an Accept-Language header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-30T20:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "58316",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/58316"
},
{
"name": "52588",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52588"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2013_1.txt"
},
{
"name": "20130305 Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-03/0025.html"
},
{
"name": "20130307 Re: Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-03/0069.html"
},
{
"name": "[oss-security] 20130311 Re: Squid 3.2.7 DoS (loop, 100% cpu) strHdrAcptLangGetItem() at errorpage.cc",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/03/11/7"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1839",
"datePublished": "2013-09-30T20:00:00Z",
"dateReserved": "2013-02-19T00:00:00Z",
"dateUpdated": "2024-08-06T15:13:33.008Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5643
Vulnerability from cvelistv5
Published
2012-12-20 11:00
Modified
2024-08-06 21:14
Severity ?
EPSS score ?
Summary
Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:14:15.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-2631",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2631"
},
{
"name": "RHSA-2013:0505",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0505.html"
},
{
"name": "MDVSA-2013:129",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:129"
},
{
"name": "1027890",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027890"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10479.patch"
},
{
"name": "SUSE-SU-2016:1996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "openSUSE-SU-2013:1443",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00032.html"
},
{
"name": "[oss-security] 20121217 Re: CVE Request -- SQUID-2012:1 / Squid: DoS (excessive resource consumption) via invalid Content-Length headers or via memory leaks",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2012/12/17/4"
},
{
"name": "52024",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52024"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11714.patch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2012_1.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=887962"
},
{
"name": "54839",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54839"
},
{
"name": "SUSE-SU-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "openSUSE-SU-2013:0162",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00052.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=447596"
},
{
"name": "openSUSE-SU-2013:0186",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00075.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0368"
},
{
"name": "openSUSE-SU-2013:1436",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00025.html"
},
{
"name": "USN-1713-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-1713-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "DSA-2631",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2631"
},
{
"name": "RHSA-2013:0505",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0505.html"
},
{
"name": "MDVSA-2013:129",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:129"
},
{
"name": "1027890",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027890"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10479.patch"
},
{
"name": "SUSE-SU-2016:1996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "openSUSE-SU-2013:1443",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00032.html"
},
{
"name": "[oss-security] 20121217 Re: CVE Request -- SQUID-2012:1 / Squid: DoS (excessive resource consumption) via invalid Content-Length headers or via memory leaks",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2012/12/17/4"
},
{
"name": "52024",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52024"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11714.patch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2012_1.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=887962"
},
{
"name": "54839",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54839"
},
{
"name": "SUSE-SU-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "openSUSE-SU-2013:0162",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00052.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=447596"
},
{
"name": "openSUSE-SU-2013:0186",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00075.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0368"
},
{
"name": "openSUSE-SU-2013:1436",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00025.html"
},
{
"name": "USN-1713-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-1713-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5643",
"datePublished": "2012-12-20T11:00:00",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:14:15.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-6270
Vulnerability from cvelistv5
Published
2014-09-12 14:00
Modified
2024-08-06 12:10
Severity ?
EPSS score ?
Summary
Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/95873 | vdb-entry, x_refsource_XF | |
| https://security.gentoo.org/glsa/201607-01 | vendor-advisory, x_refsource_GENTOO | |
| http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html | vendor-advisory, x_refsource_SUSE | |
| http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1139967 | x_refsource_CONFIRM | |
| http://seclists.org/oss-sec/2014/q3/542 | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html | vendor-advisory, x_refsource_SUSE | |
| https://bugzilla.novell.com/show_bug.cgi?id=895773 | x_refsource_CONFIRM | |
| http://seclists.org/oss-sec/2014/q3/550 | mailing-list, x_refsource_MLIST | |
| http://www.ubuntu.com/usn/USN-2921-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://www.securityfocus.com/bid/69686 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:10:13.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "squid-cve20146270-bo(95873)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95873"
},
{
"name": "GLSA-201607-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"name": "SUSE-SU-2016:1996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1139967"
},
{
"name": "[oss-security] 20140909 CVE-Request: squid snmp off-by-one",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/542"
},
{
"name": "SUSE-SU-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=895773"
},
{
"name": "[oss-security] 20140909 Re: CVE-Request: squid snmp off-by-one",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/550"
},
{
"name": "USN-2921-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2921-1"
},
{
"name": "69686",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69686"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "squid-cve20146270-bo(95873)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95873"
},
{
"name": "GLSA-201607-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"name": "SUSE-SU-2016:1996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1139967"
},
{
"name": "[oss-security] 20140909 CVE-Request: squid snmp off-by-one",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/542"
},
{
"name": "SUSE-SU-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=895773"
},
{
"name": "[oss-security] 20140909 Re: CVE-Request: squid snmp off-by-one",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/550"
},
{
"name": "USN-2921-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2921-1"
},
{
"name": "69686",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69686"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-6270",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "squid-cve20146270-bo(95873)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95873"
},
{
"name": "GLSA-201607-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"name": "SUSE-SU-2016:1996",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1139967",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1139967"
},
{
"name": "[oss-security] 20140909 CVE-Request: squid snmp off-by-one",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/542"
},
{
"name": "SUSE-SU-2016:2089",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=895773",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=895773"
},
{
"name": "[oss-security] 20140909 Re: CVE-Request: squid snmp off-by-one",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/550"
},
{
"name": "USN-2921-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2921-1"
},
{
"name": "69686",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69686"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-6270",
"datePublished": "2014-09-12T14:00:00",
"dateReserved": "2014-09-09T00:00:00",
"dateUpdated": "2024-08-06T12:10:13.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-46846
Vulnerability from cvelistv5
Published
2023-11-03 07:33
Modified
2025-01-27 07:40
Severity ?
EPSS score ?
Summary
SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 2.6 ≤ |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:21.849Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2023:6266",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6266"
},
{
"name": "RHSA-2023:6267",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6267"
},
{
"name": "RHSA-2023:6268",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6268"
},
{
"name": "RHSA-2023:6748",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6748"
},
{
"name": "RHSA-2023:6801",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6801"
},
{
"name": "RHSA-2023:6803",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6803"
},
{
"name": "RHSA-2023:6804",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6804"
},
{
"name": "RHSA-2023:6810",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6810"
},
{
"name": "RHSA-2023:7213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7213"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-46846"
},
{
"name": "RHBZ#2245910",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245910"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-j83v-w3p4-5cqh"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00008.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231130-0002/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46846",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-19T21:18:15.819621Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T14:31:21.611Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/squid-cache/squid",
"defaultStatus": "unaffected",
"packageName": "squid",
"versions": [
{
"lessThan": "6.4",
"status": "affected",
"version": "2.6",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"packageName": "squid",
"product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7:3.5.20-17.el7_9.13",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "squid:4",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8080020231030214932.63b34585",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "squid:4",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8090020231030224841.a75119d5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.1::appstream"
],
"defaultStatus": "affected",
"packageName": "squid:4",
"product": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8010020231101141358.c27ad7f8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.2::appstream",
"cpe:/a:redhat:rhel_aus:8.2::appstream",
"cpe:/a:redhat:rhel_e4s:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "squid:4",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8020020231101135052.4cda2c84",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.2::appstream",
"cpe:/a:redhat:rhel_aus:8.2::appstream",
"cpe:/a:redhat:rhel_e4s:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "squid:4",
"product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8020020231101135052.4cda2c84",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.2::appstream",
"cpe:/a:redhat:rhel_aus:8.2::appstream",
"cpe:/a:redhat:rhel_e4s:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "squid:4",
"product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8020020231101135052.4cda2c84",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.4::appstream",
"cpe:/a:redhat:rhel_e4s:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "squid:4",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8040020231101101624.522a0ee4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.4::appstream",
"cpe:/a:redhat:rhel_e4s:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "squid:4",
"product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8040020231101101624.522a0ee4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.4::appstream",
"cpe:/a:redhat:rhel_e4s:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "squid:4",
"product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8040020231101101624.522a0ee4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "squid:4",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8060020231031165747.ad008a3a",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "squid",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7:5.5-5.el9_2.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "squid",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7:5.5-6.el9_3.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "squid",
"product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7:5.2-1.el9_0.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "affected",
"packageName": "squid",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "affected",
"packageName": "squid34",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
}
],
"datePublic": "2023-10-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-444",
"description": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T07:40:08.286Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2023:6266",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6266"
},
{
"name": "RHSA-2023:6267",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6267"
},
{
"name": "RHSA-2023:6268",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6268"
},
{
"name": "RHSA-2023:6748",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6748"
},
{
"name": "RHSA-2023:6801",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6801"
},
{
"name": "RHSA-2023:6803",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6803"
},
{
"name": "RHSA-2023:6804",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6804"
},
{
"name": "RHSA-2023:6810",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6810"
},
{
"name": "RHSA-2023:7213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7213"
},
{
"name": "RHSA-2024:11049",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:11049"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-46846"
},
{
"name": "RHBZ#2245910",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245910"
},
{
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-j83v-w3p4-5cqh"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-24T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-10-19T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Squid: request/response smuggling in http/1.1 and icap",
"x_redhatCweChain": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-46846",
"datePublished": "2023-11-03T07:33:16.184Z",
"dateReserved": "2023-10-27T08:36:38.158Z",
"dateUpdated": "2025-01-27T07:40:08.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-18676
Vulnerability from cvelistv5
Published
2019-11-26 16:23
Modified
2024-08-05 01:54
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incorrect input validation, there is a heap-based buffer overflow that can result in Denial of Service to all clients using the proxy. Severity is high due to this vulnerability occurring before normal security checks; any remote client that can reach the proxy port can trivially perform the attack via a crafted URI scheme.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/squid-cache/squid/pull/275 | x_refsource_MISC | |
| http://www.squid-cache.org/Advisories/SQUID-2019_8.txt | x_refsource_CONFIRM | |
| https://bugzilla.suse.com/show_bug.cgi?id=1156329 | x_refsource_CONFIRM | |
| http://www.squid-cache.org/Versions/v4/changesets/squid-4-fbbdf75efd7a5cc244b4886a9d42ea458c5a3a73.patch | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/4213-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/ | vendor-advisory, x_refsource_FEDORA | |
| https://www.debian.org/security/2020/dsa-4682 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html | mailing-list, x_refsource_MLIST | |
| https://usn.ubuntu.com/4446-1/ | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:54:14.482Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/pull/275"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_8.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1156329"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-fbbdf75efd7a5cc244b4886a9d42ea458c5a3a73.patch"
},
{
"name": "USN-4213-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4213-1/"
},
{
"name": "FEDORA-2019-0b16cbdd0e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/"
},
{
"name": "FEDORA-2019-9538783033",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/"
},
{
"name": "DSA-4682",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"name": "USN-4446-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4446-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incorrect input validation, there is a heap-based buffer overflow that can result in Denial of Service to all clients using the proxy. Severity is high due to this vulnerability occurring before normal security checks; any remote client that can reach the proxy port can trivially perform the attack via a crafted URI scheme."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-05T19:06:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/squid-cache/squid/pull/275"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_8.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1156329"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-fbbdf75efd7a5cc244b4886a9d42ea458c5a3a73.patch"
},
{
"name": "USN-4213-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4213-1/"
},
{
"name": "FEDORA-2019-0b16cbdd0e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/"
},
{
"name": "FEDORA-2019-9538783033",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/"
},
{
"name": "DSA-4682",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"name": "USN-4446-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4446-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18676",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incorrect input validation, there is a heap-based buffer overflow that can result in Denial of Service to all clients using the proxy. Severity is high due to this vulnerability occurring before normal security checks; any remote client that can reach the proxy port can trivially perform the attack via a crafted URI scheme."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/squid-cache/squid/pull/275",
"refsource": "MISC",
"url": "https://github.com/squid-cache/squid/pull/275"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2019_8.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_8.txt"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1156329",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1156329"
},
{
"name": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-fbbdf75efd7a5cc244b4886a9d42ea458c5a3a73.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-fbbdf75efd7a5cc244b4886a9d42ea458c5a3a73.patch"
},
{
"name": "USN-4213-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4213-1/"
},
{
"name": "FEDORA-2019-0b16cbdd0e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/"
},
{
"name": "FEDORA-2019-9538783033",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/"
},
{
"name": "DSA-4682",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"name": "USN-4446-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4446-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18676",
"datePublished": "2019-11-26T16:23:49",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-05T01:54:14.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-15810
Vulnerability from cvelistv5
Published
2020-09-02 16:34
Modified
2024-08-04 13:30
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source. When configured for relaxed header parsing (the default), Squid relays headers containing whitespace characters to upstream servers. When this occurs as a prefix to a Content-Length header, the frame length specified will be ignored by Squid (allowing for a conflicting length to be used from another Content-Length header) but relayed upstream.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:30:21.842Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-3365-q9qx-f98m"
},
{
"name": "DSA-4751",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4751"
},
{
"name": "USN-4477-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4477-1/"
},
{
"name": "FEDORA-2020-73af8655eb",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/"
},
{
"name": "FEDORA-2020-63f3bd656e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMTFLVB7GLRF2CKGFPZ4G4R5DIIPHWI3/"
},
{
"name": "openSUSE-SU-2020:1346",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html"
},
{
"name": "openSUSE-SU-2020:1369",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html"
},
{
"name": "FEDORA-2020-6c58bff862",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2/"
},
{
"name": "USN-4551-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4551-1/"
},
{
"name": "[debian-lts-announce] 20201002 [SECURITY] [DLA 2394-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210219-0007/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210226-0007/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210226-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source. When configured for relaxed header parsing (the default), Squid relays headers containing whitespace characters to upstream servers. When this occurs as a prefix to a Content-Length header, the frame length specified will be ignored by Squid (allowing for a conflicting length to be used from another Content-Length header) but relayed upstream."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-26T08:06:39",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-3365-q9qx-f98m"
},
{
"name": "DSA-4751",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4751"
},
{
"name": "USN-4477-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4477-1/"
},
{
"name": "FEDORA-2020-73af8655eb",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/"
},
{
"name": "FEDORA-2020-63f3bd656e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMTFLVB7GLRF2CKGFPZ4G4R5DIIPHWI3/"
},
{
"name": "openSUSE-SU-2020:1346",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html"
},
{
"name": "openSUSE-SU-2020:1369",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html"
},
{
"name": "FEDORA-2020-6c58bff862",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2/"
},
{
"name": "USN-4551-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4551-1/"
},
{
"name": "[debian-lts-announce] 20201002 [SECURITY] [DLA 2394-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210219-0007/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210226-0007/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210226-0006/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15810",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source. When configured for relaxed header parsing (the default), Squid relays headers containing whitespace characters to upstream servers. When this occurs as a prefix to a Content-Length header, the frame length specified will be ignored by Squid (allowing for a conflicting length to be used from another Content-Length header) but relayed upstream."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/squid-cache/squid/security/advisories/GHSA-3365-q9qx-f98m",
"refsource": "MISC",
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-3365-q9qx-f98m"
},
{
"name": "DSA-4751",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4751"
},
{
"name": "USN-4477-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4477-1/"
},
{
"name": "FEDORA-2020-73af8655eb",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/"
},
{
"name": "FEDORA-2020-63f3bd656e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BMTFLVB7GLRF2CKGFPZ4G4R5DIIPHWI3/"
},
{
"name": "openSUSE-SU-2020:1346",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html"
},
{
"name": "openSUSE-SU-2020:1369",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html"
},
{
"name": "FEDORA-2020-6c58bff862",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2/"
},
{
"name": "USN-4551-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4551-1/"
},
{
"name": "[debian-lts-announce] 20201002 [SECURITY] [DLA 2394-1] squid3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210219-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210219-0007/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210226-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210226-0007/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210226-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210226-0006/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15810",
"datePublished": "2020-09-02T16:34:04",
"dateReserved": "2020-07-17T00:00:00",
"dateUpdated": "2024-08-04T13:30:21.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-28651
Vulnerability from cvelistv5
Published
2021-05-27 00:00
Modified
2024-08-03 21:47
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can easily trigger a large amount of memory consumption.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:47:32.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugs.squid-cache.org/show_bug.cgi?id=5104"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-ch36-9jhx-phm4"
},
{
"name": "DSA-4924",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4924"
},
{
"name": "FEDORA-2021-c0bec55ec7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/"
},
{
"name": "FEDORA-2021-24af72ff2c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/"
},
{
"name": "[debian-lts-announce] 20210614 [SECURITY] [DLA 2685-1] squid3 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210716-0007/"
},
{
"name": "[oss-security] 20231011 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/11/3"
},
{
"name": "20231016 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can easily trigger a large amount of memory consumption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-17T04:06:23.574133",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugs.squid-cache.org/show_bug.cgi?id=5104"
},
{
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-ch36-9jhx-phm4"
},
{
"name": "DSA-4924",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4924"
},
{
"name": "FEDORA-2021-c0bec55ec7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/"
},
{
"name": "FEDORA-2021-24af72ff2c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/"
},
{
"name": "[debian-lts-announce] 20210614 [SECURITY] [DLA 2685-1] squid3 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20210716-0007/"
},
{
"name": "[oss-security] 20231011 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/11/3"
},
{
"name": "20231016 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-28651",
"datePublished": "2021-05-27T00:00:00",
"dateReserved": "2021-03-17T00:00:00",
"dateUpdated": "2024-08-03T21:47:32.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4054
Vulnerability from cvelistv5
Published
2016-04-25 14:00
Modified
2024-08-06 00:17
Severity ?
EPSS score ?
Summary
Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:17:30.010Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_6.txt"
},
{
"name": "GLSA-201607-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "SUSE-SU-2016:1996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "[oss-security] 20160421 CVE Request: Squid HTTP Caching Proxy multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/6"
},
{
"name": "USN-2995-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2995-1"
},
{
"name": "RHSA-2016:1140",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1140"
},
{
"name": "openSUSE-SU-2016:2081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"name": "RHSA-2016:1138",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1138"
},
{
"name": "RHSA-2016:1139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1139"
},
{
"name": "SUSE-SU-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "[oss-security] 20160420 Re: CVE Request: Squid HTTP Caching Proxy multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/9"
},
{
"name": "1035647",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035647"
},
{
"name": "DSA-3625",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3625"
},
{
"name": "86788",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/86788"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-28T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_6.txt"
},
{
"name": "GLSA-201607-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "SUSE-SU-2016:1996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "[oss-security] 20160421 CVE Request: Squid HTTP Caching Proxy multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/6"
},
{
"name": "USN-2995-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2995-1"
},
{
"name": "RHSA-2016:1140",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1140"
},
{
"name": "openSUSE-SU-2016:2081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"name": "RHSA-2016:1138",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1138"
},
{
"name": "RHSA-2016:1139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1139"
},
{
"name": "SUSE-SU-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "[oss-security] 20160420 Re: CVE Request: Squid HTTP Caching Proxy multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/9"
},
{
"name": "1035647",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035647"
},
{
"name": "DSA-3625",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3625"
},
{
"name": "86788",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/86788"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2016_6.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_6.txt"
},
{
"name": "GLSA-201607-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "SUSE-SU-2016:1996",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "[oss-security] 20160421 CVE Request: Squid HTTP Caching Proxy multiple issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/6"
},
{
"name": "USN-2995-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2995-1"
},
{
"name": "RHSA-2016:1140",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1140"
},
{
"name": "openSUSE-SU-2016:2081",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"name": "RHSA-2016:1138",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1138"
},
{
"name": "RHSA-2016:1139",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1139"
},
{
"name": "SUSE-SU-2016:2089",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "[oss-security] 20160420 Re: CVE Request: Squid HTTP Caching Proxy multiple issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/9"
},
{
"name": "1035647",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035647"
},
{
"name": "DSA-3625",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3625"
},
{
"name": "86788",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/86788"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4054",
"datePublished": "2016-04-25T14:00:00",
"dateReserved": "2016-04-20T00:00:00",
"dateUpdated": "2024-08-06T00:17:30.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-25097
Vulnerability from cvelistv5
Published
2021-03-19 04:08
Modified
2024-08-04 15:26
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:26:09.610Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-jvf6-h9gj-pmj6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_11.patch"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v5/changesets/SQUID-2020_11.patch"
},
{
"name": "DSA-4873",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4873"
},
{
"name": "FEDORA-2021-ecb24e0b9d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJMDRVV677AJL4BZAOLCT5LMFCGBZTC2/"
},
{
"name": "FEDORA-2021-7d86bec29e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FBXFWKIGXPERDVQXG556LLPUOCMQGERC/"
},
{
"name": "FEDORA-2021-76f09062a7",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3RYBDMJCPYGOSURWDR3WJTE474UFT77/"
},
{
"name": "GLSA-202105-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202105-14"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210727-0010/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-27T15:06:31",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-jvf6-h9gj-pmj6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_11.patch"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Versions/v5/changesets/SQUID-2020_11.patch"
},
{
"name": "DSA-4873",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4873"
},
{
"name": "FEDORA-2021-ecb24e0b9d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJMDRVV677AJL4BZAOLCT5LMFCGBZTC2/"
},
{
"name": "FEDORA-2021-7d86bec29e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FBXFWKIGXPERDVQXG556LLPUOCMQGERC/"
},
{
"name": "FEDORA-2021-76f09062a7",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3RYBDMJCPYGOSURWDR3WJTE474UFT77/"
},
{
"name": "GLSA-202105-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202105-14"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210727-0010/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-25097",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/squid-cache/squid/security/advisories/GHSA-jvf6-h9gj-pmj6",
"refsource": "MISC",
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-jvf6-h9gj-pmj6"
},
{
"name": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_11.patch",
"refsource": "MISC",
"url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_11.patch"
},
{
"name": "http://www.squid-cache.org/Versions/v5/changesets/SQUID-2020_11.patch",
"refsource": "MISC",
"url": "http://www.squid-cache.org/Versions/v5/changesets/SQUID-2020_11.patch"
},
{
"name": "DSA-4873",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4873"
},
{
"name": "FEDORA-2021-ecb24e0b9d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DJMDRVV677AJL4BZAOLCT5LMFCGBZTC2/"
},
{
"name": "FEDORA-2021-7d86bec29e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FBXFWKIGXPERDVQXG556LLPUOCMQGERC/"
},
{
"name": "FEDORA-2021-76f09062a7",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O3RYBDMJCPYGOSURWDR3WJTE474UFT77/"
},
{
"name": "GLSA-202105-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202105-14"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210727-0010/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210727-0010/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-25097",
"datePublished": "2021-03-19T04:08:54",
"dateReserved": "2020-09-03T00:00:00",
"dateUpdated": "2024-08-04T15:26:09.610Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-25617
Vulnerability from cvelistv5
Published
2024-02-14 20:55
Modified
2025-02-13 17:40
Severity ?
EPSS score ?
Summary
Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to perform Denial of Service when sending oversized headers in HTTP messages. In versions of Squid prior to 6.5 this can be achieved if the request_header_max_size or reply_header_max_size settings are unchanged from the default. In Squid version 6.5 and later, the default setting of these parameters is safe. Squid will emit a critical warning in cache.log if the administrator is setting these parameters to unsafe values. Squid will not at this time prevent these settings from being changed to unsafe values. Users are advised to upgrade to version 6.5. There are no known workarounds for this vulnerability. This issue is also tracked as SQUID-2024:2
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| squid-cache | squid |
Version: < 6.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:44:09.683Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/squid-cache/squid/security/advisories/GHSA-h5x6-w8mv-xfpr",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-h5x6-w8mv-xfpr"
},
{
"name": "https://github.com/squid-cache/squid/commit/72a3bbd5e431597c3fdb56d752bc56b010ba3817",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/commit/72a3bbd5e431597c3fdb56d752bc56b010ba3817"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240322-0006/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "squid",
"vendor": "squid-cache",
"versions": [
{
"lessThan": "6.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25617",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-16T18:04:53.172761Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T18:06:08.382Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "squid",
"vendor": "squid-cache",
"versions": [
{
"status": "affected",
"version": "\u003c 6.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to perform Denial of Service when sending oversized headers in HTTP messages. In versions of Squid prior to 6.5 this can be achieved if the request_header_max_size or reply_header_max_size settings are unchanged from the default. In Squid version 6.5 and later, the default setting of these parameters is safe. Squid will emit a critical warning in cache.log if the administrator is setting these parameters to unsafe values. Squid will not at this time prevent these settings from being changed to unsafe values. Users are advised to upgrade to version 6.5. There are no known workarounds for this vulnerability. This issue is also tracked as SQUID-2024:2"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-182",
"description": "CWE-182: Collapse of Data into Unsafe Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-22T19:06:02.563Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/squid-cache/squid/security/advisories/GHSA-h5x6-w8mv-xfpr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-h5x6-w8mv-xfpr"
},
{
"name": "https://github.com/squid-cache/squid/commit/72a3bbd5e431597c3fdb56d752bc56b010ba3817",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/squid-cache/squid/commit/72a3bbd5e431597c3fdb56d752bc56b010ba3817"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240322-0006/"
}
],
"source": {
"advisory": "GHSA-h5x6-w8mv-xfpr",
"discovery": "UNKNOWN"
},
"title": "Denial of Service in HTTP Header parser in squid proxy"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-25617",
"datePublished": "2024-02-14T20:55:52.004Z",
"dateReserved": "2024-02-08T22:26:33.510Z",
"dateUpdated": "2025-02-13T17:40:50.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-19131
Vulnerability from cvelistv5
Published
2018-11-09 11:00
Modified
2024-09-16 18:33
Severity ?
EPSS score ?
Summary
Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.squid-cache.org/Versions/v5/changesets/squid-5-6feeb15ff312f3e145763adf8d234ed6a0b3f11d.patch | x_refsource_MISC | |
| http://www.squid-cache.org/Advisories/SQUID-2018_4.txt | x_refsource_MISC | |
| https://github.com/squid-cache/squid/pull/306 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:30:04.024Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v5/changesets/squid-5-6feeb15ff312f3e145763adf8d234ed6a0b3f11d.patch"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2018_4.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/pull/306"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-09T11:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Versions/v5/changesets/squid-5-6feeb15ff312f3e145763adf8d234ed6a0b3f11d.patch"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2018_4.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/squid-cache/squid/pull/306"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19131",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Versions/v5/changesets/squid-5-6feeb15ff312f3e145763adf8d234ed6a0b3f11d.patch",
"refsource": "MISC",
"url": "http://www.squid-cache.org/Versions/v5/changesets/squid-5-6feeb15ff312f3e145763adf8d234ed6a0b3f11d.patch"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2018_4.txt",
"refsource": "MISC",
"url": "http://www.squid-cache.org/Advisories/SQUID-2018_4.txt"
},
{
"name": "https://github.com/squid-cache/squid/pull/306",
"refsource": "MISC",
"url": "https://github.com/squid-cache/squid/pull/306"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19131",
"datePublished": "2018-11-09T11:00:00Z",
"dateReserved": "2018-11-09T00:00:00Z",
"dateUpdated": "2024-09-16T18:33:29.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-18860
Vulnerability from cvelistv5
Published
2020-03-20 20:32
Modified
2024-08-05 02:02
Severity ?
EPSS score ?
Summary
Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/squid-cache/squid/pull/504 | x_refsource_CONFIRM | |
| https://github.com/squid-cache/squid/pull/505 | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html | vendor-advisory, x_refsource_SUSE | |
| https://usn.ubuntu.com/4356-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html | mailing-list, x_refsource_MLIST | |
| https://www.debian.org/security/2020/dsa-4732 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.914Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/pull/504"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/pull/505"
},
{
"name": "openSUSE-SU-2020:0623",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html"
},
{
"name": "USN-4356-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4356-1/"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"name": "DSA-4732",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4732"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-22T14:06:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/squid-cache/squid/pull/504"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/squid-cache/squid/pull/505"
},
{
"name": "openSUSE-SU-2020:0623",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html"
},
{
"name": "USN-4356-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4356-1/"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"name": "DSA-4732",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4732"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18860",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/squid-cache/squid/pull/504",
"refsource": "CONFIRM",
"url": "https://github.com/squid-cache/squid/pull/504"
},
{
"name": "https://github.com/squid-cache/squid/pull/505",
"refsource": "MISC",
"url": "https://github.com/squid-cache/squid/pull/505"
},
{
"name": "openSUSE-SU-2020:0623",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html"
},
{
"name": "USN-4356-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4356-1/"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"name": "DSA-4732",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4732"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18860",
"datePublished": "2020-03-20T20:32:16",
"dateReserved": "2019-11-11T00:00:00",
"dateUpdated": "2024-08-05T02:02:39.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2621
Vulnerability from cvelistv5
Published
2009-07-28 17:00
Modified
2024-08-07 05:59
Severity ?
EPSS score ?
Summary
Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce "buffer limits and related bound checks," which allows remote attackers to cause a denial of service via (1) an incomplete request or (2) a request with a large header size, related to (a) HttpMsg.cc and (b) client_side.cc.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.squid-cache.org/Versions/v3/3.1/changesets/b9654.patch | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id?1022607 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/35812 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2009/2013 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/36007 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.squid-cache.org/Advisories/SQUID-2009_2.txt | x_refsource_CONFIRM | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2009:161 | vendor-advisory, x_refsource_MANDRIVA | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2009:178 | vendor-advisory, x_refsource_MANDRIVA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:59:55.743Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/b9654.patch"
},
{
"name": "1022607",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022607"
},
{
"name": "35812",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35812"
},
{
"name": "ADV-2009-2013",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2013"
},
{
"name": "36007",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36007"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2009_2.txt"
},
{
"name": "MDVSA-2009:161",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:161"
},
{
"name": "MDVSA-2009:178",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:178"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce \"buffer limits and related bound checks,\" which allows remote attackers to cause a denial of service via (1) an incomplete request or (2) a request with a large header size, related to (a) HttpMsg.cc and (b) client_side.cc."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-08-07T09:00:00",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/b9654.patch"
},
{
"name": "1022607",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022607"
},
{
"name": "35812",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35812"
},
{
"name": "ADV-2009-2013",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2013"
},
{
"name": "36007",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36007"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2009_2.txt"
},
{
"name": "MDVSA-2009:161",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:161"
},
{
"name": "MDVSA-2009:178",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:178"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2009-2621",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce \"buffer limits and related bound checks,\" which allows remote attackers to cause a denial of service via (1) an incomplete request or (2) a request with a large header size, related to (a) HttpMsg.cc and (b) client_side.cc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Versions/v3/3.1/changesets/b9654.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/b9654.patch"
},
{
"name": "1022607",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022607"
},
{
"name": "35812",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35812"
},
{
"name": "ADV-2009-2013",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2013"
},
{
"name": "36007",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36007"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2009_2.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2009_2.txt"
},
{
"name": "MDVSA-2009:161",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:161"
},
{
"name": "MDVSA-2009:178",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:178"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2009-2621",
"datePublished": "2009-07-28T17:00:00",
"dateReserved": "2009-07-28T00:00:00",
"dateUpdated": "2024-08-07T05:59:55.743Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-46847
Vulnerability from cvelistv5
Published
2023-11-03 07:58
Modified
2024-11-23 02:54
Severity ?
EPSS score ?
Summary
Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 3.2.0.1 < 6.4 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:21.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2023:6266",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6266"
},
{
"name": "RHSA-2023:6267",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6267"
},
{
"name": "RHSA-2023:6268",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6268"
},
{
"name": "RHSA-2023:6748",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6748"
},
{
"name": "RHSA-2023:6801",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6801"
},
{
"name": "RHSA-2023:6803",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6803"
},
{
"name": "RHSA-2023:6804",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6804"
},
{
"name": "RHSA-2023:6805",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6805"
},
{
"name": "RHSA-2023:6810",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6810"
},
{
"name": "RHSA-2023:6882",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6882"
},
{
"name": "RHSA-2023:6884",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6884"
},
{
"name": "RHSA-2023:7213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7213"
},
{
"name": "RHSA-2023:7576",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7576"
},
{
"name": "RHSA-2023:7578",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7578"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-46847"
},
{
"name": "RHBZ#2245916",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245916"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231130-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/squid-cache/squid",
"defaultStatus": "unaffected",
"packageName": "squid",
"versions": [
{
"lessThan": "6.4",
"status": "affected",
"version": "3.2.0.1",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:6"
],
"defaultStatus": "affected",
"packageName": "squid34",
"product": "Red Hat Enterprise Linux 6 Extended Lifecycle Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7:3.4.14-15.el6_10.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:6"
],
"defaultStatus": "affected",
"packageName": "squid",
"product": "Red Hat Enterprise Linux 6 Extended Lifecycle Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7:3.1.23-24.el6_10.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7::server",
"cpe:/o:redhat:enterprise_linux:7::workstation"
],
"defaultStatus": "affected",
"packageName": "squid",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7:3.5.20-17.el7_9.9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_aus:7.6::server"
],
"defaultStatus": "affected",
"packageName": "squid",
"product": "Red Hat Enterprise Linux 7.6 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7:3.5.20-12.el7_6.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_aus:7.7::server"
],
"defaultStatus": "affected",
"packageName": "squid",
"product": "Red Hat Enterprise Linux 7.7 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7:3.5.20-13.el7_7.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "squid:4",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8080020231030214932.63b34585",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "squid:4",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8090020231030224841.a75119d5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.1::appstream"
],
"defaultStatus": "affected",
"packageName": "squid:4",
"product": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8010020231101141358.c27ad7f8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.2::appstream",
"cpe:/a:redhat:rhel_tus:8.2::appstream",
"cpe:/a:redhat:rhel_aus:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "squid:4",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8020020231101135052.4cda2c84",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.2::appstream",
"cpe:/a:redhat:rhel_tus:8.2::appstream",
"cpe:/a:redhat:rhel_aus:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "squid:4",
"product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8020020231101135052.4cda2c84",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.2::appstream",
"cpe:/a:redhat:rhel_tus:8.2::appstream",
"cpe:/a:redhat:rhel_aus:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "squid:4",
"product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8020020231101135052.4cda2c84",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "squid:4",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8040020231101101624.522a0ee4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "squid:4",
"product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8040020231101101624.522a0ee4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "squid:4",
"product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8040020231101101624.522a0ee4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "squid:4",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8060020231031165747.ad008a3a",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "squid",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7:5.5-5.el9_2.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "squid",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7:5.5-6.el9_3.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "squid",
"product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7:5.2-1.el9_0.3",
"versionType": "rpm"
}
]
}
],
"datePublic": "2023-10-19T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Critical"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-23T02:54:24.031Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2023:6266",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6266"
},
{
"name": "RHSA-2023:6267",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6267"
},
{
"name": "RHSA-2023:6268",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6268"
},
{
"name": "RHSA-2023:6748",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6748"
},
{
"name": "RHSA-2023:6801",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6801"
},
{
"name": "RHSA-2023:6803",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6803"
},
{
"name": "RHSA-2023:6804",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6804"
},
{
"name": "RHSA-2023:6805",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6805"
},
{
"name": "RHSA-2023:6810",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6810"
},
{
"name": "RHSA-2023:6882",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6882"
},
{
"name": "RHSA-2023:6884",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6884"
},
{
"name": "RHSA-2023:7213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7213"
},
{
"name": "RHSA-2023:7576",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7576"
},
{
"name": "RHSA-2023:7578",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7578"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-46847"
},
{
"name": "RHBZ#2245916",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245916"
},
{
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-24T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-10-19T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Squid: denial of service in http digest authentication",
"x_redhatCweChain": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-46847",
"datePublished": "2023-11-03T07:58:05.641Z",
"dateReserved": "2023-10-27T08:36:38.158Z",
"dateUpdated": "2024-11-23T02:54:24.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-15049
Vulnerability from cvelistv5
Published
2020-06-30 17:55
Modified
2024-08-04 13:08
Severity ?
EPSS score ?
Summary
An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an uncommon shell whitespace character prefix to the length field-value.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:08:21.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-ea12a34d338b962707d5078d6d1fc7c6eb119a22.patch"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v5/changesets/squid-5-485c9a7bb1bba88754e07ad0094647ea57a6eb8d.patch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-qf3v-rc95-96j5"
},
{
"name": "FEDORA-2020-cbebc5617e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3RG5FGSTCAYVIJPJHIY3MRZ7NFT6HDO7/"
},
{
"name": "DSA-4732",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4732"
},
{
"name": "openSUSE-SU-2020:1346",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html"
},
{
"name": "openSUSE-SU-2020:1369",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html"
},
{
"name": "USN-4551-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4551-1/"
},
{
"name": "[debian-lts-announce] 20201002 [SECURITY] [DLA 2394-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210312-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing \"+\\ \"-\" or an uncommon shell whitespace character prefix to the length field-value."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-12T12:06:30",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-ea12a34d338b962707d5078d6d1fc7c6eb119a22.patch"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Versions/v5/changesets/squid-5-485c9a7bb1bba88754e07ad0094647ea57a6eb8d.patch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-qf3v-rc95-96j5"
},
{
"name": "FEDORA-2020-cbebc5617e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3RG5FGSTCAYVIJPJHIY3MRZ7NFT6HDO7/"
},
{
"name": "DSA-4732",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4732"
},
{
"name": "openSUSE-SU-2020:1346",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html"
},
{
"name": "openSUSE-SU-2020:1369",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html"
},
{
"name": "USN-4551-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4551-1/"
},
{
"name": "[debian-lts-announce] 20201002 [SECURITY] [DLA 2394-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210312-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15049",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing \"+\\ \"-\" or an uncommon shell whitespace character prefix to the length field-value."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-ea12a34d338b962707d5078d6d1fc7c6eb119a22.patch",
"refsource": "MISC",
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-ea12a34d338b962707d5078d6d1fc7c6eb119a22.patch"
},
{
"name": "http://www.squid-cache.org/Versions/v5/changesets/squid-5-485c9a7bb1bba88754e07ad0094647ea57a6eb8d.patch",
"refsource": "MISC",
"url": "http://www.squid-cache.org/Versions/v5/changesets/squid-5-485c9a7bb1bba88754e07ad0094647ea57a6eb8d.patch"
},
{
"name": "https://github.com/squid-cache/squid/security/advisories/GHSA-qf3v-rc95-96j5",
"refsource": "CONFIRM",
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-qf3v-rc95-96j5"
},
{
"name": "FEDORA-2020-cbebc5617e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3RG5FGSTCAYVIJPJHIY3MRZ7NFT6HDO7/"
},
{
"name": "DSA-4732",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4732"
},
{
"name": "openSUSE-SU-2020:1346",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html"
},
{
"name": "openSUSE-SU-2020:1369",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html"
},
{
"name": "USN-4551-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4551-1/"
},
{
"name": "[debian-lts-announce] 20201002 [SECURITY] [DLA 2394-1] squid3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210312-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210312-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15049",
"datePublished": "2020-06-30T17:55:55",
"dateReserved": "2020-06-25T00:00:00",
"dateUpdated": "2024-08-04T13:08:21.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-13345
Vulnerability from cvelistv5
Published
2019-07-05 15:45
Modified
2024-08-04 23:49
Severity ?
EPSS score ?
Summary
The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/pull/429"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.squid-cache.org/show_bug.cgi?id=4957"
},
{
"name": "[debian-lts-announce] 20190707 [SECURITY] [DLA 1847-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00006.html"
},
{
"name": "USN-4059-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4059-1/"
},
{
"name": "USN-4059-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4059-2/"
},
{
"name": "109095",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/109095"
},
{
"name": "FEDORA-2019-c1e06901bc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X2ERPHSPUGOYVVRPQRASQBFGS2EJISFC/"
},
{
"name": "FEDORA-2019-cb50bcc189",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/"
},
{
"name": "openSUSE-SU-2019:1963",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00067.html"
},
{
"name": "DSA-4507",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4507"
},
{
"name": "20190825 [SECURITY] [DSA 4507-1] squid security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/42"
},
{
"name": "RHSA-2019:3476",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3476"
},
{
"name": "openSUSE-SU-2019:2540",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html"
},
{
"name": "openSUSE-SU-2019:2541",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-10T23:06:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/squid-cache/squid/pull/429"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.squid-cache.org/show_bug.cgi?id=4957"
},
{
"name": "[debian-lts-announce] 20190707 [SECURITY] [DLA 1847-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00006.html"
},
{
"name": "USN-4059-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4059-1/"
},
{
"name": "USN-4059-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4059-2/"
},
{
"name": "109095",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/109095"
},
{
"name": "FEDORA-2019-c1e06901bc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X2ERPHSPUGOYVVRPQRASQBFGS2EJISFC/"
},
{
"name": "FEDORA-2019-cb50bcc189",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/"
},
{
"name": "openSUSE-SU-2019:1963",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00067.html"
},
{
"name": "DSA-4507",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4507"
},
{
"name": "20190825 [SECURITY] [DSA 4507-1] squid security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/42"
},
{
"name": "RHSA-2019:3476",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3476"
},
{
"name": "openSUSE-SU-2019:2540",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html"
},
{
"name": "openSUSE-SU-2019:2541",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13345",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/squid-cache/squid/pull/429",
"refsource": "MISC",
"url": "https://github.com/squid-cache/squid/pull/429"
},
{
"name": "https://bugs.squid-cache.org/show_bug.cgi?id=4957",
"refsource": "MISC",
"url": "https://bugs.squid-cache.org/show_bug.cgi?id=4957"
},
{
"name": "[debian-lts-announce] 20190707 [SECURITY] [DLA 1847-1] squid3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00006.html"
},
{
"name": "USN-4059-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4059-1/"
},
{
"name": "USN-4059-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4059-2/"
},
{
"name": "109095",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/109095"
},
{
"name": "FEDORA-2019-c1e06901bc",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X2ERPHSPUGOYVVRPQRASQBFGS2EJISFC/"
},
{
"name": "FEDORA-2019-cb50bcc189",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/"
},
{
"name": "openSUSE-SU-2019:1963",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00067.html"
},
{
"name": "DSA-4507",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4507"
},
{
"name": "20190825 [SECURITY] [DSA 4507-1] squid security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/42"
},
{
"name": "RHSA-2019:3476",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3476"
},
{
"name": "openSUSE-SU-2019:2540",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html"
},
{
"name": "openSUSE-SU-2019:2541",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13345",
"datePublished": "2019-07-05T15:45:45",
"dateReserved": "2019-07-05T00:00:00",
"dateUpdated": "2024-08-04T23:49:24.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3072
Vulnerability from cvelistv5
Published
2010-09-20 20:00
Modified
2024-08-07 02:55
Severity ?
EPSS score ?
Summary
The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:55:46.853Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2010-14236",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047820.html"
},
{
"name": "[oss-security] 20100905 CVE Request -- Squid -- Denial of service due internal error in string handling (SQUID-2010:3)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/05/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=630444"
},
{
"name": "FEDORA-2010-14222",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047787.html"
},
{
"name": "41298",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41298"
},
{
"name": "ADV-2010-2433",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2433"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2010_3.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9189.patch"
},
{
"name": "41477",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41477"
},
{
"name": "DSA-2111",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2111"
},
{
"name": "42982",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/42982"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10090.patch"
},
{
"name": "41534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41534"
},
{
"name": "SUSE-SR:2010:019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
},
{
"name": "[oss-security] 20100907 Re: CVE Request -- Squid -- Denial of service due internal error in string handling (SQUID-2010:3)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/07/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-09-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-09-28T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2010-14236",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047820.html"
},
{
"name": "[oss-security] 20100905 CVE Request -- Squid -- Denial of service due internal error in string handling (SQUID-2010:3)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/05/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=630444"
},
{
"name": "FEDORA-2010-14222",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047787.html"
},
{
"name": "41298",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41298"
},
{
"name": "ADV-2010-2433",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2433"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2010_3.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9189.patch"
},
{
"name": "41477",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41477"
},
{
"name": "DSA-2111",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2111"
},
{
"name": "42982",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/42982"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10090.patch"
},
{
"name": "41534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41534"
},
{
"name": "SUSE-SR:2010:019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
},
{
"name": "[oss-security] 20100907 Re: CVE Request -- Squid -- Denial of service due internal error in string handling (SQUID-2010:3)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/07/7"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-3072",
"datePublished": "2010-09-20T20:00:00",
"dateReserved": "2010-08-20T00:00:00",
"dateUpdated": "2024-08-07T02:55:46.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-12519
Vulnerability from cvelistv5
Published
2020-04-15 19:20
Modified
2024-08-04 23:24
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won't overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12519.txt | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2020/04/23/1 | mailing-list, x_refsource_MLIST | |
| https://www.debian.org/security/2020/dsa-4682 | vendor-advisory, x_refsource_DEBIAN | |
| http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html | vendor-advisory, x_refsource_SUSE | |
| https://security.gentoo.org/glsa/202005-05 | vendor-advisory, x_refsource_GENTOO | |
| https://usn.ubuntu.com/4356-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20210205-0006/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:24:37.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12519.txt"
},
{
"name": "[oss-security] 20200423 [ADVISORY] SQUID-2019:12 Multiple issues in ESI Response processing",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/04/23/1"
},
{
"name": "DSA-4682",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"name": "openSUSE-SU-2020:0623",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html"
},
{
"name": "GLSA-202005-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202005-05"
},
{
"name": "USN-4356-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4356-1/"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210205-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it\u0027s being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won\u0027t overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-05T11:06:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12519.txt"
},
{
"name": "[oss-security] 20200423 [ADVISORY] SQUID-2019:12 Multiple issues in ESI Response processing",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/04/23/1"
},
{
"name": "DSA-4682",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"name": "openSUSE-SU-2020:0623",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html"
},
{
"name": "GLSA-202005-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202005-05"
},
{
"name": "USN-4356-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4356-1/"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210205-0006/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it\u0027s being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won\u0027t overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12519.txt",
"refsource": "MISC",
"url": "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12519.txt"
},
{
"name": "[oss-security] 20200423 [ADVISORY] SQUID-2019:12 Multiple issues in ESI Response processing",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/04/23/1"
},
{
"name": "DSA-4682",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"name": "openSUSE-SU-2020:0623",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html"
},
{
"name": "GLSA-202005-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202005-05"
},
{
"name": "USN-4356-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4356-1/"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210205-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210205-0006/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12519",
"datePublished": "2020-04-15T19:20:41",
"dateReserved": "2019-06-02T00:00:00",
"dateUpdated": "2024-08-04T23:24:37.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-12528
Vulnerability from cvelistv5
Published
2020-02-04 20:07
Modified
2024-08-04 23:24
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:24:38.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2020_2.txt"
},
{
"name": "USN-4289-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4289-1/"
},
{
"name": "openSUSE-SU-2020:0307",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html"
},
{
"name": "GLSA-202003-34",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-34"
},
{
"name": "FEDORA-2020-ab8e7463ab",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/"
},
{
"name": "FEDORA-2020-790296a8f4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/"
},
{
"name": "openSUSE-SU-2020:0606",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html"
},
{
"name": "DSA-4682",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"name": "openSUSE-SU-2020:0623",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users\u0027 sessions or non-Squid processes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-10T23:06:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2020_2.txt"
},
{
"name": "USN-4289-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4289-1/"
},
{
"name": "openSUSE-SU-2020:0307",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html"
},
{
"name": "GLSA-202003-34",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-34"
},
{
"name": "FEDORA-2020-ab8e7463ab",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/"
},
{
"name": "FEDORA-2020-790296a8f4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/"
},
{
"name": "openSUSE-SU-2020:0606",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html"
},
{
"name": "DSA-4682",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"name": "openSUSE-SU-2020:0623",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12528",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users\u0027 sessions or non-Squid processes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2020_2.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2020_2.txt"
},
{
"name": "USN-4289-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4289-1/"
},
{
"name": "openSUSE-SU-2020:0307",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html"
},
{
"name": "GLSA-202003-34",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-34"
},
{
"name": "FEDORA-2020-ab8e7463ab",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/"
},
{
"name": "FEDORA-2020-790296a8f4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/"
},
{
"name": "openSUSE-SU-2020:0606",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html"
},
{
"name": "DSA-4682",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"name": "openSUSE-SU-2020:0623",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12528",
"datePublished": "2020-02-04T20:07:15",
"dateReserved": "2019-06-02T00:00:00",
"dateUpdated": "2024-08-04T23:24:38.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-41611
Vulnerability from cvelistv5
Published
2021-10-18 08:56
Modified
2024-08-04 03:15
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem allows a remote server to obtain security trust well improperly. This indication of trust may be passed along to clients, allowing access to unsafe or hijacked services.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.squid-cache.org/Versions/v6/changesets/squid-6-43d6b5c81b88ec2256b430c69a872a1e4f324e4a.patch | x_refsource_MISC | |
| https://github.com/squid-cache/squid/security/advisories/GHSA-47m4-g3mv-9q5r | x_refsource_CONFIRM | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CWQ2WKDWTSO47S3F6XJJ6HGG2ULWEAE4/ | vendor-advisory, x_refsource_FEDORA | |
| http://www.openwall.com/lists/oss-security/2021/12/23/2 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:15:29.048Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v6/changesets/squid-6-43d6b5c81b88ec2256b430c69a872a1e4f324e4a.patch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-47m4-g3mv-9q5r"
},
{
"name": "FEDORA-2021-15d2f70a07",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CWQ2WKDWTSO47S3F6XJJ6HGG2ULWEAE4/"
},
{
"name": "[oss-security] 20211223 CVE-2021-44273: e2guardian did not validate TLS hostnames",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/23/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem allows a remote server to obtain security trust well improperly. This indication of trust may be passed along to clients, allowing access to unsafe or hijacked services."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-23T21:06:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Versions/v6/changesets/squid-6-43d6b5c81b88ec2256b430c69a872a1e4f324e4a.patch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-47m4-g3mv-9q5r"
},
{
"name": "FEDORA-2021-15d2f70a07",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CWQ2WKDWTSO47S3F6XJJ6HGG2ULWEAE4/"
},
{
"name": "[oss-security] 20211223 CVE-2021-44273: e2guardian did not validate TLS hostnames",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/23/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-41611",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem allows a remote server to obtain security trust well improperly. This indication of trust may be passed along to clients, allowing access to unsafe or hijacked services."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Versions/v6/changesets/squid-6-43d6b5c81b88ec2256b430c69a872a1e4f324e4a.patch",
"refsource": "MISC",
"url": "http://www.squid-cache.org/Versions/v6/changesets/squid-6-43d6b5c81b88ec2256b430c69a872a1e4f324e4a.patch"
},
{
"name": "https://github.com/squid-cache/squid/security/advisories/GHSA-47m4-g3mv-9q5r",
"refsource": "CONFIRM",
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-47m4-g3mv-9q5r"
},
{
"name": "FEDORA-2021-15d2f70a07",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWQ2WKDWTSO47S3F6XJJ6HGG2ULWEAE4/"
},
{
"name": "[oss-security] 20211223 CVE-2021-44273: e2guardian did not validate TLS hostnames",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/12/23/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-41611",
"datePublished": "2021-10-18T08:56:16",
"dateReserved": "2021-09-25T00:00:00",
"dateUpdated": "2024-08-04T03:15:29.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2571
Vulnerability from cvelistv5
Published
2016-02-27 02:00
Modified
2024-08-05 23:32
Severity ?
EPSS score ?
Summary
http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:32:20.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3557-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3557-1/"
},
{
"name": "GLSA-201607-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13990.patch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_2.txt"
},
{
"name": "SUSE-SU-2016:1996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "DSA-3522",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3522"
},
{
"name": "RHSA-2016:2600",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2600.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-14548.patch"
},
{
"name": "openSUSE-SU-2016:2081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"name": "[oss-security] 20160226 Re: CVE request: Squid HTTP Caching Proxy multiple denial of service issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/02/26/2"
},
{
"name": "SUSE-SU-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "1035101",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035101"
},
{
"name": "USN-2921-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2921-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-15T09:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-3557-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3557-1/"
},
{
"name": "GLSA-201607-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13990.patch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_2.txt"
},
{
"name": "SUSE-SU-2016:1996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "DSA-3522",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3522"
},
{
"name": "RHSA-2016:2600",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2600.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-14548.patch"
},
{
"name": "openSUSE-SU-2016:2081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"name": "[oss-security] 20160226 Re: CVE request: Squid HTTP Caching Proxy multiple denial of service issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/02/26/2"
},
{
"name": "SUSE-SU-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "1035101",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035101"
},
{
"name": "USN-2921-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2921-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2571",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3557-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3557-1/"
},
{
"name": "GLSA-201607-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"name": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13990.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13990.patch"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2016_2.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_2.txt"
},
{
"name": "SUSE-SU-2016:1996",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "DSA-3522",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3522"
},
{
"name": "RHSA-2016:2600",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2600.html"
},
{
"name": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-14548.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-14548.patch"
},
{
"name": "openSUSE-SU-2016:2081",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"name": "[oss-security] 20160226 Re: CVE request: Squid HTTP Caching Proxy multiple denial of service issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/02/26/2"
},
{
"name": "SUSE-SU-2016:2089",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "1035101",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035101"
},
{
"name": "USN-2921-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2921-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2571",
"datePublished": "2016-02-27T02:00:00",
"dateReserved": "2016-02-26T00:00:00",
"dateUpdated": "2024-08-05T23:32:20.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2572
Vulnerability from cvelistv5
Published
2016-02-27 02:00
Modified
2024-08-05 23:32
Severity ?
EPSS score ?
Summary
http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.gentoo.org/glsa/201607-01 | vendor-advisory, x_refsource_GENTOO | |
| http://www.squid-cache.org/Advisories/SQUID-2016_2.txt | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html | vendor-advisory, x_refsource_SUSE | |
| http://rhn.redhat.com/errata/RHSA-2016-2600.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.squid-cache.org/Versions/v4/changesets/squid-4-14548.patch | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html | vendor-advisory, x_refsource_SUSE | |
| http://www.openwall.com/lists/oss-security/2016/02/26/2 | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html | vendor-advisory, x_refsource_SUSE | |
| http://www.securitytracker.com/id/1035101 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:32:20.993Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201607-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_2.txt"
},
{
"name": "SUSE-SU-2016:1996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "RHSA-2016:2600",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2600.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-14548.patch"
},
{
"name": "openSUSE-SU-2016:2081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"name": "[oss-security] 20160226 Re: CVE request: Squid HTTP Caching Proxy multiple denial of service issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/02/26/2"
},
{
"name": "SUSE-SU-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "1035101",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035101"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201607-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_2.txt"
},
{
"name": "SUSE-SU-2016:1996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "RHSA-2016:2600",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2600.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-14548.patch"
},
{
"name": "openSUSE-SU-2016:2081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"name": "[oss-security] 20160226 Re: CVE request: Squid HTTP Caching Proxy multiple denial of service issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/02/26/2"
},
{
"name": "SUSE-SU-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "1035101",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035101"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2572",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201607-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2016_2.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_2.txt"
},
{
"name": "SUSE-SU-2016:1996",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "RHSA-2016:2600",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2600.html"
},
{
"name": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-14548.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-14548.patch"
},
{
"name": "openSUSE-SU-2016:2081",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"name": "[oss-security] 20160226 Re: CVE request: Squid HTTP Caching Proxy multiple denial of service issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/02/26/2"
},
{
"name": "SUSE-SU-2016:2089",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "1035101",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035101"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2572",
"datePublished": "2016-02-27T02:00:00",
"dateReserved": "2016-02-26T00:00:00",
"dateUpdated": "2024-08-05T23:32:20.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-28116
Vulnerability from cvelistv5
Published
2021-03-09 21:44
Modified
2024-08-03 21:33
Severity ?
EPSS score ?
Summary
Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.squid-cache.org/Versions/ | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-21-157/ | x_refsource_MISC | |
| https://github.com/squid-cache/squid/security/advisories/GHSA-rgf3-9v3p-qp82 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202105-14 | vendor-advisory, x_refsource_GENTOO | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/ | vendor-advisory, x_refsource_FEDORA | |
| http://www.openwall.com/lists/oss-security/2021/10/04/1 | mailing-list, x_refsource_MLIST | |
| https://www.debian.org/security/2022/dsa-5171 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:17.441Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-157/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-rgf3-9v3p-qp82"
},
{
"name": "GLSA-202105-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202105-14"
},
{
"name": "FEDORA-2021-c0bec55ec7",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/"
},
{
"name": "FEDORA-2021-24af72ff2c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/"
},
{
"name": "[oss-security] 20211004 CVE-2021-28116 / ZDI-CAN-11610 / SQUID-2020:12 Out-Of-Bounds memory access in WCCPv2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/10/04/1"
},
{
"name": "DSA-5171",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5171"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:H/AV:N/A:N/C:L/I:N/PR:N/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-28T10:06:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Versions/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-157/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-rgf3-9v3p-qp82"
},
{
"name": "GLSA-202105-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202105-14"
},
{
"name": "FEDORA-2021-c0bec55ec7",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/"
},
{
"name": "FEDORA-2021-24af72ff2c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/"
},
{
"name": "[oss-security] 20211004 CVE-2021-28116 / ZDI-CAN-11610 / SQUID-2020:12 Out-Of-Bounds memory access in WCCPv2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/10/04/1"
},
{
"name": "DSA-5171",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5171"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-28116",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:H/AV:N/A:N/C:L/I:N/PR:N/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Versions/",
"refsource": "MISC",
"url": "http://www.squid-cache.org/Versions/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-157/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-157/"
},
{
"name": "https://github.com/squid-cache/squid/security/advisories/GHSA-rgf3-9v3p-qp82",
"refsource": "MISC",
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-rgf3-9v3p-qp82"
},
{
"name": "GLSA-202105-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202105-14"
},
{
"name": "FEDORA-2021-c0bec55ec7",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/"
},
{
"name": "FEDORA-2021-24af72ff2c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/"
},
{
"name": "[oss-security] 20211004 CVE-2021-28116 / ZDI-CAN-11610 / SQUID-2020:12 Out-Of-Bounds memory access in WCCPv2",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/10/04/1"
},
{
"name": "DSA-5171",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5171"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-28116",
"datePublished": "2021-03-09T21:44:58",
"dateReserved": "2021-03-09T00:00:00",
"dateUpdated": "2024-08-03T21:33:17.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2622
Vulnerability from cvelistv5
Published
2009-07-28 17:00
Modified
2024-08-07 05:59
Severity ?
EPSS score ?
Summary
Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) "missing or mismatched protocol identifier," (2) missing or negative status value," (3) "missing version," or (4) "missing or invalid status number," related to (a) HttpMsg.cc and (b) HttpReply.cc.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1022607 | vdb-entry, x_refsource_SECTRACK | |
| http://www.squid-cache.org/Versions/v3/3.1/changesets/b9661.patch | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/35812 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2009/2013 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/36007 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.squid-cache.org/Advisories/SQUID-2009_2.txt | x_refsource_CONFIRM | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2009:161 | vendor-advisory, x_refsource_MANDRIVA | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2009:178 | vendor-advisory, x_refsource_MANDRIVA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:59:56.150Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1022607",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022607"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/b9661.patch"
},
{
"name": "35812",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35812"
},
{
"name": "ADV-2009-2013",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2013"
},
{
"name": "36007",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36007"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2009_2.txt"
},
{
"name": "MDVSA-2009:161",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:161"
},
{
"name": "MDVSA-2009:178",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:178"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) \"missing or mismatched protocol identifier,\" (2) missing or negative status value,\" (3) \"missing version,\" or (4) \"missing or invalid status number,\" related to (a) HttpMsg.cc and (b) HttpReply.cc."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-08-07T09:00:00",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "1022607",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022607"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/b9661.patch"
},
{
"name": "35812",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35812"
},
{
"name": "ADV-2009-2013",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2013"
},
{
"name": "36007",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36007"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2009_2.txt"
},
{
"name": "MDVSA-2009:161",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:161"
},
{
"name": "MDVSA-2009:178",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:178"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2009-2622",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) \"missing or mismatched protocol identifier,\" (2) missing or negative status value,\" (3) \"missing version,\" or (4) \"missing or invalid status number,\" related to (a) HttpMsg.cc and (b) HttpReply.cc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1022607",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022607"
},
{
"name": "http://www.squid-cache.org/Versions/v3/3.1/changesets/b9661.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/b9661.patch"
},
{
"name": "35812",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35812"
},
{
"name": "ADV-2009-2013",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2013"
},
{
"name": "36007",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36007"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2009_2.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2009_2.txt"
},
{
"name": "MDVSA-2009:161",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:161"
},
{
"name": "MDVSA-2009:178",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:178"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2009-2622",
"datePublished": "2009-07-28T17:00:00",
"dateReserved": "2009-07-28T00:00:00",
"dateUpdated": "2024-08-07T05:59:56.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0308
Vulnerability from cvelistv5
Published
2010-02-03 18:00
Modified
2024-08-07 00:45
Severity ?
EPSS score ?
Summary
lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:45:11.819Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38451",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38451"
},
{
"name": "38455",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38455"
},
{
"name": "62044",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/62044"
},
{
"name": "37522",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37522"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-9853.patch"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/HEAD/changesets/12597.patch"
},
{
"name": "squid-dns-dos(56001)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56001"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://events.ccc.de/congress/2009/Fahrplan/attachments/1483_26c3_ipv4_fuckups.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2010_1.txt"
},
{
"name": "oval:org.mitre.oval:def:11270",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11270"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9163.patch"
},
{
"name": "1023520",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023520"
},
{
"name": "ADV-2010-0260",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0260"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "38451",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38451"
},
{
"name": "38455",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38455"
},
{
"name": "62044",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/62044"
},
{
"name": "37522",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37522"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-9853.patch"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Versions/v2/HEAD/changesets/12597.patch"
},
{
"name": "squid-dns-dos(56001)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56001"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://events.ccc.de/congress/2009/Fahrplan/attachments/1483_26c3_ipv4_fuckups.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2010_1.txt"
},
{
"name": "oval:org.mitre.oval:def:11270",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11270"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9163.patch"
},
{
"name": "1023520",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023520"
},
{
"name": "ADV-2010-0260",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0260"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-0308",
"datePublished": "2010-02-03T18:00:00",
"dateReserved": "2010-01-12T00:00:00",
"dateUpdated": "2024-08-07T00:45:11.819Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-37894
Vulnerability from cvelistv5
Published
2024-06-25 19:39
Modified
2025-02-13 17:53
Severity ?
EPSS score ?
Summary
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| squid-cache | squid |
Version: >= 3.0, <= 3.5.28 Version: >= 4.0, <= 4.16 Version: >= 5.0, <= 5.9 Version: >= 6.0, <= 6.9 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37894",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T14:07:04.077026Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T14:07:11.424Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:57:39.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/squid-cache/squid/security/advisories/GHSA-wgvf-q977-9xjg",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-wgvf-q977-9xjg"
},
{
"name": "https://github.com/squid-cache/squid/commit/f411fe7d75197852f0e5ee85027a06d58dd8df4c.patch",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/commit/f411fe7d75197852f0e5ee85027a06d58dd8df4c.patch"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240719-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "squid",
"vendor": "squid-cache",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0, \u003c= 3.5.28"
},
{
"status": "affected",
"version": "\u003e= 4.0, \u003c= 4.16"
},
{
"status": "affected",
"version": "\u003e= 5.0, \u003c= 5.9"
},
{
"status": "affected",
"version": "\u003e= 6.0, \u003c= 6.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T13:06:23.373Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/squid-cache/squid/security/advisories/GHSA-wgvf-q977-9xjg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-wgvf-q977-9xjg"
},
{
"name": "https://github.com/squid-cache/squid/commit/f411fe7d75197852f0e5ee85027a06d58dd8df4c.patch",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/squid-cache/squid/commit/f411fe7d75197852f0e5ee85027a06d58dd8df4c.patch"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240719-0001/"
}
],
"source": {
"advisory": "GHSA-wgvf-q977-9xjg",
"discovery": "UNKNOWN"
},
"title": "Squid vulnerable to heap corruption in ESI assign"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-37894",
"datePublished": "2024-06-25T19:39:02.376Z",
"dateReserved": "2024-06-10T19:54:41.361Z",
"dateUpdated": "2025-02-13T17:53:00.740Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-24606
Vulnerability from cvelistv5
Published
2020-08-24 17:06
Modified
2024-08-04 15:19
Severity ?
EPSS score ?
Summary
Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:08.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_9.patch"
},
{
"name": "DSA-4751",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4751"
},
{
"name": "USN-4477-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4477-1/"
},
{
"name": "FEDORA-2020-73af8655eb",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/"
},
{
"name": "FEDORA-2020-63f3bd656e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMTFLVB7GLRF2CKGFPZ4G4R5DIIPHWI3/"
},
{
"name": "openSUSE-SU-2020:1346",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html"
},
{
"name": "openSUSE-SU-2020:1369",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html"
},
{
"name": "FEDORA-2020-6c58bff862",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2/"
},
{
"name": "USN-4551-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4551-1/"
},
{
"name": "[debian-lts-announce] 20201002 [SECURITY] [DLA 2394-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210219-0007/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210226-0007/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210226-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-26T08:06:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_9.patch"
},
{
"name": "DSA-4751",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4751"
},
{
"name": "USN-4477-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4477-1/"
},
{
"name": "FEDORA-2020-73af8655eb",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/"
},
{
"name": "FEDORA-2020-63f3bd656e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMTFLVB7GLRF2CKGFPZ4G4R5DIIPHWI3/"
},
{
"name": "openSUSE-SU-2020:1346",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html"
},
{
"name": "openSUSE-SU-2020:1369",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html"
},
{
"name": "FEDORA-2020-6c58bff862",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2/"
},
{
"name": "USN-4551-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4551-1/"
},
{
"name": "[debian-lts-announce] 20201002 [SECURITY] [DLA 2394-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210219-0007/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210226-0007/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210226-0006/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24606",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:C/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg",
"refsource": "MISC",
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg"
},
{
"name": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_9.patch",
"refsource": "MISC",
"url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_9.patch"
},
{
"name": "DSA-4751",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4751"
},
{
"name": "USN-4477-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4477-1/"
},
{
"name": "FEDORA-2020-73af8655eb",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/"
},
{
"name": "FEDORA-2020-63f3bd656e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BMTFLVB7GLRF2CKGFPZ4G4R5DIIPHWI3/"
},
{
"name": "openSUSE-SU-2020:1346",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html"
},
{
"name": "openSUSE-SU-2020:1369",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html"
},
{
"name": "FEDORA-2020-6c58bff862",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2/"
},
{
"name": "USN-4551-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4551-1/"
},
{
"name": "[debian-lts-announce] 20201002 [SECURITY] [DLA 2394-1] squid3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210219-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210219-0007/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210226-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210226-0007/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210226-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210226-0006/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24606",
"datePublished": "2020-08-24T17:06:24",
"dateReserved": "2020-08-24T00:00:00",
"dateUpdated": "2024-08-04T15:19:08.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-7142
Vulnerability from cvelistv5
Published
2014-11-26 15:00
Modified
2024-08-06 12:40
Severity ?
EPSS score ?
Summary
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.squid-cache.org/Advisories/SQUID-2014_4.txt | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html | vendor-advisory, x_refsource_SUSE | |
| http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html | x_refsource_CONFIRM | |
| http://secunia.com/advisories/60242 | third-party-advisory, x_refsource_SECUNIA | |
| https://bugzilla.novell.com/show_bug.cgi?id=891268 | x_refsource_CONFIRM | |
| http://seclists.org/oss-sec/2014/q3/613 | mailing-list, x_refsource_MLIST | |
| http://seclists.org/oss-sec/2014/q3/539 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/70022 | vdb-entry, x_refsource_BID | |
| http://ubuntu.com/usn/usn-2422-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html | vendor-advisory, x_refsource_SUSE | |
| http://seclists.org/oss-sec/2014/q3/626 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:40:19.097Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2014_4.txt"
},
{
"name": "SUSE-SU-2016:1996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "60242",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60242"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=891268"
},
{
"name": "[oss-security] 20140916 Re: Re: CVE-Request: squid pinger remote DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/613"
},
{
"name": "[oss-security] 20140909 CVE-Request: squid pinger remote DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/539"
},
{
"name": "70022",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70022"
},
{
"name": "USN-2422-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-2422-1"
},
{
"name": "SUSE-SU-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "[oss-security] 20140922 Re: CVE-Request: squid pinger remote DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/626"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2014_4.txt"
},
{
"name": "SUSE-SU-2016:1996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "60242",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60242"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=891268"
},
{
"name": "[oss-security] 20140916 Re: Re: CVE-Request: squid pinger remote DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/613"
},
{
"name": "[oss-security] 20140909 CVE-Request: squid pinger remote DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/539"
},
{
"name": "70022",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70022"
},
{
"name": "USN-2422-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-2422-1"
},
{
"name": "SUSE-SU-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "[oss-security] 20140922 Re: CVE-Request: squid pinger remote DoS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/626"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7142",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2014_4.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2014_4.txt"
},
{
"name": "SUSE-SU-2016:1996",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "60242",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60242"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=891268",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=891268"
},
{
"name": "[oss-security] 20140916 Re: Re: CVE-Request: squid pinger remote DoS",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/613"
},
{
"name": "[oss-security] 20140909 CVE-Request: squid pinger remote DoS",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/539"
},
{
"name": "70022",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70022"
},
{
"name": "USN-2422-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-2422-1"
},
{
"name": "SUSE-SU-2016:2089",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "[oss-security] 20140922 Re: CVE-Request: squid pinger remote DoS",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/626"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7142",
"datePublished": "2014-11-26T15:00:00",
"dateReserved": "2014-09-22T00:00:00",
"dateUpdated": "2024-08-06T12:40:19.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-12529
Vulnerability from cvelistv5
Published
2019-07-11 18:33
Modified
2024-08-04 23:24
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checking its table. The length is then used to start decoding the string. There are no checks to ensure that the length it calculates isn't greater than the input buffer. This leads to adjacent memory being decoded as well. An attacker would not be able to retrieve the decoded data unless the Squid maintainer had configured the display of usernames on error pages.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:24:38.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/commits/v4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-dd46b5417809647f561d8a5e0e74c3aacd235258.patch"
},
{
"name": "USN-4065-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4065-1/"
},
{
"name": "[debian-lts-announce] 20190720 [SECURITY] [DLA 1858-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00018.html"
},
{
"name": "USN-4065-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4065-2/"
},
{
"name": "FEDORA-2019-cb50bcc189",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/"
},
{
"name": "DSA-4507",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4507"
},
{
"name": "20190825 [SECURITY] [DSA 4507-1] squid security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/42"
},
{
"name": "openSUSE-SU-2019:2540",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html"
},
{
"name": "openSUSE-SU-2019:2541",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-06-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checking its table. The length is then used to start decoding the string. There are no checks to ensure that the length it calculates isn\u0027t greater than the input buffer. This leads to adjacent memory being decoded as well. An attacker would not be able to retrieve the decoded data unless the Squid maintainer had configured the display of usernames on error pages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-10T23:06:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/squid-cache/squid/commits/v4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-dd46b5417809647f561d8a5e0e74c3aacd235258.patch"
},
{
"name": "USN-4065-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4065-1/"
},
{
"name": "[debian-lts-announce] 20190720 [SECURITY] [DLA 1858-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00018.html"
},
{
"name": "USN-4065-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4065-2/"
},
{
"name": "FEDORA-2019-cb50bcc189",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/"
},
{
"name": "DSA-4507",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4507"
},
{
"name": "20190825 [SECURITY] [DSA 4507-1] squid security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/42"
},
{
"name": "openSUSE-SU-2019:2540",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html"
},
{
"name": "openSUSE-SU-2019:2541",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12529",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checking its table. The length is then used to start decoding the string. There are no checks to ensure that the length it calculates isn\u0027t greater than the input buffer. This leads to adjacent memory being decoded as well. An attacker would not be able to retrieve the decoded data unless the Squid maintainer had configured the display of usernames on error pages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Versions/v4/changesets/",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v4/changesets/"
},
{
"name": "https://github.com/squid-cache/squid/commits/v4",
"refsource": "CONFIRM",
"url": "https://github.com/squid-cache/squid/commits/v4"
},
{
"name": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-dd46b5417809647f561d8a5e0e74c3aacd235258.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-dd46b5417809647f561d8a5e0e74c3aacd235258.patch"
},
{
"name": "USN-4065-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4065-1/"
},
{
"name": "[debian-lts-announce] 20190720 [SECURITY] [DLA 1858-1] squid3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00018.html"
},
{
"name": "USN-4065-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4065-2/"
},
{
"name": "FEDORA-2019-cb50bcc189",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/"
},
{
"name": "DSA-4507",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4507"
},
{
"name": "20190825 [SECURITY] [DSA 4507-1] squid security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/42"
},
{
"name": "openSUSE-SU-2019:2540",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html"
},
{
"name": "openSUSE-SU-2019:2541",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12529",
"datePublished": "2019-07-11T18:33:55",
"dateReserved": "2019-06-02T00:00:00",
"dateUpdated": "2024-08-04T23:24:38.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-10003
Vulnerability from cvelistv5
Published
2017-01-27 17:00
Modified
2024-08-06 03:07
Severity ?
EPSS score ?
Summary
Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/12/18/1 | mailing-list, x_refsource_MLIST | |
| http://www.securitytracker.com/id/1037512 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/94953 | vdb-entry, x_refsource_BID | |
| http://www.squid-cache.org/Advisories/SQUID-2016_10.txt | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.873Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20161217 Re: CVE Request - squid HTTP proxy multiple Information Disclosure issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/18/1"
},
{
"name": "1037512",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037512"
},
{
"name": "94953",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94953"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_10.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-27T16:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20161217 Re: CVE Request - squid HTTP proxy multiple Information Disclosure issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/18/1"
},
{
"name": "1037512",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037512"
},
{
"name": "94953",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94953"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_10.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10003",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20161217 Re: CVE Request - squid HTTP proxy multiple Information Disclosure issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/18/1"
},
{
"name": "1037512",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037512"
},
{
"name": "94953",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94953"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2016_10.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_10.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10003",
"datePublished": "2017-01-27T17:00:00",
"dateReserved": "2016-12-17T00:00:00",
"dateUpdated": "2024-08-06T03:07:31.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3609
Vulnerability from cvelistv5
Published
2014-09-11 18:00
Modified
2024-08-06 10:50
Severity ?
EPSS score ?
Summary
HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted "Range headers with unidentifiable byte-range values."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:17.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "61320",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61320"
},
{
"name": "60179",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60179"
},
{
"name": "SUSE-SU-2014:1140",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00025.html"
},
{
"name": "USN-2327-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2327-1"
},
{
"name": "DSA-3139",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3139"
},
{
"name": "openSUSE-SU-2014:1144",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00029.html"
},
{
"name": "DSA-3014",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3014"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2014_2.txt"
},
{
"name": "RHSA-2014:1147",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1147.html"
},
{
"name": "60334",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60334"
},
{
"name": "69453",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69453"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9201.patch"
},
{
"name": "61412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61412"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted \"Range headers with unidentifiable byte-range values.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-04T17:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "61320",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61320"
},
{
"name": "60179",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60179"
},
{
"name": "SUSE-SU-2014:1140",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00025.html"
},
{
"name": "USN-2327-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2327-1"
},
{
"name": "DSA-3139",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3139"
},
{
"name": "openSUSE-SU-2014:1144",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00029.html"
},
{
"name": "DSA-3014",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3014"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2014_2.txt"
},
{
"name": "RHSA-2014:1147",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1147.html"
},
{
"name": "60334",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60334"
},
{
"name": "69453",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69453"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9201.patch"
},
{
"name": "61412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61412"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3609",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted \"Range headers with unidentifiable byte-range values.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61320",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61320"
},
{
"name": "60179",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60179"
},
{
"name": "SUSE-SU-2014:1140",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00025.html"
},
{
"name": "USN-2327-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2327-1"
},
{
"name": "DSA-3139",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3139"
},
{
"name": "openSUSE-SU-2014:1144",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00029.html"
},
{
"name": "DSA-3014",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3014"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2014_2.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2014_2.txt"
},
{
"name": "RHSA-2014:1147",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1147.html"
},
{
"name": "60334",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60334"
},
{
"name": "69453",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69453"
},
{
"name": "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9201.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9201.patch"
},
{
"name": "61412",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61412"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3609",
"datePublished": "2014-09-11T18:00:00",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:50:17.607Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-31806
Vulnerability from cvelistv5
Published
2021-05-27 00:00
Modified
2024-08-03 23:10
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:10:30.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch"
},
{
"name": "DSA-4924",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4924"
},
{
"name": "FEDORA-2021-c0bec55ec7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/"
},
{
"name": "FEDORA-2021-24af72ff2c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/"
},
{
"name": "[debian-lts-announce] 20210614 [SECURITY] [DLA 2685-1] squid3 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210716-0007/"
},
{
"name": "[oss-security] 20231011 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/11/3"
},
{
"name": "20231016 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-17T04:06:21.884321",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf"
},
{
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch"
},
{
"name": "DSA-4924",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4924"
},
{
"name": "FEDORA-2021-c0bec55ec7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/"
},
{
"name": "FEDORA-2021-24af72ff2c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/"
},
{
"name": "[debian-lts-announce] 20210614 [SECURITY] [DLA 2685-1] squid3 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20210716-0007/"
},
{
"name": "[oss-security] 20231011 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/11/3"
},
{
"name": "20231016 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31806",
"datePublished": "2021-05-27T00:00:00",
"dateReserved": "2021-04-26T00:00:00",
"dateUpdated": "2024-08-03T23:10:30.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-14058
Vulnerability from cvelistv5
Published
2020-06-30 18:30
Modified
2024-08-04 12:32
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a TLS connection to an attacker-controlled server for HTTPS. This occurs because unrecognized error values are mapped to NULL, but later code expects that each error value is mapped to a valid error string.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.squid-cache.org/Versions/v5/changesets/squid-5-c6d1a4f6a2cbebceebc8a3fcd8f539ceb7b7f723.patch | x_refsource_MISC | |
| http://www.squid-cache.org/Versions/v4/changesets/squid-4-93f5fda134a2a010b84ffedbe833d670e63ba4be.patch | x_refsource_MISC | |
| http://www.squid-cache.org/Advisories/SQUID-2020_6.txt | x_refsource_CONFIRM | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3RG5FGSTCAYVIJPJHIY3MRZ7NFT6HDO7/ | vendor-advisory, x_refsource_FEDORA | |
| https://security.netapp.com/advisory/ntap-20210312-0001/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:32:14.692Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v5/changesets/squid-5-c6d1a4f6a2cbebceebc8a3fcd8f539ceb7b7f723.patch"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-93f5fda134a2a010b84ffedbe833d670e63ba4be.patch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2020_6.txt"
},
{
"name": "FEDORA-2020-cbebc5617e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3RG5FGSTCAYVIJPJHIY3MRZ7NFT6HDO7/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210312-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-06-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a TLS connection to an attacker-controlled server for HTTPS. This occurs because unrecognized error values are mapped to NULL, but later code expects that each error value is mapped to a valid error string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-12T12:06:31",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Versions/v5/changesets/squid-5-c6d1a4f6a2cbebceebc8a3fcd8f539ceb7b7f723.patch"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-93f5fda134a2a010b84ffedbe833d670e63ba4be.patch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2020_6.txt"
},
{
"name": "FEDORA-2020-cbebc5617e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3RG5FGSTCAYVIJPJHIY3MRZ7NFT6HDO7/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210312-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-14058",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a TLS connection to an attacker-controlled server for HTTPS. This occurs because unrecognized error values are mapped to NULL, but later code expects that each error value is mapped to a valid error string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Versions/v5/changesets/squid-5-c6d1a4f6a2cbebceebc8a3fcd8f539ceb7b7f723.patch",
"refsource": "MISC",
"url": "http://www.squid-cache.org/Versions/v5/changesets/squid-5-c6d1a4f6a2cbebceebc8a3fcd8f539ceb7b7f723.patch"
},
{
"name": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-93f5fda134a2a010b84ffedbe833d670e63ba4be.patch",
"refsource": "MISC",
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-93f5fda134a2a010b84ffedbe833d670e63ba4be.patch"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2020_6.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2020_6.txt"
},
{
"name": "FEDORA-2020-cbebc5617e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3RG5FGSTCAYVIJPJHIY3MRZ7NFT6HDO7/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210312-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210312-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-14058",
"datePublished": "2020-06-30T18:30:56",
"dateReserved": "2020-06-13T00:00:00",
"dateUpdated": "2024-08-04T12:32:14.692Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-46784
Vulnerability from cvelistv5
Published
2022-07-17 00:00
Modified
2024-08-04 05:17
Severity ?
EPSS score ?
Summary
In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/commit/5e2ea2b13bd98f53e29964ca26bb0d602a8a12b9"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2021_7.patch"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v5/changesets/SQUID-2021_7.patch"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-f5cp-6rh3-284w"
},
{
"tags": [
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2021-46784"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221223-0007/"
},
{
"name": "[oss-security] 20231013 Re: Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/1"
},
{
"name": "[oss-security] 20231013 Re: Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/10"
},
{
"name": "[oss-security] 20231021 Re: Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/21/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-21T23:06:16.659186",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/squid-cache/squid/commit/5e2ea2b13bd98f53e29964ca26bb0d602a8a12b9"
},
{
"url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2021_7.patch"
},
{
"url": "http://www.squid-cache.org/Versions/v5/changesets/SQUID-2021_7.patch"
},
{
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-f5cp-6rh3-284w"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2021-46784"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221223-0007/"
},
{
"name": "[oss-security] 20231013 Re: Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/1"
},
{
"name": "[oss-security] 20231013 Re: Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/10"
},
{
"name": "[oss-security] 20231021 Re: Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/21/1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-46784",
"datePublished": "2022-07-17T00:00:00",
"dateReserved": "2022-04-21T00:00:00",
"dateUpdated": "2024-08-04T05:17:42.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2390
Vulnerability from cvelistv5
Published
2016-04-19 21:00
Modified
2024-08-05 23:24
Severity ?
EPSS score ?
Summary
The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintext HTTP message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.squid-cache.org/Advisories/SQUID-2016_1.txt | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html | vendor-advisory, x_refsource_SUSE | |
| http://www.securitytracker.com/id/1035045 | vdb-entry, x_refsource_SECTRACK | |
| http://lists.squid-cache.org/pipermail/squid-announce/2016-February/000038.html | mailing-list, x_refsource_MLIST | |
| http://lists.squid-cache.org/pipermail/squid-announce/2016-February/000037.html | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html | vendor-advisory, x_refsource_SUSE | |
| http://bugs.squid-cache.org/show_bug.cgi?id=4437 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:49.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_1.txt"
},
{
"name": "SUSE-SU-2016:1996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "1035045",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035045"
},
{
"name": "[squid-announce] 20160216 Squid 4.0.6 beta is available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.squid-cache.org/pipermail/squid-announce/2016-February/000038.html"
},
{
"name": "[squid-announce] 20160216 Squid 3.5.14 is available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.squid-cache.org/pipermail/squid-announce/2016-February/000037.html"
},
{
"name": "SUSE-SU-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.squid-cache.org/show_bug.cgi?id=4437"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintext HTTP message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_1.txt"
},
{
"name": "SUSE-SU-2016:1996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "1035045",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035045"
},
{
"name": "[squid-announce] 20160216 Squid 4.0.6 beta is available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.squid-cache.org/pipermail/squid-announce/2016-February/000038.html"
},
{
"name": "[squid-announce] 20160216 Squid 3.5.14 is available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.squid-cache.org/pipermail/squid-announce/2016-February/000037.html"
},
{
"name": "SUSE-SU-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.squid-cache.org/show_bug.cgi?id=4437"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2390",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintext HTTP message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2016_1.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_1.txt"
},
{
"name": "SUSE-SU-2016:1996",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "1035045",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035045"
},
{
"name": "[squid-announce] 20160216 Squid 4.0.6 beta is available",
"refsource": "MLIST",
"url": "http://lists.squid-cache.org/pipermail/squid-announce/2016-February/000038.html"
},
{
"name": "[squid-announce] 20160216 Squid 3.5.14 is available",
"refsource": "MLIST",
"url": "http://lists.squid-cache.org/pipermail/squid-announce/2016-February/000037.html"
},
{
"name": "SUSE-SU-2016:2089",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "http://bugs.squid-cache.org/show_bug.cgi?id=4437",
"refsource": "CONFIRM",
"url": "http://bugs.squid-cache.org/show_bug.cgi?id=4437"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2390",
"datePublished": "2016-04-19T21:00:00",
"dateReserved": "2016-02-16T00:00:00",
"dateUpdated": "2024-08-05T23:24:49.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-12527
Vulnerability from cvelistv5
Published
2019-07-11 18:10
Modified
2024-08-04 23:24
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user controlled data.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:24:38.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/commits/v4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch"
},
{
"name": "109143",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/109143"
},
{
"name": "USN-4065-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4065-1/"
},
{
"name": "FEDORA-2019-cb50bcc189",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/"
},
{
"name": "DSA-4507",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4507"
},
{
"name": "20190825 [SECURITY] [DSA 4507-1] squid security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/42"
},
{
"name": "RHSA-2019:2593",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2593"
},
{
"name": "openSUSE-SU-2019:2540",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html"
},
{
"name": "openSUSE-SU-2019:2541",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-06-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn\u0027t greater than the buffer, leading to a heap-based buffer overflow with user controlled data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-21T18:07:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/squid-cache/squid/commits/v4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch"
},
{
"name": "109143",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/109143"
},
{
"name": "USN-4065-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4065-1/"
},
{
"name": "FEDORA-2019-cb50bcc189",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/"
},
{
"name": "DSA-4507",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4507"
},
{
"name": "20190825 [SECURITY] [DSA 4507-1] squid security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/42"
},
{
"name": "RHSA-2019:2593",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2593"
},
{
"name": "openSUSE-SU-2019:2540",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html"
},
{
"name": "openSUSE-SU-2019:2541",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12527",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn\u0027t greater than the buffer, leading to a heap-based buffer overflow with user controlled data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Versions/v4/changesets/",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v4/changesets/"
},
{
"name": "https://github.com/squid-cache/squid/commits/v4",
"refsource": "CONFIRM",
"url": "https://github.com/squid-cache/squid/commits/v4"
},
{
"name": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch"
},
{
"name": "109143",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/109143"
},
{
"name": "USN-4065-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4065-1/"
},
{
"name": "FEDORA-2019-cb50bcc189",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/"
},
{
"name": "DSA-4507",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4507"
},
{
"name": "20190825 [SECURITY] [DSA 4507-1] squid security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/42"
},
{
"name": "RHSA-2019:2593",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2593"
},
{
"name": "openSUSE-SU-2019:2540",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html"
},
{
"name": "openSUSE-SU-2019:2541",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12527",
"datePublished": "2019-07-11T18:10:16",
"dateReserved": "2019-06-02T00:00:00",
"dateUpdated": "2024-08-04T23:24:38.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-15811
Vulnerability from cvelistv5
Published
2020-09-02 16:35
Modified
2024-08-04 13:30
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:30:22.344Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv"
},
{
"name": "DSA-4751",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4751"
},
{
"name": "USN-4477-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4477-1/"
},
{
"name": "FEDORA-2020-73af8655eb",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/"
},
{
"name": "FEDORA-2020-63f3bd656e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMTFLVB7GLRF2CKGFPZ4G4R5DIIPHWI3/"
},
{
"name": "openSUSE-SU-2020:1346",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html"
},
{
"name": "openSUSE-SU-2020:1369",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html"
},
{
"name": "FEDORA-2020-6c58bff862",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2/"
},
{
"name": "USN-4551-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4551-1/"
},
{
"name": "[debian-lts-announce] 20201002 [SECURITY] [DLA 2394-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210219-0007/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210226-0007/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210226-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-26T08:06:40",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv"
},
{
"name": "DSA-4751",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4751"
},
{
"name": "USN-4477-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4477-1/"
},
{
"name": "FEDORA-2020-73af8655eb",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/"
},
{
"name": "FEDORA-2020-63f3bd656e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMTFLVB7GLRF2CKGFPZ4G4R5DIIPHWI3/"
},
{
"name": "openSUSE-SU-2020:1346",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html"
},
{
"name": "openSUSE-SU-2020:1369",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html"
},
{
"name": "FEDORA-2020-6c58bff862",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2/"
},
{
"name": "USN-4551-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4551-1/"
},
{
"name": "[debian-lts-announce] 20201002 [SECURITY] [DLA 2394-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210219-0007/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210226-0007/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210226-0006/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-15811",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv",
"refsource": "MISC",
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv"
},
{
"name": "DSA-4751",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4751"
},
{
"name": "USN-4477-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4477-1/"
},
{
"name": "FEDORA-2020-73af8655eb",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/"
},
{
"name": "FEDORA-2020-63f3bd656e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BMTFLVB7GLRF2CKGFPZ4G4R5DIIPHWI3/"
},
{
"name": "openSUSE-SU-2020:1346",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html"
},
{
"name": "openSUSE-SU-2020:1369",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html"
},
{
"name": "FEDORA-2020-6c58bff862",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2/"
},
{
"name": "USN-4551-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4551-1/"
},
{
"name": "[debian-lts-announce] 20201002 [SECURITY] [DLA 2394-1] squid3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210219-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210219-0007/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210226-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210226-0007/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210226-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210226-0006/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-15811",
"datePublished": "2020-09-02T16:35:04",
"dateReserved": "2020-07-17T00:00:00",
"dateUpdated": "2024-08-04T13:30:22.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-5400
Vulnerability from cvelistv5
Published
2015-09-28 20:00
Modified
2024-08-06 06:50
Severity ?
EPSS score ?
Summary
Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:50:02.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20150706 Squid HTTP proxy CVE request",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/06/8"
},
{
"name": "1032873",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032873"
},
{
"name": "FEDORA-2016-7b40eb9e29",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183598.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13856.patch"
},
{
"name": "SUSE-SU-2016:1996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "[oss-security] 20150717 Re: Re: Squid HTTP proxy CVE request",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/17/14"
},
{
"name": "[oss-security] 20150709 Re: Squid HTTP proxy CVE request",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/09/12"
},
{
"name": "openSUSE-SU-2016:2081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10494.patch"
},
{
"name": "[oss-security] 20150710 Re: Squid HTTP proxy CVE request",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/10/2"
},
{
"name": "SUSE-SU-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2015_2.txt"
},
{
"name": "DSA-3327",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3327"
},
{
"name": "75553",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75553"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13225.patch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-21T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20150706 Squid HTTP proxy CVE request",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/06/8"
},
{
"name": "1032873",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032873"
},
{
"name": "FEDORA-2016-7b40eb9e29",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183598.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13856.patch"
},
{
"name": "SUSE-SU-2016:1996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "[oss-security] 20150717 Re: Re: Squid HTTP proxy CVE request",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/17/14"
},
{
"name": "[oss-security] 20150709 Re: Squid HTTP proxy CVE request",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/09/12"
},
{
"name": "openSUSE-SU-2016:2081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10494.patch"
},
{
"name": "[oss-security] 20150710 Re: Squid HTTP proxy CVE request",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/10/2"
},
{
"name": "SUSE-SU-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2015_2.txt"
},
{
"name": "DSA-3327",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3327"
},
{
"name": "75553",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75553"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13225.patch"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150706 Squid HTTP proxy CVE request",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/07/06/8"
},
{
"name": "1032873",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032873"
},
{
"name": "FEDORA-2016-7b40eb9e29",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183598.html"
},
{
"name": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13856.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13856.patch"
},
{
"name": "SUSE-SU-2016:1996",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "[oss-security] 20150717 Re: Re: Squid HTTP proxy CVE request",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/07/17/14"
},
{
"name": "[oss-security] 20150709 Re: Squid HTTP proxy CVE request",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/07/09/12"
},
{
"name": "openSUSE-SU-2016:2081",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"name": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10494.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10494.patch"
},
{
"name": "[oss-security] 20150710 Re: Squid HTTP proxy CVE request",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/07/10/2"
},
{
"name": "SUSE-SU-2016:2089",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2015_2.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2015_2.txt"
},
{
"name": "DSA-3327",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3327"
},
{
"name": "75553",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75553"
},
{
"name": "http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13225.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13225.patch"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-5400",
"datePublished": "2015-09-28T20:00:00",
"dateReserved": "2015-07-06T00:00:00",
"dateUpdated": "2024-08-06T06:50:02.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-18679
Vulnerability from cvelistv5
Published
2019-11-26 16:14
Modified
2024-08-05 02:02
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/pull/491"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1156324"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_11.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch"
},
{
"name": "USN-4213-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4213-1/"
},
{
"name": "FEDORA-2019-0b16cbdd0e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/"
},
{
"name": "FEDORA-2019-9538783033",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/"
},
{
"name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2028-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html"
},
{
"name": "GLSA-202003-34",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-34"
},
{
"name": "DSA-4682",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-10T23:06:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/squid-cache/squid/pull/491"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1156324"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_11.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch"
},
{
"name": "USN-4213-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4213-1/"
},
{
"name": "FEDORA-2019-0b16cbdd0e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/"
},
{
"name": "FEDORA-2019-9538783033",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/"
},
{
"name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2028-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html"
},
{
"name": "GLSA-202003-34",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-34"
},
{
"name": "DSA-4682",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/squid-cache/squid/pull/491",
"refsource": "MISC",
"url": "https://github.com/squid-cache/squid/pull/491"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1156324",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1156324"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2019_11.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_11.txt"
},
{
"name": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch"
},
{
"name": "USN-4213-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4213-1/"
},
{
"name": "FEDORA-2019-0b16cbdd0e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/"
},
{
"name": "FEDORA-2019-9538783033",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/"
},
{
"name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2028-1] squid3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html"
},
{
"name": "GLSA-202003-34",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-34"
},
{
"name": "DSA-4682",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18679",
"datePublished": "2019-11-26T16:14:03",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-05T02:02:39.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-3205
Vulnerability from cvelistv5
Published
2011-09-06 15:00
Modified
2024-08-06 23:29
Severity ?
EPSS score ?
Summary
Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:55.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2011:1293",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1293.html"
},
{
"name": "46029",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46029"
},
{
"name": "45906",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45906"
},
{
"name": "FEDORA-2011-11854",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065534.html"
},
{
"name": "SUSE-SU-2016:1996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "SUSE-SU-2011:1019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00013.html"
},
{
"name": "1025981",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025981"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9193.patch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10363.patch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.HEAD/changesets/12710.patch"
},
{
"name": "45965",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45965"
},
{
"name": "45805",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45805"
},
{
"name": "DSA-2304",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2304"
},
{
"name": "[oss-security] 20110830 Re: CVE-request(?): squid: buffer overflow in Gopher reply parser",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/08/30/8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2011_3.txt"
},
{
"name": "openSUSE-SU-2011:1018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00012.html"
},
{
"name": "[oss-security] 20110829 CVE-request(?): squid: buffer overflow in Gopher reply parser",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/08/29/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=734583"
},
{
"name": "[oss-security] 20110830 Re: CVE-request(?): squid: buffer overflow in Gopher reply parser",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/08/30/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11294.patch"
},
{
"name": "SUSE-SU-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "49356",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49356"
},
{
"name": "74847",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/74847"
},
{
"name": "45920",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45920"
},
{
"name": "MDVSA-2011:150",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:150"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2011:1293",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1293.html"
},
{
"name": "46029",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46029"
},
{
"name": "45906",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45906"
},
{
"name": "FEDORA-2011-11854",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065534.html"
},
{
"name": "SUSE-SU-2016:1996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "SUSE-SU-2011:1019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00013.html"
},
{
"name": "1025981",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025981"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9193.patch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10363.patch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.HEAD/changesets/12710.patch"
},
{
"name": "45965",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45965"
},
{
"name": "45805",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45805"
},
{
"name": "DSA-2304",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2304"
},
{
"name": "[oss-security] 20110830 Re: CVE-request(?): squid: buffer overflow in Gopher reply parser",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/08/30/8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2011_3.txt"
},
{
"name": "openSUSE-SU-2011:1018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00012.html"
},
{
"name": "[oss-security] 20110829 CVE-request(?): squid: buffer overflow in Gopher reply parser",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/08/29/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=734583"
},
{
"name": "[oss-security] 20110830 Re: CVE-request(?): squid: buffer overflow in Gopher reply parser",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/08/30/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11294.patch"
},
{
"name": "SUSE-SU-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "49356",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49356"
},
{
"name": "74847",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/74847"
},
{
"name": "45920",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45920"
},
{
"name": "MDVSA-2011:150",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:150"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3205",
"datePublished": "2011-09-06T15:00:00",
"dateReserved": "2011-08-19T00:00:00",
"dateUpdated": "2024-08-06T23:29:55.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1000027
Vulnerability from cvelistv5
Published
2018-02-09 23:00
Modified
2024-08-05 12:33
Severity ?
EPSS score ?
Summary
The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later.
References
| ▼ | URL | Tags |
|---|---|---|
| https://usn.ubuntu.com/3557-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://www.squid-cache.org/Versions/v4/changesets/SQUID-2018_2.patch | x_refsource_CONFIRM | |
| https://www.debian.org/security/2018/dsa-4122 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.squid-cache.org/Advisories/SQUID-2018_2.txt | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2018/02/msg00001.html | mailing-list, x_refsource_MLIST | |
| https://github.com/squid-cache/squid/pull/129/files | x_refsource_CONFIRM | |
| http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_2.patch | x_refsource_CONFIRM | |
| https://lists.debian.org/debian-lts-announce/2018/02/msg00002.html | mailing-list, x_refsource_MLIST | |
| https://usn.ubuntu.com/4059-2/ | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:33:49.031Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3557-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3557-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2018_2.patch"
},
{
"name": "DSA-4122",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4122"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2018_2.txt"
},
{
"name": "[debian-lts-announce] 20180202 [SECURITY] [DLA 1266-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/pull/129/files"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_2.patch"
},
{
"name": "[debian-lts-announce] 20180202 [SECURITY] [DLA 1267-1] squid security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00002.html"
},
{
"name": "USN-4059-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4059-2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-01-18T00:00:00",
"datePublic": "2018-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-17T15:06:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-3557-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3557-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2018_2.patch"
},
{
"name": "DSA-4122",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4122"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2018_2.txt"
},
{
"name": "[debian-lts-announce] 20180202 [SECURITY] [DLA 1266-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/squid-cache/squid/pull/129/files"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_2.patch"
},
{
"name": "[debian-lts-announce] 20180202 [SECURITY] [DLA 1267-1] squid security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00002.html"
},
{
"name": "USN-4059-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4059-2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "1/18/2018 15:05:14",
"ID": "CVE-2018-1000027",
"REQUESTER": "squid3@treenet.co.nz",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3557-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3557-1/"
},
{
"name": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2018_2.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2018_2.patch"
},
{
"name": "DSA-4122",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4122"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2018_2.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2018_2.txt"
},
{
"name": "[debian-lts-announce] 20180202 [SECURITY] [DLA 1266-1] squid3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00001.html"
},
{
"name": "https://github.com/squid-cache/squid/pull/129/files",
"refsource": "CONFIRM",
"url": "https://github.com/squid-cache/squid/pull/129/files"
},
{
"name": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_2.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_2.patch"
},
{
"name": "[debian-lts-announce] 20180202 [SECURITY] [DLA 1267-1] squid security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00002.html"
},
{
"name": "USN-4059-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4059-2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000027",
"datePublished": "2018-02-09T23:00:00",
"dateReserved": "2018-01-29T00:00:00",
"dateUpdated": "2024-08-05T12:33:49.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4123
Vulnerability from cvelistv5
Published
2013-09-16 19:00
Modified
2024-09-17 03:48
Severity ?
EPSS score ?
Summary
client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/54142 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12591.patch | x_refsource_CONFIRM | |
| http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11826.patch | x_refsource_CONFIRM | |
| http://secunia.com/advisories/54834 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.squid-cache.org/Advisories/SQUID-2013_3.txt | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-updates/2013-09/msg00024.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:50.014Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "54142",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54142"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12591.patch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11826.patch"
},
{
"name": "54834",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54834"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2013_3.txt"
},
{
"name": "openSUSE-SU-2013:1435",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00024.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-16T19:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "54142",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54142"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12591.patch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11826.patch"
},
{
"name": "54834",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54834"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2013_3.txt"
},
{
"name": "openSUSE-SU-2013:1435",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00024.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4123",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "54142",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54142"
},
{
"name": "http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12591.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12591.patch"
},
{
"name": "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11826.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11826.patch"
},
{
"name": "54834",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54834"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2013_3.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2013_3.txt"
},
{
"name": "openSUSE-SU-2013:1435",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00024.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4123",
"datePublished": "2013-09-16T19:00:00Z",
"dateReserved": "2013-06-12T00:00:00Z",
"dateUpdated": "2024-09-17T03:48:39.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-31808
Vulnerability from cvelistv5
Published
2021-05-27 00:00
Modified
2024-08-03 23:10
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy). A client sends an HTTP Range request to trigger this.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:10:30.120Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch"
},
{
"name": "DSA-4924",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4924"
},
{
"name": "FEDORA-2021-c0bec55ec7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/"
},
{
"name": "FEDORA-2021-24af72ff2c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/"
},
{
"name": "[debian-lts-announce] 20210614 [SECURITY] [DLA 2685-1] squid3 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210716-0007/"
},
{
"name": "[oss-security] 20231011 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/11/3"
},
{
"name": "20231016 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy). A client sends an HTTP Range request to trigger this."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-17T04:06:16.573947",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf"
},
{
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch"
},
{
"name": "DSA-4924",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4924"
},
{
"name": "FEDORA-2021-c0bec55ec7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/"
},
{
"name": "FEDORA-2021-24af72ff2c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/"
},
{
"name": "[debian-lts-announce] 20210614 [SECURITY] [DLA 2685-1] squid3 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20210716-0007/"
},
{
"name": "[oss-security] 20231011 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/11/3"
},
{
"name": "20231016 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31808",
"datePublished": "2021-05-27T00:00:00",
"dateReserved": "2021-04-26T00:00:00",
"dateUpdated": "2024-08-03T23:10:30.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4556
Vulnerability from cvelistv5
Published
2016-05-10 19:00
Modified
2024-08-06 00:32
Severity ?
EPSS score ?
Summary
Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.755Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201607-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_9.patch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "SUSE-SU-2016:1996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_9.patch"
},
{
"name": "USN-2995-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2995-1"
},
{
"name": "[oss-security] 20160506 Re: CVE Request: Squid HTTP caching proxy",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/06/5"
},
{
"name": "RHSA-2016:1140",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1140"
},
{
"name": "openSUSE-SU-2016:2081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"name": "1035770",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035770"
},
{
"name": "RHSA-2016:1138",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1138"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_9.txt"
},
{
"name": "RHSA-2016:1139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1139"
},
{
"name": "SUSE-SU-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "[oss-security] 20160506 CVE Request: Squid HTTP caching proxy",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/06/3"
},
{
"name": "DSA-3625",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3625"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-28T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201607-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_9.patch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "SUSE-SU-2016:1996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_9.patch"
},
{
"name": "USN-2995-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2995-1"
},
{
"name": "[oss-security] 20160506 Re: CVE Request: Squid HTTP caching proxy",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/06/5"
},
{
"name": "RHSA-2016:1140",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1140"
},
{
"name": "openSUSE-SU-2016:2081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"name": "1035770",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035770"
},
{
"name": "RHSA-2016:1138",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1138"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_9.txt"
},
{
"name": "RHSA-2016:1139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1139"
},
{
"name": "SUSE-SU-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "[oss-security] 20160506 CVE Request: Squid HTTP caching proxy",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/06/3"
},
{
"name": "DSA-3625",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3625"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4556",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201607-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"name": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_9.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_9.patch"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "SUSE-SU-2016:1996",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_9.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_9.patch"
},
{
"name": "USN-2995-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2995-1"
},
{
"name": "[oss-security] 20160506 Re: CVE Request: Squid HTTP caching proxy",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/06/5"
},
{
"name": "RHSA-2016:1140",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1140"
},
{
"name": "openSUSE-SU-2016:2081",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"name": "1035770",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035770"
},
{
"name": "RHSA-2016:1138",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1138"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2016_9.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_9.txt"
},
{
"name": "RHSA-2016:1139",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1139"
},
{
"name": "SUSE-SU-2016:2089",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "[oss-security] 20160506 CVE Request: Squid HTTP caching proxy",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/06/3"
},
{
"name": "DSA-3625",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3625"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4556",
"datePublished": "2016-05-10T19:00:00",
"dateReserved": "2016-05-06T00:00:00",
"dateUpdated": "2024-08-06T00:32:25.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-12523
Vulnerability from cvelistv5
Published
2019-11-26 16:39
Modified
2024-08-04 23:24
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restricted HTTP servers, e.g., an attacker can connect to HTTP servers that only listen on localhost.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html | x_refsource_CONFIRM | |
| http://www.squid-cache.org/Advisories/SQUID-2019_8.txt | x_refsource_CONFIRM | |
| https://bugzilla.suse.com/show_bug.cgi?id=1156329 | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/4213-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/ | vendor-advisory, x_refsource_FEDORA | |
| https://www.debian.org/security/2020/dsa-4682 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html | mailing-list, x_refsource_MLIST | |
| https://usn.ubuntu.com/4446-1/ | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:24:39.198Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_8.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1156329"
},
{
"name": "USN-4213-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4213-1/"
},
{
"name": "FEDORA-2019-0b16cbdd0e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/"
},
{
"name": "FEDORA-2019-9538783033",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/"
},
{
"name": "DSA-4682",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"name": "USN-4446-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4446-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn\u0027t go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restricted HTTP servers, e.g., an attacker can connect to HTTP servers that only listen on localhost."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-05T19:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_8.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1156329"
},
{
"name": "USN-4213-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4213-1/"
},
{
"name": "FEDORA-2019-0b16cbdd0e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/"
},
{
"name": "FEDORA-2019-9538783033",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/"
},
{
"name": "DSA-4682",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"name": "USN-4446-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4446-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn\u0027t go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restricted HTTP servers, e.g., an attacker can connect to HTTP servers that only listen on localhost."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html",
"refsource": "CONFIRM",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2019_8.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_8.txt"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1156329",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1156329"
},
{
"name": "USN-4213-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4213-1/"
},
{
"name": "FEDORA-2019-0b16cbdd0e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/"
},
{
"name": "FEDORA-2019-9538783033",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/"
},
{
"name": "DSA-4682",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"name": "USN-4446-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4446-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12523",
"datePublished": "2019-11-26T16:39:59",
"dateReserved": "2019-06-02T00:00:00",
"dateUpdated": "2024-08-04T23:24:39.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0211
Vulnerability from cvelistv5
Published
2005-02-06 05:00
Modified
2024-08-07 21:05
Severity ?
EPSS score ?
Summary
Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recvfrom function call that uses an incorrect length parameter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:05:25.302Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1013045",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013045"
},
{
"name": "13319",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/13319"
},
{
"name": "VU#886006",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/886006"
},
{
"name": "14076",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14076"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "12432",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12432"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-wccp_buffer_overflow.patch"
},
{
"name": "RHSA-2005:061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "oval:org.mitre.oval:def:9573",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9573"
},
{
"name": "MDKSA-2005:034",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034"
},
{
"name": "DSA-667",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"name": "20050207 [USN-77-1] Squid vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"name": "SUSE-SA:2005:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-wccp_buffer_overflow"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recvfrom function call that uses an incorrect length parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1013045",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013045"
},
{
"name": "13319",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/13319"
},
{
"name": "VU#886006",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/886006"
},
{
"name": "14076",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14076"
},
{
"name": "FLSA-2006:152809",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "12432",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12432"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-wccp_buffer_overflow.patch"
},
{
"name": "RHSA-2005:061",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "oval:org.mitre.oval:def:9573",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9573"
},
{
"name": "MDKSA-2005:034",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034"
},
{
"name": "DSA-667",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"name": "20050207 [USN-77-1] Squid vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"name": "SUSE-SA:2005:006",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-wccp_buffer_overflow"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recvfrom function call that uses an incorrect length parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1013045",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013045"
},
{
"name": "13319",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/13319"
},
{
"name": "VU#886006",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/886006"
},
{
"name": "14076",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14076"
},
{
"name": "FLSA-2006:152809",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "12432",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12432"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-wccp_buffer_overflow.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-wccp_buffer_overflow.patch"
},
{
"name": "RHSA-2005:061",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "oval:org.mitre.oval:def:9573",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9573"
},
{
"name": "MDKSA-2005:034",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034"
},
{
"name": "DSA-667",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"name": "20050207 [USN-77-1] Squid vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"name": "SUSE-SA:2005:006",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-wccp_buffer_overflow",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-wccp_buffer_overflow"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0211",
"datePublished": "2005-02-06T05:00:00",
"dateReserved": "2005-02-01T00:00:00",
"dateUpdated": "2024-08-07T21:05:25.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-0881
Vulnerability from cvelistv5
Published
2015-02-20 11:00
Modified
2024-08-06 04:26
Severity ?
EPSS score ?
Summary
CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2015-000019 | third-party-advisory, x_refsource_JVNDB | |
| http://jvn.jp/en/jp/JVN64455813/index.html | third-party-advisory, x_refsource_JVN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:26:11.206Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2015-000019",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000019"
},
{
"name": "JVN#64455813",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN64455813/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-02-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-03-02T09:57:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2015-000019",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000019"
},
{
"name": "JVN#64455813",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN64455813/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2015-0881",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2015-000019",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000019"
},
{
"name": "JVN#64455813",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN64455813/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2015-0881",
"datePublished": "2015-02-20T11:00:00",
"dateReserved": "2015-01-08T00:00:00",
"dateUpdated": "2024-08-06T04:26:11.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-18677
Vulnerability from cvelistv5
Published
2019-11-26 16:21
Modified
2024-08-05 01:54
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be delivered to.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:54:14.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/pull/427"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1156328"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_9.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-36492033ea4097821a4f7ff3ddcb971fbd1e8ba0.patch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-e5f1813a674848dde570f7920873e1071f96e0b4.patch"
},
{
"name": "USN-4213-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4213-1/"
},
{
"name": "FEDORA-2019-0b16cbdd0e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/"
},
{
"name": "FEDORA-2019-9538783033",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/"
},
{
"name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2028-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html"
},
{
"name": "DSA-4682",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be delivered to."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-10T23:06:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/squid-cache/squid/pull/427"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1156328"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_9.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-36492033ea4097821a4f7ff3ddcb971fbd1e8ba0.patch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-e5f1813a674848dde570f7920873e1071f96e0b4.patch"
},
{
"name": "USN-4213-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4213-1/"
},
{
"name": "FEDORA-2019-0b16cbdd0e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/"
},
{
"name": "FEDORA-2019-9538783033",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/"
},
{
"name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2028-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html"
},
{
"name": "DSA-4682",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18677",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be delivered to."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/squid-cache/squid/pull/427",
"refsource": "MISC",
"url": "https://github.com/squid-cache/squid/pull/427"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1156328",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1156328"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2019_9.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_9.txt"
},
{
"name": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-36492033ea4097821a4f7ff3ddcb971fbd1e8ba0.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-36492033ea4097821a4f7ff3ddcb971fbd1e8ba0.patch"
},
{
"name": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-e5f1813a674848dde570f7920873e1071f96e0b4.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-e5f1813a674848dde570f7920873e1071f96e0b4.patch"
},
{
"name": "USN-4213-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4213-1/"
},
{
"name": "FEDORA-2019-0b16cbdd0e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/"
},
{
"name": "FEDORA-2019-9538783033",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/"
},
{
"name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2028-1] squid3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html"
},
{
"name": "DSA-4682",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18677",
"datePublished": "2019-11-26T16:21:59",
"dateReserved": "2019-11-04T00:00:00",
"dateUpdated": "2024-08-05T01:54:14.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-49286
Vulnerability from cvelistv5
Published
2023-12-04 22:53
Modified
2025-02-13 17:18
Severity ?
EPSS score ?
Summary
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| squid-cache | squid |
Version: < 6.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:53:45.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/squid-cache/squid/security/advisories/GHSA-xggx-9329-3c27",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-xggx-9329-3c27"
},
{
"name": "https://github.com/squid-cache/squid/commit/6014c6648a2a54a4ecb7f952ea1163e0798f9264",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/commit/6014c6648a2a54a4ecb7f952ea1163e0798f9264"
},
{
"name": "http://www.squid-cache.org/Versions/v6/SQUID-2023_8.patch",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v6/SQUID-2023_8.patch"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240119-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "squid",
"vendor": "squid-cache",
"versions": [
{
"status": "affected",
"version": "\u003c 6.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "CWE-617: Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-253",
"description": "CWE-253: Incorrect Check of Function Return Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-19T16:06:22.401Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/squid-cache/squid/security/advisories/GHSA-xggx-9329-3c27",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-xggx-9329-3c27"
},
{
"name": "https://github.com/squid-cache/squid/commit/6014c6648a2a54a4ecb7f952ea1163e0798f9264",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/squid-cache/squid/commit/6014c6648a2a54a4ecb7f952ea1163e0798f9264"
},
{
"name": "http://www.squid-cache.org/Versions/v6/SQUID-2023_8.patch",
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Versions/v6/SQUID-2023_8.patch"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240119-0004/"
}
],
"source": {
"advisory": "GHSA-xggx-9329-3c27",
"discovery": "UNKNOWN"
},
"title": "Denial of Service in Helper Process management"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-49286",
"datePublished": "2023-12-04T22:53:44.827Z",
"dateReserved": "2023-11-24T16:45:24.312Z",
"dateUpdated": "2025-02-13T17:18:38.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4051
Vulnerability from cvelistv5
Published
2016-04-25 14:00
Modified
2024-08-06 00:17
Severity ?
EPSS score ?
Summary
Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:17:30.083Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201607-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_5.txt"
},
{
"name": "SUSE-SU-2016:1996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "1035646",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035646"
},
{
"name": "[oss-security] 20160421 CVE Request: Squid HTTP Caching Proxy multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/6"
},
{
"name": "USN-2995-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2995-1"
},
{
"name": "RHSA-2016:1140",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1140"
},
{
"name": "openSUSE-SU-2016:2081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"name": "RHSA-2016:1138",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1138"
},
{
"name": "91787",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "RHSA-2016:1139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1139"
},
{
"name": "SUSE-SU-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "[oss-security] 20160420 Re: CVE Request: Squid HTTP Caching Proxy multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/9"
},
{
"name": "DSA-3625",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3625"
},
{
"name": "86788",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/86788"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-28T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201607-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_5.txt"
},
{
"name": "SUSE-SU-2016:1996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "1035646",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035646"
},
{
"name": "[oss-security] 20160421 CVE Request: Squid HTTP Caching Proxy multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/6"
},
{
"name": "USN-2995-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2995-1"
},
{
"name": "RHSA-2016:1140",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1140"
},
{
"name": "openSUSE-SU-2016:2081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"name": "RHSA-2016:1138",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1138"
},
{
"name": "91787",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "RHSA-2016:1139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1139"
},
{
"name": "SUSE-SU-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "[oss-security] 20160420 Re: CVE Request: Squid HTTP Caching Proxy multiple issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/9"
},
{
"name": "DSA-3625",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3625"
},
{
"name": "86788",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/86788"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4051",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201607-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2016_5.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_5.txt"
},
{
"name": "SUSE-SU-2016:1996",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "1035646",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035646"
},
{
"name": "[oss-security] 20160421 CVE Request: Squid HTTP Caching Proxy multiple issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/6"
},
{
"name": "USN-2995-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2995-1"
},
{
"name": "RHSA-2016:1140",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1140"
},
{
"name": "openSUSE-SU-2016:2081",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"name": "RHSA-2016:1138",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1138"
},
{
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "RHSA-2016:1139",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1139"
},
{
"name": "SUSE-SU-2016:2089",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "[oss-security] 20160420 Re: CVE Request: Squid HTTP Caching Proxy multiple issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/9"
},
{
"name": "DSA-3625",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3625"
},
{
"name": "86788",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/86788"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4051",
"datePublished": "2016-04-25T14:00:00",
"dateReserved": "2016-04-20T00:00:00",
"dateUpdated": "2024-08-06T00:17:30.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0639
Vulnerability from cvelistv5
Published
2010-02-15 18:00
Modified
2024-08-07 00:52
Severity ?
EPSS score ?
Summary
The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037159.html | vendor-advisory, x_refsource_FEDORA | |
| http://osvdb.org/62297 | vdb-entry, x_refsource_OSVDB | |
| http://www.squid-cache.org/Advisories/SQUID-2010_2.txt | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2010/0371 | vdb-entry, x_refsource_VUPEN | |
| http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035961.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.vupen.com/english/advisories/2010/0603 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/38812 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.squid-cache.org/Versions/v3/3.0/changesets/3.0-ADV-2010_2.patch | x_refsource_MISC | |
| http://bugs.squid-cache.org/show_bug.cgi?id=2858 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/38212 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id?1023587 | vdb-entry, x_refsource_SECTRACK | |
| http://www.squid-cache.org/Versions/v2/2.7/changesets/12600.patch | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:52:20.117Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2010-2434",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037159.html"
},
{
"name": "62297",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/62297"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2010_2.txt"
},
{
"name": "ADV-2010-0371",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0371"
},
{
"name": "FEDORA-2010-3064",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035961.html"
},
{
"name": "ADV-2010-0603",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0603"
},
{
"name": "38812",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38812"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v3/3.0/changesets/3.0-ADV-2010_2.patch"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.squid-cache.org/show_bug.cgi?id=2858"
},
{
"name": "38212",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38212"
},
{
"name": "1023587",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023587"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v2/2.7/changesets/12600.patch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-26T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2010-2434",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037159.html"
},
{
"name": "62297",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/62297"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2010_2.txt"
},
{
"name": "ADV-2010-0371",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0371"
},
{
"name": "FEDORA-2010-3064",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035961.html"
},
{
"name": "ADV-2010-0603",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0603"
},
{
"name": "38812",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38812"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Versions/v3/3.0/changesets/3.0-ADV-2010_2.patch"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.squid-cache.org/show_bug.cgi?id=2858"
},
{
"name": "38212",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38212"
},
{
"name": "1023587",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023587"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Versions/v2/2.7/changesets/12600.patch"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0639",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2010-2434",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037159.html"
},
{
"name": "62297",
"refsource": "OSVDB",
"url": "http://osvdb.org/62297"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2010_2.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2010_2.txt"
},
{
"name": "ADV-2010-0371",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0371"
},
{
"name": "FEDORA-2010-3064",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035961.html"
},
{
"name": "ADV-2010-0603",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0603"
},
{
"name": "38812",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38812"
},
{
"name": "http://www.squid-cache.org/Versions/v3/3.0/changesets/3.0-ADV-2010_2.patch",
"refsource": "MISC",
"url": "http://www.squid-cache.org/Versions/v3/3.0/changesets/3.0-ADV-2010_2.patch"
},
{
"name": "http://bugs.squid-cache.org/show_bug.cgi?id=2858",
"refsource": "MISC",
"url": "http://bugs.squid-cache.org/show_bug.cgi?id=2858"
},
{
"name": "38212",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38212"
},
{
"name": "1023587",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023587"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.7/changesets/12600.patch",
"refsource": "MISC",
"url": "http://www.squid-cache.org/Versions/v2/2.7/changesets/12600.patch"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0639",
"datePublished": "2010-02-15T18:00:00",
"dateReserved": "2010-02-15T00:00:00",
"dateUpdated": "2024-08-07T00:52:20.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-12525
Vulnerability from cvelistv5
Published
2019-07-11 18:17
Modified
2024-08-04 23:24
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token's value starts with a quote and ends with one. If so, it performs a memcpy of its length minus 2. Squid never checks whether the value is just a single quote (which would satisfy its requirements), leading to a memcpy of its length minus 1.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:24:38.574Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/commits/v4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch"
},
{
"name": "USN-4065-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4065-1/"
},
{
"name": "[debian-lts-announce] 20190720 [SECURITY] [DLA 1858-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00018.html"
},
{
"name": "USN-4065-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4065-2/"
},
{
"name": "FEDORA-2019-cb50bcc189",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/"
},
{
"name": "DSA-4507",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4507"
},
{
"name": "20190825 [SECURITY] [DSA 4507-1] squid security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/42"
},
{
"name": "openSUSE-SU-2019:2540",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html"
},
{
"name": "openSUSE-SU-2019:2541",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-06-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token\u0027s value starts with a quote and ends with one. If so, it performs a memcpy of its length minus 2. Squid never checks whether the value is just a single quote (which would satisfy its requirements), leading to a memcpy of its length minus 1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-10T23:06:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/squid-cache/squid/commits/v4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch"
},
{
"name": "USN-4065-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4065-1/"
},
{
"name": "[debian-lts-announce] 20190720 [SECURITY] [DLA 1858-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00018.html"
},
{
"name": "USN-4065-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4065-2/"
},
{
"name": "FEDORA-2019-cb50bcc189",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/"
},
{
"name": "DSA-4507",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4507"
},
{
"name": "20190825 [SECURITY] [DSA 4507-1] squid security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/42"
},
{
"name": "openSUSE-SU-2019:2540",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html"
},
{
"name": "openSUSE-SU-2019:2541",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12525",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token\u0027s value starts with a quote and ends with one. If so, it performs a memcpy of its length minus 2. Squid never checks whether the value is just a single quote (which would satisfy its requirements), leading to a memcpy of its length minus 1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Versions/v4/changesets/",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v4/changesets/"
},
{
"name": "https://github.com/squid-cache/squid/commits/v4",
"refsource": "CONFIRM",
"url": "https://github.com/squid-cache/squid/commits/v4"
},
{
"name": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch"
},
{
"name": "USN-4065-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4065-1/"
},
{
"name": "[debian-lts-announce] 20190720 [SECURITY] [DLA 1858-1] squid3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00018.html"
},
{
"name": "USN-4065-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4065-2/"
},
{
"name": "FEDORA-2019-cb50bcc189",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/"
},
{
"name": "DSA-4507",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4507"
},
{
"name": "20190825 [SECURITY] [DSA 4507-1] squid security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/42"
},
{
"name": "openSUSE-SU-2019:2540",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html"
},
{
"name": "openSUSE-SU-2019:2541",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12525",
"datePublished": "2019-07-11T18:17:49",
"dateReserved": "2019-06-02T00:00:00",
"dateUpdated": "2024-08-04T23:24:38.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2213
Vulnerability from cvelistv5
Published
2012-04-28 10:00
Modified
2024-09-16 22:19
Severity ?
EPSS score ?
Summary
Squid 3.1.9 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher is unable to provide a squid.conf file for a vulnerable system, and the observed behavior is consistent with a squid.conf file that was (perhaps inadvertently) designed to allow access based on a "req_header Host" acl regex that matches www.uol.com.br
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2012-04/0146.html | mailing-list, x_refsource_BUGTRAQ | |
| http://archives.neohapsis.com/archives/bugtraq/2012-04/0163.html | mailing-list, x_refsource_BUGTRAQ | |
| http://archives.neohapsis.com/archives/bugtraq/2012-04/0131.html | mailing-list, x_refsource_BUGTRAQ | |
| http://archives.neohapsis.com/archives/bugtraq/2012-04/0165.html | mailing-list, x_refsource_BUGTRAQ | |
| http://archives.neohapsis.com/archives/bugtraq/2012-04/0117.html | mailing-list, x_refsource_BUGTRAQ | |
| http://archives.neohapsis.com/archives/bugtraq/2012-04/0140.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:26:08.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20120419 RE: Squid URL Filtering Bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0146.html"
},
{
"name": "20120420 Re: Squid URL Filtering Bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0163.html"
},
{
"name": "20120418 Re: Squid URL Filtering Bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0131.html"
},
{
"name": "20120421 Re: Squid URL Filtering Bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0165.html"
},
{
"name": "20120416 Squid URL Filtering Bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0117.html"
},
{
"name": "20120419 Re: Squid URL Filtering Bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0140.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Squid 3.1.9 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher is unable to provide a squid.conf file for a vulnerable system, and the observed behavior is consistent with a squid.conf file that was (perhaps inadvertently) designed to allow access based on a \"req_header Host\" acl regex that matches www.uol.com.br"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-04-28T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20120419 RE: Squid URL Filtering Bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0146.html"
},
{
"name": "20120420 Re: Squid URL Filtering Bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0163.html"
},
{
"name": "20120418 Re: Squid URL Filtering Bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0131.html"
},
{
"name": "20120421 Re: Squid URL Filtering Bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0165.html"
},
{
"name": "20120416 Squid URL Filtering Bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0117.html"
},
{
"name": "20120419 Re: Squid URL Filtering Bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0140.html"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Squid 3.1.9 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher is unable to provide a squid.conf file for a vulnerable system, and the observed behavior is consistent with a squid.conf file that was (perhaps inadvertently) designed to allow access based on a \"req_header Host\" acl regex that matches www.uol.com.br."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120419 RE: Squid URL Filtering Bypass",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0146.html"
},
{
"name": "20120420 Re: Squid URL Filtering Bypass",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0163.html"
},
{
"name": "20120418 Re: Squid URL Filtering Bypass",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0131.html"
},
{
"name": "20120421 Re: Squid URL Filtering Bypass",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0165.html"
},
{
"name": "20120416 Squid URL Filtering Bypass",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0117.html"
},
{
"name": "20120419 Re: Squid URL Filtering Bypass",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0140.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2213",
"datePublished": "2012-04-28T10:00:00Z",
"dateReserved": "2012-04-06T00:00:00Z",
"dateUpdated": "2024-09-16T22:19:37.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33620
Vulnerability from cvelistv5
Published
2021-05-28 00:00
Modified
2024-08-03 23:58
Severity ?
EPSS score ?
Summary
Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:21.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-572g-rvwr-6c7f"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v5/changesets/squid-5-8af775ed98bfd610f9ce762fe177e01b2675588c.patch"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-1e05a85bd28c22c9ca5d3ac9f5e86d6269ec0a8c.patch"
},
{
"name": "FEDORA-2021-c0bec55ec7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/"
},
{
"name": "FEDORA-2021-24af72ff2c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/"
},
{
"name": "[debian-lts-announce] 20210614 [SECURITY] [DLA 2685-1] squid3 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html"
},
{
"name": "[oss-security] 20231011 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/11/3"
},
{
"name": "20231016 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:L/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-17T04:06:14.805254",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-572g-rvwr-6c7f"
},
{
"url": "http://www.squid-cache.org/Versions/v5/changesets/squid-5-8af775ed98bfd610f9ce762fe177e01b2675588c.patch"
},
{
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-1e05a85bd28c22c9ca5d3ac9f5e86d6269ec0a8c.patch"
},
{
"name": "FEDORA-2021-c0bec55ec7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/"
},
{
"name": "FEDORA-2021-24af72ff2c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/"
},
{
"name": "[debian-lts-announce] 20210614 [SECURITY] [DLA 2685-1] squid3 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html"
},
{
"name": "[oss-security] 20231011 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/11/3"
},
{
"name": "20231016 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-33620",
"datePublished": "2021-05-28T00:00:00",
"dateReserved": "2021-05-28T00:00:00",
"dateUpdated": "2024-08-03T23:58:21.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8449
Vulnerability from cvelistv5
Published
2020-02-04 19:50
Modified
2024-08-04 09:56
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:28.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2020_1.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch"
},
{
"name": "USN-4289-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4289-1/"
},
{
"name": "openSUSE-SU-2020:0307",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html"
},
{
"name": "GLSA-202003-34",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-34"
},
{
"name": "FEDORA-2020-ab8e7463ab",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/"
},
{
"name": "FEDORA-2020-790296a8f4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/"
},
{
"name": "openSUSE-SU-2020:0606",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html"
},
{
"name": "DSA-4682",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210304-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-04T12:06:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2020_1.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch"
},
{
"name": "USN-4289-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4289-1/"
},
{
"name": "openSUSE-SU-2020:0307",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html"
},
{
"name": "GLSA-202003-34",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-34"
},
{
"name": "FEDORA-2020-ab8e7463ab",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/"
},
{
"name": "FEDORA-2020-790296a8f4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/"
},
{
"name": "openSUSE-SU-2020:0606",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html"
},
{
"name": "DSA-4682",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210304-0002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-8449",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2020_1.txt",
"refsource": "MISC",
"url": "http://www.squid-cache.org/Advisories/SQUID-2020_1.txt"
},
{
"name": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch",
"refsource": "MISC",
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch"
},
{
"name": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch",
"refsource": "MISC",
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch"
},
{
"name": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch",
"refsource": "MISC",
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch"
},
{
"name": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch",
"refsource": "MISC",
"url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch"
},
{
"name": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch",
"refsource": "MISC",
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch"
},
{
"name": "USN-4289-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4289-1/"
},
{
"name": "openSUSE-SU-2020:0307",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html"
},
{
"name": "GLSA-202003-34",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-34"
},
{
"name": "FEDORA-2020-ab8e7463ab",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/"
},
{
"name": "FEDORA-2020-790296a8f4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/"
},
{
"name": "openSUSE-SU-2020:0606",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html"
},
{
"name": "DSA-4682",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210304-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210304-0002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-8449",
"datePublished": "2020-02-04T19:50:21",
"dateReserved": "2020-01-30T00:00:00",
"dateUpdated": "2024-08-04T09:56:28.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4555
Vulnerability from cvelistv5
Published
2016-05-10 19:00
Modified
2024-08-06 00:32
Severity ?
EPSS score ?
Summary
client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.838Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.squid-cache.org/show_bug.cgi?id=4455"
},
{
"name": "GLSA-201607-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_9.patch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "SUSE-SU-2016:1996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_9.patch"
},
{
"name": "USN-2995-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2995-1"
},
{
"name": "[oss-security] 20160506 Re: CVE Request: Squid HTTP caching proxy",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/06/5"
},
{
"name": "RHSA-2016:1140",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1140"
},
{
"name": "openSUSE-SU-2016:2081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"name": "1035770",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035770"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_9.txt"
},
{
"name": "RHSA-2016:1139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1139"
},
{
"name": "SUSE-SU-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "[oss-security] 20160506 CVE Request: Squid HTTP caching proxy",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/06/3"
},
{
"name": "DSA-3625",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3625"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-28T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.squid-cache.org/show_bug.cgi?id=4455"
},
{
"name": "GLSA-201607-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_9.patch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "SUSE-SU-2016:1996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_9.patch"
},
{
"name": "USN-2995-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2995-1"
},
{
"name": "[oss-security] 20160506 Re: CVE Request: Squid HTTP caching proxy",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/06/5"
},
{
"name": "RHSA-2016:1140",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1140"
},
{
"name": "openSUSE-SU-2016:2081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"name": "1035770",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035770"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_9.txt"
},
{
"name": "RHSA-2016:1139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1139"
},
{
"name": "SUSE-SU-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "[oss-security] 20160506 CVE Request: Squid HTTP caching proxy",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/06/3"
},
{
"name": "DSA-3625",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3625"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4555",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.squid-cache.org/show_bug.cgi?id=4455",
"refsource": "CONFIRM",
"url": "http://bugs.squid-cache.org/show_bug.cgi?id=4455"
},
{
"name": "GLSA-201607-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"name": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_9.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_9.patch"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "SUSE-SU-2016:1996",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_9.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_9.patch"
},
{
"name": "USN-2995-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2995-1"
},
{
"name": "[oss-security] 20160506 Re: CVE Request: Squid HTTP caching proxy",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/06/5"
},
{
"name": "RHSA-2016:1140",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1140"
},
{
"name": "openSUSE-SU-2016:2081",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"name": "1035770",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035770"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2016_9.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_9.txt"
},
{
"name": "RHSA-2016:1139",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1139"
},
{
"name": "SUSE-SU-2016:2089",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "[oss-security] 20160506 CVE Request: Squid HTTP caching proxy",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/06/3"
},
{
"name": "DSA-3625",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3625"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4555",
"datePublished": "2016-05-10T19:00:00",
"dateReserved": "2016-05-06T00:00:00",
"dateUpdated": "2024-08-06T00:32:25.838Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-45802
Vulnerability from cvelistv5
Published
2024-10-28 14:36
Modified
2025-01-03 12:04
Severity ?
EPSS score ?
Summary
Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the default build configuration of Squid version 6.10.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/squid-cache/squid/security/advisories/GHSA-f975-v7qw-q7hj | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| squid-cache | squid |
Version: >= 3.0, < 6.10 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:squid-cache:squid:3.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "squid",
"vendor": "squid-cache",
"versions": [
{
"lessThan": "6.10",
"status": "affected",
"version": "3.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45802",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T14:47:34.303324Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T14:48:42.415Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-01-03T12:04:26.853Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250103-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "squid",
"vendor": "squid-cache",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0, \u003c 6.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the default build configuration of Squid version 6.10."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T14:36:13.297Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/squid-cache/squid/security/advisories/GHSA-f975-v7qw-q7hj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-f975-v7qw-q7hj"
}
],
"source": {
"advisory": "GHSA-f975-v7qw-q7hj",
"discovery": "UNKNOWN"
},
"title": "Squid Denial of Service"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-45802",
"datePublished": "2024-10-28T14:36:13.297Z",
"dateReserved": "2024-09-09T14:23:07.504Z",
"dateUpdated": "2025-01-03T12:04:26.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-46728
Vulnerability from cvelistv5
Published
2023-11-06 17:13
Modified
2025-02-13 17:14
Severity ?
EPSS score ?
Summary
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| squid-cache | squid |
Version: < 6.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:21.619Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/squid-cache/squid/security/advisories/GHSA-cg5h-v6vc-w33f",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-cg5h-v6vc-w33f"
},
{
"name": "https://github.com/squid-cache/squid/commit/6ea12e8fb590ac6959e9356a81aa3370576568c3",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/commit/6ea12e8fb590ac6959e9356a81aa3370576568c3"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231214-0006/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46728",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T16:14:28.614073Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T16:14:38.802Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "squid",
"vendor": "squid-cache",
"versions": [
{
"status": "affected",
"version": "\u003c 6.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid\u0027s Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T03:06:28.348Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/squid-cache/squid/security/advisories/GHSA-cg5h-v6vc-w33f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-cg5h-v6vc-w33f"
},
{
"name": "https://github.com/squid-cache/squid/commit/6ea12e8fb590ac6959e9356a81aa3370576568c3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/squid-cache/squid/commit/6ea12e8fb590ac6959e9356a81aa3370576568c3"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231214-0006/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/"
}
],
"source": {
"advisory": "GHSA-cg5h-v6vc-w33f",
"discovery": "UNKNOWN"
},
"title": "SQUID-2021:8 Denial of Service in Gopher gateway"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-46728",
"datePublished": "2023-11-06T17:13:45.821Z",
"dateReserved": "2023-10-25T14:30:33.751Z",
"dateUpdated": "2025-02-13T17:14:33.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4553
Vulnerability from cvelistv5
Published
2016-05-10 19:00
Modified
2024-08-06 00:32
Severity ?
EPSS score ?
Summary
client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.689Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201607-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.squid-cache.org/show_bug.cgi?id=4501"
},
{
"name": "SUSE-SU-2016:1996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_7.txt"
},
{
"name": "USN-2995-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2995-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14039.patch"
},
{
"name": "RHSA-2016:1140",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1140"
},
{
"name": "openSUSE-SU-2016:2081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"name": "RHSA-2016:1139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1139"
},
{
"name": "SUSE-SU-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "1035768",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035768"
},
{
"name": "DSA-3625",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3625"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-28T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201607-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.squid-cache.org/show_bug.cgi?id=4501"
},
{
"name": "SUSE-SU-2016:1996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_7.txt"
},
{
"name": "USN-2995-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2995-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14039.patch"
},
{
"name": "RHSA-2016:1140",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1140"
},
{
"name": "openSUSE-SU-2016:2081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"name": "RHSA-2016:1139",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:1139"
},
{
"name": "SUSE-SU-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "1035768",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035768"
},
{
"name": "DSA-3625",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3625"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4553",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201607-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"name": "http://bugs.squid-cache.org/show_bug.cgi?id=4501",
"refsource": "CONFIRM",
"url": "http://bugs.squid-cache.org/show_bug.cgi?id=4501"
},
{
"name": "SUSE-SU-2016:1996",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2016_7.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_7.txt"
},
{
"name": "USN-2995-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2995-1"
},
{
"name": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14039.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14039.patch"
},
{
"name": "RHSA-2016:1140",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1140"
},
{
"name": "openSUSE-SU-2016:2081",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"name": "RHSA-2016:1139",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1139"
},
{
"name": "SUSE-SU-2016:2089",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "1035768",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035768"
},
{
"name": "DSA-3625",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3625"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4553",
"datePublished": "2016-05-10T19:00:00",
"dateReserved": "2016-05-06T00:00:00",
"dateUpdated": "2024-08-06T00:32:25.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3947
Vulnerability from cvelistv5
Published
2016-04-07 18:00
Modified
2024-08-06 00:10
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 packet.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:10:31.953Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14015.patch"
},
{
"name": "GLSA-201607-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"name": "SUSE-SU-2016:1996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11839.patch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_3.txt"
},
{
"name": "USN-2995-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2995-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10495.patch"
},
{
"name": "1035457",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035457"
},
{
"name": "openSUSE-SU-2016:2081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"name": "SUSE-SU-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13232.patch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12694.patch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 packet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14015.patch"
},
{
"name": "GLSA-201607-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"name": "SUSE-SU-2016:1996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11839.patch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_3.txt"
},
{
"name": "USN-2995-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2995-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10495.patch"
},
{
"name": "1035457",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035457"
},
{
"name": "openSUSE-SU-2016:2081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"name": "SUSE-SU-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13232.patch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12694.patch"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3947",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14015.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14015.patch"
},
{
"name": "GLSA-201607-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"name": "SUSE-SU-2016:1996",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11839.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11839.patch"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2016_3.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_3.txt"
},
{
"name": "USN-2995-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2995-1"
},
{
"name": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10495.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10495.patch"
},
{
"name": "1035457",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035457"
},
{
"name": "openSUSE-SU-2016:2081",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"name": "SUSE-SU-2016:2089",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13232.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13232.patch"
},
{
"name": "http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12694.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12694.patch"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-3947",
"datePublished": "2016-04-07T18:00:00",
"dateReserved": "2016-04-01T00:00:00",
"dateUpdated": "2024-08-06T00:10:31.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-49288
Vulnerability from cvelistv5
Published
2023-12-04 22:49
Modified
2025-02-13 17:18
Severity ?
EPSS score ?
Summary
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with "collapsed_forwarding on" are vulnerable. Configurations with "collapsed_forwarding off" or without a "collapsed_forwarding" directive are not vulnerable. This bug is fixed by Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should remove all collapsed_forwarding lines from their squid.conf.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| squid-cache | squid |
Version: >= 3.5, < 6.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:53:44.876Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/squid-cache/squid/security/advisories/GHSA-rj5h-46j6-q2g5",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-rj5h-46j6-q2g5"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240119-0006/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-49288",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:28:35.294191Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T17:38:43.439Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "squid",
"vendor": "squid-cache",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.5, \u003c 6.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with \"collapsed_forwarding on\" are vulnerable. Configurations with \"collapsed_forwarding off\" or without a \"collapsed_forwarding\" directive are not vulnerable. This bug is fixed by Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should remove all collapsed_forwarding lines from their squid.conf."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416: Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-19T16:06:26.067Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/squid-cache/squid/security/advisories/GHSA-rj5h-46j6-q2g5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-rj5h-46j6-q2g5"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240119-0006/"
}
],
"source": {
"advisory": "GHSA-rj5h-46j6-q2g5",
"discovery": "UNKNOWN"
},
"title": "Denial of Service in HTTP Collapsed Forwarding in Squid"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-49288",
"datePublished": "2023-12-04T22:49:31.317Z",
"dateReserved": "2023-11-24T16:45:24.312Z",
"dateUpdated": "2025-02-13T17:18:39.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-25111
Vulnerability from cvelistv5
Published
2024-03-06 18:14
Modified
2025-02-13 17:40
Severity ?
EPSS score ?
Summary
Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending a crafted, chunked, encoded HTTP Message. This bug is fixed in Squid version 6.8. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. There is no workaround for this issue.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| squid-cache | squid |
Version: >= 3.5.27, < 6.8 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netapp:bluexp:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bluexp",
"vendor": "netapp",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:squid-cache:squid:3.5.27:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "squid",
"vendor": "squid-cache",
"versions": [
{
"lessThan": "6.8",
"status": "affected",
"version": "3.5.27",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fedora",
"vendor": "fedoraproject",
"versions": [
{
"status": "affected",
"version": "38"
}
]
},
{
"cpes": [
"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fedora",
"vendor": "fedoraproject",
"versions": [
{
"status": "affected",
"version": "39"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25111",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-25T16:32:12.720279Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-25T16:34:20.389Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:36:21.702Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/squid-cache/squid/security/advisories/GHSA-72c2-c3wm-8qxc",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-72c2-c3wm-8qxc"
},
{
"name": "http://www.squid-cache.org/Versions/v6/SQUID-2024_1.patch",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v6/SQUID-2024_1.patch"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7R4KPSO3MQT3KAOZV7LC2GG3CYMCGK7H/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWQHRDRHDM5PQTU6BHH4C5KGL37X6TVI/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240605-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "squid",
"vendor": "squid-cache",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.5.27, \u003c 6.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending a crafted, chunked, encoded HTTP Message. This bug is fixed in Squid version 6.8. In addition, patches addressing this problem for the stable releases can be found in Squid\u0027s patch archives. There is no workaround for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674: Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T17:12:09.106Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/squid-cache/squid/security/advisories/GHSA-72c2-c3wm-8qxc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-72c2-c3wm-8qxc"
},
{
"name": "http://www.squid-cache.org/Versions/v6/SQUID-2024_1.patch",
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Versions/v6/SQUID-2024_1.patch"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7R4KPSO3MQT3KAOZV7LC2GG3CYMCGK7H/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWQHRDRHDM5PQTU6BHH4C5KGL37X6TVI/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240605-0001/"
}
],
"source": {
"advisory": "GHSA-72c2-c3wm-8qxc",
"discovery": "UNKNOWN"
},
"title": "SQUID-2024:1 Denial of Service in HTTP Chunked Decoding"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-25111",
"datePublished": "2024-03-06T18:14:28.889Z",
"dateReserved": "2024-02-05T14:14:46.378Z",
"dateUpdated": "2025-02-13T17:40:47.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-46724
Vulnerability from cvelistv5
Published
2023-11-01 19:09
Modified
2025-02-13 17:14
Severity ?
EPSS score ?
Summary
Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| squid-cache | squid |
Version: >= 3.3.0.1, < 6.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:20.863Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3"
},
{
"name": "https://github.com/squid-cache/squid/commit/b70f864940225dfe69f9f653f948e787f99c3810",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/commit/b70f864940225dfe69f9f653f948e787f99c3810"
},
{
"name": "http://www.squid-cache.org/Versions/v5/SQUID-2023_4.patch",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v5/SQUID-2023_4.patch"
},
{
"name": "http://www.squid-cache.org/Versions/v6/SQUID-2023_4.patch",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v6/SQUID-2023_4.patch"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231208-0001/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46724",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T20:13:11.511935Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T20:13:29.792Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "squid",
"vendor": "squid-cache",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.3.0.1, \u003c 6.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid\u0027s patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-129",
"description": "CWE-129: Improper Validation of Array Index",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-786",
"description": "CWE-786: Access of Memory Location Before Start of Buffer",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-823",
"description": "CWE-823: Use of Out-of-range Pointer Offset",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1285",
"description": "CWE-1285: Improper Validation of Specified Index, Position, or Offset in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T03:06:29.936Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3"
},
{
"name": "https://github.com/squid-cache/squid/commit/b70f864940225dfe69f9f653f948e787f99c3810",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/squid-cache/squid/commit/b70f864940225dfe69f9f653f948e787f99c3810"
},
{
"name": "http://www.squid-cache.org/Versions/v5/SQUID-2023_4.patch",
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Versions/v5/SQUID-2023_4.patch"
},
{
"name": "http://www.squid-cache.org/Versions/v6/SQUID-2023_4.patch",
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Versions/v6/SQUID-2023_4.patch"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231208-0001/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/"
}
],
"source": {
"advisory": "GHSA-73m6-jm96-c6r3",
"discovery": "UNKNOWN"
},
"title": "SQUID-2023:4 Denial of Service in SSL Certificate validation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-46724",
"datePublished": "2023-11-01T19:09:34.513Z",
"dateReserved": "2023-10-25T14:30:33.751Z",
"dateUpdated": "2025-02-13T17:14:32.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-49285
Vulnerability from cvelistv5
Published
2023-12-04 22:56
Modified
2025-02-13 17:18
Severity ?
EPSS score ?
Summary
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| squid-cache | squid |
Version: >= 2.2, < 6.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:53:45.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/squid-cache/squid/security/advisories/GHSA-8w9r-p88v-mmx9",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-8w9r-p88v-mmx9"
},
{
"name": "https://github.com/squid-cache/squid/commit/77b3fb4df0f126784d5fd4967c28ed40eb8d521b",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/commit/77b3fb4df0f126784d5fd4967c28ed40eb8d521b"
},
{
"name": "https://github.com/squid-cache/squid/commit/deee944f9a12c9fd399ce52f3e2526bb573a9470",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/commit/deee944f9a12c9fd399ce52f3e2526bb573a9470"
},
{
"name": "http://www.squid-cache.org/Versions/v5/SQUID-2023_7.patch",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v5/SQUID-2023_7.patch"
},
{
"name": "http://www.squid-cache.org/Versions/v6/SQUID-2023_7.patch",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v6/SQUID-2023_7.patch"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240119-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "squid",
"vendor": "squid-cache",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.2, \u003c 6.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126: Buffer Over-read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-19T16:06:24.188Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/squid-cache/squid/security/advisories/GHSA-8w9r-p88v-mmx9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-8w9r-p88v-mmx9"
},
{
"name": "https://github.com/squid-cache/squid/commit/77b3fb4df0f126784d5fd4967c28ed40eb8d521b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/squid-cache/squid/commit/77b3fb4df0f126784d5fd4967c28ed40eb8d521b"
},
{
"name": "https://github.com/squid-cache/squid/commit/deee944f9a12c9fd399ce52f3e2526bb573a9470",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/squid-cache/squid/commit/deee944f9a12c9fd399ce52f3e2526bb573a9470"
},
{
"name": "http://www.squid-cache.org/Versions/v5/SQUID-2023_7.patch",
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Versions/v5/SQUID-2023_7.patch"
},
{
"name": "http://www.squid-cache.org/Versions/v6/SQUID-2023_7.patch",
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Versions/v6/SQUID-2023_7.patch"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240119-0004/"
}
],
"source": {
"advisory": "GHSA-8w9r-p88v-mmx9",
"discovery": "UNKNOWN"
},
"title": "Denial of Service in HTTP Message Processing in Squid"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-49285",
"datePublished": "2023-12-04T22:56:55.105Z",
"dateReserved": "2023-11-24T16:45:24.312Z",
"dateUpdated": "2025-02-13T17:18:37.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-12521
Vulnerability from cvelistv5
Published
2020-04-15 18:47
Modified
2024-08-04 23:24
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while processing.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12521.txt | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2020/04/23/1 | mailing-list, x_refsource_MLIST | |
| https://www.debian.org/security/2020/dsa-4682 | vendor-advisory, x_refsource_DEBIAN | |
| http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html | vendor-advisory, x_refsource_SUSE | |
| https://security.gentoo.org/glsa/202005-05 | vendor-advisory, x_refsource_GENTOO | |
| https://usn.ubuntu.com/4356-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20210205-0006/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:24:38.850Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12521.txt"
},
{
"name": "[oss-security] 20200423 [ADVISORY] SQUID-2019:12 Multiple issues in ESI Response processing",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/04/23/1"
},
{
"name": "DSA-4682",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"name": "openSUSE-SU-2020:0623",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html"
},
{
"name": "GLSA-202005-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202005-05"
},
{
"name": "USN-4356-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4356-1/"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210205-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it\u0027s off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can\u0027t affect adjacent memory blocks, and thus just leads to a crash while processing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-05T11:06:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12521.txt"
},
{
"name": "[oss-security] 20200423 [ADVISORY] SQUID-2019:12 Multiple issues in ESI Response processing",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/04/23/1"
},
{
"name": "DSA-4682",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"name": "openSUSE-SU-2020:0623",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html"
},
{
"name": "GLSA-202005-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202005-05"
},
{
"name": "USN-4356-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4356-1/"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210205-0006/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12521",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it\u0027s off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can\u0027t affect adjacent memory blocks, and thus just leads to a crash while processing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12521.txt",
"refsource": "MISC",
"url": "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12521.txt"
},
{
"name": "[oss-security] 20200423 [ADVISORY] SQUID-2019:12 Multiple issues in ESI Response processing",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/04/23/1"
},
{
"name": "DSA-4682",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"name": "openSUSE-SU-2020:0623",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html"
},
{
"name": "GLSA-202005-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202005-05"
},
{
"name": "USN-4356-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4356-1/"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210205-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210205-0006/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12521",
"datePublished": "2020-04-15T18:47:43",
"dateReserved": "2019-06-02T00:00:00",
"dateUpdated": "2024-08-04T23:24:38.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4096
Vulnerability from cvelistv5
Published
2011-11-17 19:00
Modified
2024-08-06 23:53
Severity ?
EPSS score ?
Summary
The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record.
References
| ▼ | URL | Tags |
|---|---|---|
| http://bugs.squid-cache.org/show_bug.cgi?id=3237#c12 | x_refsource_MISC | |
| http://www.redhat.com/support/errata/RHSA-2011-1791.html | vendor-advisory, x_refsource_REDHAT | |
| http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html | vendor-advisory, x_refsource_SUSE | |
| http://www.openwall.com/lists/oss-security/2011/10/31/5 | mailing-list, x_refsource_MLIST | |
| http://www.securitytracker.com/id?1026265 | vdb-entry, x_refsource_SECTRACK | |
| http://www.openwall.com/lists/oss-security/2011/11/01/3 | mailing-list, x_refsource_MLIST | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2011:193 | vendor-advisory, x_refsource_MANDRIVA | |
| http://secunia.com/advisories/46609 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID_3_1_16.html | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html | vendor-advisory, x_refsource_SUSE | |
| http://secunia.com/advisories/47459 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:53:32.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.squid-cache.org/show_bug.cgi?id=3237#c12"
},
{
"name": "RHSA-2011:1791",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1791.html"
},
{
"name": "SUSE-SU-2016:1996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "[oss-security] 20111031 CVE Request -- Squid v3.1.16 -- Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/10/31/5"
},
{
"name": "1026265",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1026265"
},
{
"name": "[oss-security] 20111031 Re: CVE Request -- Squid v3.1.16 -- Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/01/3"
},
{
"name": "MDVSA-2011:193",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:193"
},
{
"name": "46609",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46609"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID_3_1_16.html"
},
{
"name": "SUSE-SU-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "47459",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47459"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-10-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.squid-cache.org/show_bug.cgi?id=3237#c12"
},
{
"name": "RHSA-2011:1791",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1791.html"
},
{
"name": "SUSE-SU-2016:1996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "[oss-security] 20111031 CVE Request -- Squid v3.1.16 -- Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/10/31/5"
},
{
"name": "1026265",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1026265"
},
{
"name": "[oss-security] 20111031 Re: CVE Request -- Squid v3.1.16 -- Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/01/3"
},
{
"name": "MDVSA-2011:193",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:193"
},
{
"name": "46609",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46609"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID_3_1_16.html"
},
{
"name": "SUSE-SU-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "47459",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47459"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4096",
"datePublished": "2011-11-17T19:00:00",
"dateReserved": "2011-10-18T00:00:00",
"dateUpdated": "2024-08-06T23:53:32.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23638
Vulnerability from cvelistv5
Published
2024-01-23 23:23
Modified
2025-02-13 17:39
Severity ?
EPSS score ?
Summary
Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client Manager reports. Squid older than 5.0.5 have not been tested and should be assumed to be vulnerable. All Squid-5.x up to and including 5.9 are vulnerable. All Squid-6.x up to and including 6.5 are vulnerable. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. As a workaround, prevent access to Cache Manager using Squid's main access control: `http_access deny manager`.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| squid-cache | squid |
Version: < 6.6 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:06:25.310Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/squid-cache/squid/security/advisories/GHSA-j49p-553x-48rx",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-j49p-553x-48rx"
},
{
"name": "https://github.com/squid-cache/squid/commit/290ae202883ac28a48867079c2fb34c40efd382b",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/commit/290ae202883ac28a48867079c2fb34c40efd382b"
},
{
"name": "https://github.com/squid-cache/squid/commit/e8118a7381213f5cfcdeb4cec1d2d854bfd261c8",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/commit/e8118a7381213f5cfcdeb4cec1d2d854bfd261c8"
},
{
"name": "https://megamansec.github.io/Squid-Security-Audit/stream-assert.html",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://megamansec.github.io/Squid-Security-Audit/stream-assert.html"
},
{
"name": "http://www.squid-cache.org/Versions/v5/SQUID-2023_11.patch",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v5/SQUID-2023_11.patch"
},
{
"name": "http://www.squid-cache.org/Versions/v6/SQUID-2023_11.patch",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v6/SQUID-2023_11.patch"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240208-0010/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7R4KPSO3MQT3KAOZV7LC2GG3CYMCGK7H/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWQHRDRHDM5PQTU6BHH4C5KGL37X6TVI/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "squid",
"vendor": "squid-cache",
"versions": [
{
"status": "affected",
"version": "\u003c 6.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client Manager reports. Squid older than 5.0.5 have not been tested and should be assumed to be vulnerable. All Squid-5.x up to and including 5.9 are vulnerable. All Squid-6.x up to and including 6.5 are vulnerable. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid\u0027s patch archives. As a workaround, prevent access to Cache Manager using Squid\u0027s main access control: `http_access deny manager`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-825",
"description": "CWE-825: Expired Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-25T02:06:01.902Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/squid-cache/squid/security/advisories/GHSA-j49p-553x-48rx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-j49p-553x-48rx"
},
{
"name": "https://github.com/squid-cache/squid/commit/290ae202883ac28a48867079c2fb34c40efd382b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/squid-cache/squid/commit/290ae202883ac28a48867079c2fb34c40efd382b"
},
{
"name": "https://github.com/squid-cache/squid/commit/e8118a7381213f5cfcdeb4cec1d2d854bfd261c8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/squid-cache/squid/commit/e8118a7381213f5cfcdeb4cec1d2d854bfd261c8"
},
{
"name": "https://megamansec.github.io/Squid-Security-Audit/stream-assert.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://megamansec.github.io/Squid-Security-Audit/stream-assert.html"
},
{
"name": "http://www.squid-cache.org/Versions/v5/SQUID-2023_11.patch",
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Versions/v5/SQUID-2023_11.patch"
},
{
"name": "http://www.squid-cache.org/Versions/v6/SQUID-2023_11.patch",
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Versions/v6/SQUID-2023_11.patch"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240208-0010/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7R4KPSO3MQT3KAOZV7LC2GG3CYMCGK7H/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWQHRDRHDM5PQTU6BHH4C5KGL37X6TVI/"
}
],
"source": {
"advisory": "GHSA-j49p-553x-48rx",
"discovery": "UNKNOWN"
},
"title": "SQUID-2023:11 Denial of Service in Cache Manager"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-23638",
"datePublished": "2024-01-23T23:23:19.070Z",
"dateReserved": "2024-01-19T00:18:53.232Z",
"dateUpdated": "2025-02-13T17:39:49.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-0189
Vulnerability from cvelistv5
Published
2013-02-08 20:00
Modified
2024-08-06 14:18
Severity ?
EPSS score ?
Summary
cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect order of arguments or incorrect comparison.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:18:09.426Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID-2012_1.patch"
},
{
"name": "DSA-2631",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2631"
},
{
"name": "MDVSA-2013:129",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:129"
},
{
"name": "USN-1713-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1713-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bazaar.launchpad.net/~squid/squid/3.2/revision/11744"
},
{
"name": "SUSE-SU-2016:1996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0029"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=887962#c9"
},
{
"name": "openSUSE-SU-2013:1443",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00032.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v3/3.2/changesets/SQUID-2012_1.patch"
},
{
"name": "[scm-commits] 20130125 [squid/f17] CVE-2013-0189: Incomplete fix for the CVE-2012-5643",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/scm-commits/2013-January/934637.html"
},
{
"name": "52024",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52024"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bazaar.launchpad.net/~squid/squid/3.2/revision/11743"
},
{
"name": "54839",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54839"
},
{
"name": "SUSE-SU-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "57646",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57646"
},
{
"name": "openSUSE-SU-2013:1436",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00025.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=895972"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect order of arguments or incorrect comparison."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID-2012_1.patch"
},
{
"name": "DSA-2631",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2631"
},
{
"name": "MDVSA-2013:129",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:129"
},
{
"name": "USN-1713-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1713-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bazaar.launchpad.net/~squid/squid/3.2/revision/11744"
},
{
"name": "SUSE-SU-2016:1996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0029"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=887962#c9"
},
{
"name": "openSUSE-SU-2013:1443",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00032.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Versions/v3/3.2/changesets/SQUID-2012_1.patch"
},
{
"name": "[scm-commits] 20130125 [squid/f17] CVE-2013-0189: Incomplete fix for the CVE-2012-5643",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.fedoraproject.org/pipermail/scm-commits/2013-January/934637.html"
},
{
"name": "52024",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52024"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bazaar.launchpad.net/~squid/squid/3.2/revision/11743"
},
{
"name": "54839",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54839"
},
{
"name": "SUSE-SU-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "57646",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57646"
},
{
"name": "openSUSE-SU-2013:1436",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00025.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=895972"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-0189",
"datePublished": "2013-02-08T20:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T14:18:09.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-5824
Vulnerability from cvelistv5
Published
2023-11-03 07:56
Modified
2024-11-23 03:19
Severity ?
EPSS score ?
Summary
A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk cache, resulting in a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2023:7465 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2023:7668 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:0072 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:0397 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:0771 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:0772 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:0773 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1153 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2023-5824 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2245914 | issue-tracking, x_refsource_REDHAT | |
| https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255 |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | Red Hat Enterprise Linux 8 |
Unaffected: 8090020231130092412.a75119d5 < * cpe:/a:redhat:enterprise_linux:8::appstream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:14:24.068Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2023:7465",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7465"
},
{
"name": "RHSA-2023:7668",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7668"
},
{
"name": "RHSA-2024:0072",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0072"
},
{
"name": "RHSA-2024:0397",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0397"
},
{
"name": "RHSA-2024:0771",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0771"
},
{
"name": "RHSA-2024:0772",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0772"
},
{
"name": "RHSA-2024:0773",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0773"
},
{
"name": "RHSA-2024:1153",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1153"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5824"
},
{
"name": "RHBZ#2245914",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245914"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231130-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "squid:4",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8090020231130092412.a75119d5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.2::appstream",
"cpe:/a:redhat:rhel_e4s:8.2::appstream",
"cpe:/a:redhat:rhel_tus:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "squid:4",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8020020240122164331.4cda2c84",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.2::appstream",
"cpe:/a:redhat:rhel_e4s:8.2::appstream",
"cpe:/a:redhat:rhel_tus:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "squid:4",
"product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8020020240122164331.4cda2c84",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.2::appstream",
"cpe:/a:redhat:rhel_e4s:8.2::appstream",
"cpe:/a:redhat:rhel_tus:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "squid:4",
"product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8020020240122164331.4cda2c84",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream",
"cpe:/a:redhat:rhel_e4s:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "squid:4",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8040020240122165847.522a0ee4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream",
"cpe:/a:redhat:rhel_e4s:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "squid:4",
"product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8040020240122165847.522a0ee4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_aus:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream",
"cpe:/a:redhat:rhel_e4s:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "squid:4",
"product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8040020240122165847.522a0ee4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "squid:4",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8060020231222131040.ad008a3a",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "squid:4",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8080020231222130009.63b34585",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "squid",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7:5.5-6.el9_3.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "squid",
"product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7:5.2-1.el9_0.4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "squid",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7:5.5-5.el9_2.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "affected",
"packageName": "squid",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "squid",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
}
],
"datePublic": "2023-10-19T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk cache, resulting in a denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-23T03:19:19.791Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2023:7465",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7465"
},
{
"name": "RHSA-2023:7668",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7668"
},
{
"name": "RHSA-2024:0072",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0072"
},
{
"name": "RHSA-2024:0397",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0397"
},
{
"name": "RHSA-2024:0771",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0771"
},
{
"name": "RHSA-2024:0772",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0772"
},
{
"name": "RHSA-2024:0773",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0773"
},
{
"name": "RHSA-2024:1153",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1153"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5824"
},
{
"name": "RHBZ#2245914",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245914"
},
{
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-24T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-10-19T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Squid: dos against http and https",
"workarounds": [
{
"lang": "en",
"value": "Disabling the disk caching mechanism will mitigate this vulnerability. To achieve this, remove all the \u0027cache_dir\u0027 directives from the Squid configuration, typically in the /etc/squid/squid.conf file."
}
],
"x_redhatCweChain": "CWE-755: Improper Handling of Exceptional Conditions"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-5824",
"datePublished": "2023-11-03T07:56:36.369Z",
"dateReserved": "2023-10-27T09:37:47.593Z",
"dateUpdated": "2024-11-23T03:19:19.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8517
Vulnerability from cvelistv5
Published
2020-02-04 19:54
Modified
2024-08-04 10:03
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating and a denial of service for all clients using the proxy.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.squid-cache.org/Advisories/SQUID-2020_3.txt | x_refsource_MISC | |
| http://www.squid-cache.org/Versions/v4/changesets/squid-4-6982f1187a26557e582172965e266f544ea562a5.patch | x_refsource_MISC | |
| https://usn.ubuntu.com/4289-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html | vendor-advisory, x_refsource_SUSE | |
| https://security.gentoo.org/glsa/202003-34 | vendor-advisory, x_refsource_GENTOO | |
| http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html | vendor-advisory, x_refsource_SUSE | |
| https://security.netapp.com/advisory/ntap-20210304-0002/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:46.372Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2020_3.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-6982f1187a26557e582172965e266f544ea562a5.patch"
},
{
"name": "USN-4289-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4289-1/"
},
{
"name": "openSUSE-SU-2020:0307",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html"
},
{
"name": "GLSA-202003-34",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-34"
},
{
"name": "openSUSE-SU-2020:0606",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html"
},
{
"name": "openSUSE-SU-2020:0623",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210304-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating and a denial of service for all clients using the proxy."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-04T12:06:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2020_3.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-6982f1187a26557e582172965e266f544ea562a5.patch"
},
{
"name": "USN-4289-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4289-1/"
},
{
"name": "openSUSE-SU-2020:0307",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html"
},
{
"name": "GLSA-202003-34",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-34"
},
{
"name": "openSUSE-SU-2020:0606",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html"
},
{
"name": "openSUSE-SU-2020:0623",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210304-0002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-8517",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating and a denial of service for all clients using the proxy."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2020_3.txt",
"refsource": "MISC",
"url": "http://www.squid-cache.org/Advisories/SQUID-2020_3.txt"
},
{
"name": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-6982f1187a26557e582172965e266f544ea562a5.patch",
"refsource": "MISC",
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-6982f1187a26557e582172965e266f544ea562a5.patch"
},
{
"name": "USN-4289-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4289-1/"
},
{
"name": "openSUSE-SU-2020:0307",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html"
},
{
"name": "GLSA-202003-34",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-34"
},
{
"name": "openSUSE-SU-2020:0606",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html"
},
{
"name": "openSUSE-SU-2020:0623",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210304-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210304-0002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-8517",
"datePublished": "2020-02-04T19:54:31",
"dateReserved": "2020-02-02T00:00:00",
"dateUpdated": "2024-08-04T10:03:46.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-12520
Vulnerability from cvelistv5
Published
2020-04-15 19:14
Modified
2024-08-04 23:24
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers the request. The absolute URL can include the decoded UserInfo (username and password) for certain protocols. This decoded info is prepended to the domain. This allows an attacker to provide a username that has special characters to delimit the domain, and treat the rest of the URL as a path or query string. An attacker could first make a request to their domain using an encoded username, then when a request for the target domain comes in that decodes to the exact URL, it will serve the attacker's HTML instead of the real HTML. On Squid servers that also act as reverse proxies, this allows an attacker to gain access to features that only reverse proxies can use, such as ESI.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.squid-cache.org/Versions/v4/ | x_refsource_MISC | |
| http://www.squid-cache.org/Versions/v4/changesets/ | x_refsource_MISC | |
| https://github.com/squid-cache/squid/commits/v4 | x_refsource_MISC | |
| https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12520.txt | x_refsource_MISC | |
| https://www.debian.org/security/2020/dsa-4682 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html | mailing-list, x_refsource_MLIST | |
| https://usn.ubuntu.com/4446-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://security.netapp.com/advisory/ntap-20210205-0006/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:24:38.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v4/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/commits/v4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12520.txt"
},
{
"name": "DSA-4682",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"name": "USN-4446-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4446-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210205-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers the request. The absolute URL can include the decoded UserInfo (username and password) for certain protocols. This decoded info is prepended to the domain. This allows an attacker to provide a username that has special characters to delimit the domain, and treat the rest of the URL as a path or query string. An attacker could first make a request to their domain using an encoded username, then when a request for the target domain comes in that decodes to the exact URL, it will serve the attacker\u0027s HTML instead of the real HTML. On Squid servers that also act as reverse proxies, this allows an attacker to gain access to features that only reverse proxies can use, such as ESI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-05T11:06:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Versions/v4/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/squid-cache/squid/commits/v4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12520.txt"
},
{
"name": "DSA-4682",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"name": "USN-4446-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4446-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210205-0006/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12520",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers the request. The absolute URL can include the decoded UserInfo (username and password) for certain protocols. This decoded info is prepended to the domain. This allows an attacker to provide a username that has special characters to delimit the domain, and treat the rest of the URL as a path or query string. An attacker could first make a request to their domain using an encoded username, then when a request for the target domain comes in that decodes to the exact URL, it will serve the attacker\u0027s HTML instead of the real HTML. On Squid servers that also act as reverse proxies, this allows an attacker to gain access to features that only reverse proxies can use, such as ESI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Versions/v4/",
"refsource": "MISC",
"url": "http://www.squid-cache.org/Versions/v4/"
},
{
"name": "http://www.squid-cache.org/Versions/v4/changesets/",
"refsource": "MISC",
"url": "http://www.squid-cache.org/Versions/v4/changesets/"
},
{
"name": "https://github.com/squid-cache/squid/commits/v4",
"refsource": "MISC",
"url": "https://github.com/squid-cache/squid/commits/v4"
},
{
"name": "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12520.txt",
"refsource": "MISC",
"url": "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12520.txt"
},
{
"name": "DSA-4682",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"name": "USN-4446-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4446-1/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210205-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210205-0006/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12520",
"datePublished": "2020-04-15T19:14:25",
"dateReserved": "2019-06-02T00:00:00",
"dateUpdated": "2024-08-04T23:24:38.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3948
Vulnerability from cvelistv5
Published
2016-04-07 18:00
Modified
2024-08-06 00:10
Severity ?
EPSS score ?
Summary
Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers.
References
| ▼ | URL | Tags |
|---|---|---|
| https://usn.ubuntu.com/3557-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://security.gentoo.org/glsa/201607-01 | vendor-advisory, x_refsource_GENTOO | |
| http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14016.patch | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html | vendor-advisory, x_refsource_SUSE | |
| http://rhn.redhat.com/errata/RHSA-2016-2600.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.securitytracker.com/id/1035458 | vdb-entry, x_refsource_SECTRACK | |
| http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html | vendor-advisory, x_refsource_SUSE | |
| http://www.squid-cache.org/Advisories/SQUID-2016_4.txt | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:10:31.913Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3557-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3557-1/"
},
{
"name": "GLSA-201607-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14016.patch"
},
{
"name": "SUSE-SU-2016:1996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "RHSA-2016:2600",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2600.html"
},
{
"name": "1035458",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035458"
},
{
"name": "openSUSE-SU-2016:2081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"name": "SUSE-SU-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_4.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-15T09:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-3557-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3557-1/"
},
{
"name": "GLSA-201607-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14016.patch"
},
{
"name": "SUSE-SU-2016:1996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "RHSA-2016:2600",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2600.html"
},
{
"name": "1035458",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035458"
},
{
"name": "openSUSE-SU-2016:2081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"name": "SUSE-SU-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_4.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3557-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3557-1/"
},
{
"name": "GLSA-201607-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"name": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14016.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14016.patch"
},
{
"name": "SUSE-SU-2016:1996",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "RHSA-2016:2600",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2600.html"
},
{
"name": "1035458",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035458"
},
{
"name": "openSUSE-SU-2016:2081",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"name": "SUSE-SU-2016:2089",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2016_4.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_4.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-3948",
"datePublished": "2016-04-07T18:00:00",
"dateReserved": "2016-04-01T00:00:00",
"dateUpdated": "2024-08-06T00:10:31.913Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-12522
Vulnerability from cvelistv5
Published
2020-04-15 19:00
Modified
2024-08-04 23:24
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This makes it trivial for an attacker who has compromised the child process to escalate their privileges back to root.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12522.txt | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210205-0006/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:24:38.888Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12522.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210205-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This makes it trivial for an attacker who has compromised the child process to escalate their privileges back to root."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-05T11:06:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12522.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210205-0006/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This makes it trivial for an attacker who has compromised the child process to escalate their privileges back to root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12522.txt",
"refsource": "MISC",
"url": "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12522.txt"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210205-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210205-0006/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12522",
"datePublished": "2020-04-15T19:00:01",
"dateReserved": "2019-06-02T00:00:00",
"dateUpdated": "2024-08-04T23:24:38.888Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-12524
Vulnerability from cvelistv5
Published
2020-04-15 18:35
Modified
2024-08-04 23:24
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is implemented via url_regex. The handler for url_regex rules URL decodes an incoming request. This allows an attacker to encode their URL to bypass the url_regex check, and gain access to the blocked resource.
References
| ▼ | URL | Tags |
|---|---|---|
| https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12524.txt | x_refsource_MISC | |
| https://www.debian.org/security/2020/dsa-4682 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html | mailing-list, x_refsource_MLIST | |
| https://usn.ubuntu.com/4446-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://security.netapp.com/advisory/ntap-20210205-0006/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:24:38.617Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12524.txt"
},
{
"name": "DSA-4682",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"name": "USN-4446-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4446-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210205-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is implemented via url_regex. The handler for url_regex rules URL decodes an incoming request. This allows an attacker to encode their URL to bypass the url_regex check, and gain access to the blocked resource."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-05T11:06:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12524.txt"
},
{
"name": "DSA-4682",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"name": "USN-4446-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4446-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210205-0006/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12524",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is implemented via url_regex. The handler for url_regex rules URL decodes an incoming request. This allows an attacker to encode their URL to bypass the url_regex check, and gain access to the blocked resource."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12524.txt",
"refsource": "MISC",
"url": "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12524.txt"
},
{
"name": "DSA-4682",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"name": "USN-4446-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4446-1/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210205-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210205-0006/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12524",
"datePublished": "2020-04-15T18:35:11",
"dateReserved": "2019-06-02T00:00:00",
"dateUpdated": "2024-08-04T23:24:38.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2569
Vulnerability from cvelistv5
Published
2016-02-27 02:00
Modified
2024-08-05 23:32
Severity ?
EPSS score ?
Summary
Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.
References
| ▼ | URL | Tags |
|---|---|---|
| https://usn.ubuntu.com/3557-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://security.gentoo.org/glsa/201607-01 | vendor-advisory, x_refsource_GENTOO | |
| http://www.squid-cache.org/Advisories/SQUID-2016_2.txt | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html | vendor-advisory, x_refsource_SUSE | |
| http://rhn.redhat.com/errata/RHSA-2016-2600.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.squid-cache.org/Versions/v4/changesets/squid-4-14552.patch | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html | vendor-advisory, x_refsource_SUSE | |
| http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13991.patch | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2016/02/26/2 | mailing-list, x_refsource_MLIST | |
| http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html | vendor-advisory, x_refsource_SUSE | |
| http://www.securitytracker.com/id/1035101 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:32:20.956Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3557-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3557-1/"
},
{
"name": "GLSA-201607-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_2.txt"
},
{
"name": "SUSE-SU-2016:1996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "RHSA-2016:2600",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2600.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-14552.patch"
},
{
"name": "openSUSE-SU-2016:2081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13991.patch"
},
{
"name": "[oss-security] 20160226 Re: CVE request: Squid HTTP Caching Proxy multiple denial of service issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/02/26/2"
},
{
"name": "SUSE-SU-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "1035101",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035101"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-15T09:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-3557-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3557-1/"
},
{
"name": "GLSA-201607-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_2.txt"
},
{
"name": "SUSE-SU-2016:1996",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "RHSA-2016:2600",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2600.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-14552.patch"
},
{
"name": "openSUSE-SU-2016:2081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13991.patch"
},
{
"name": "[oss-security] 20160226 Re: CVE request: Squid HTTP Caching Proxy multiple denial of service issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/02/26/2"
},
{
"name": "SUSE-SU-2016:2089",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "1035101",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035101"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2569",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3557-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3557-1/"
},
{
"name": "GLSA-201607-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2016_2.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_2.txt"
},
{
"name": "SUSE-SU-2016:1996",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"name": "RHSA-2016:2600",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2600.html"
},
{
"name": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-14552.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-14552.patch"
},
{
"name": "openSUSE-SU-2016:2081",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"name": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13991.patch",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13991.patch"
},
{
"name": "[oss-security] 20160226 Re: CVE request: Squid HTTP Caching Proxy multiple denial of service issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/02/26/2"
},
{
"name": "SUSE-SU-2016:2089",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"name": "1035101",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035101"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2569",
"datePublished": "2016-02-27T02:00:00",
"dateReserved": "2016-02-26T00:00:00",
"dateUpdated": "2024-08-05T23:32:20.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-28662
Vulnerability from cvelistv5
Published
2021-05-27 00:00
Modified
2024-08-03 21:47
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain response header over HTTP or HTTPS, there is a denial of service. This header can plausibly occur in benign network traffic.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:47:33.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-jjq6-mh2h-g39h"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/commit/051824924c709bd6162a378f746fb859454c674e"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v6/changesets/squid-6-051824924c709bd6162a378f746fb859454c674e.patch"
},
{
"name": "DSA-4924",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4924"
},
{
"name": "FEDORA-2021-c0bec55ec7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/"
},
{
"name": "FEDORA-2021-24af72ff2c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/"
},
{
"name": "[oss-security] 20231011 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/11/3"
},
{
"name": "20231016 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain response header over HTTP or HTTPS, there is a denial of service. This header can plausibly occur in benign network traffic."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-17T04:06:18.298369",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-jjq6-mh2h-g39h"
},
{
"url": "https://github.com/squid-cache/squid/commit/051824924c709bd6162a378f746fb859454c674e"
},
{
"url": "http://www.squid-cache.org/Versions/v6/changesets/squid-6-051824924c709bd6162a378f746fb859454c674e.patch"
},
{
"name": "DSA-4924",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4924"
},
{
"name": "FEDORA-2021-c0bec55ec7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/"
},
{
"name": "FEDORA-2021-24af72ff2c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/"
},
{
"name": "[oss-security] 20231011 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/11/3"
},
{
"name": "20231016 Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-28662",
"datePublished": "2021-05-27T00:00:00",
"dateReserved": "2021-03-18T00:00:00",
"dateUpdated": "2024-08-03T21:47:33.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1000024
Vulnerability from cvelistv5
Published
2018-02-09 23:00
Modified
2024-08-05 12:33
Severity ?
EPSS score ?
Summary
The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax.. This vulnerability appears to have been fixed in 4.0.23 and later.
References
| ▼ | URL | Tags |
|---|---|---|
| https://usn.ubuntu.com/3557-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://www.debian.org/security/2018/dsa-4122 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.squid-cache.org/Versions/ | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2018/02/msg00001.html | mailing-list, x_refsource_MLIST | |
| http://www.squid-cache.org/Advisories/SQUID-2018_1.txt | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/4059-2/ | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:33:48.901Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3557-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3557-1/"
},
{
"name": "DSA-4122",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4122"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/"
},
{
"name": "[debian-lts-announce] 20180202 [SECURITY] [DLA 1266-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2018_1.txt"
},
{
"name": "USN-4059-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4059-2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-01-15T00:00:00",
"datePublic": "2018-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax.. This vulnerability appears to have been fixed in 4.0.23 and later."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-17T15:06:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-3557-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3557-1/"
},
{
"name": "DSA-4122",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4122"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Versions/"
},
{
"name": "[debian-lts-announce] 20180202 [SECURITY] [DLA 1266-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2018_1.txt"
},
{
"name": "USN-4059-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4059-2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "1/15/2018 4:39:34",
"ID": "CVE-2018-1000024",
"REQUESTER": "squid3@treenet.co.nz",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax.. This vulnerability appears to have been fixed in 4.0.23 and later."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3557-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3557-1/"
},
{
"name": "DSA-4122",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4122"
},
{
"name": "http://www.squid-cache.org/Versions/",
"refsource": "MISC",
"url": "http://www.squid-cache.org/Versions/"
},
{
"name": "[debian-lts-announce] 20180202 [SECURITY] [DLA 1266-1] squid3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00001.html"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2018_1.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2018_1.txt"
},
{
"name": "USN-4059-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4059-2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000024",
"datePublished": "2018-02-09T23:00:00",
"dateReserved": "2018-01-29T00:00:00",
"dateUpdated": "2024-08-05T12:33:48.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-46848
Vulnerability from cvelistv5
Published
2023-11-03 07:58
Modified
2024-11-23 02:54
Severity ?
EPSS score ?
Summary
Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2023:6266 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2023:6268 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2023:6748 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2023-46848 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2245919 | issue-tracking, x_refsource_REDHAT | |
| https://github.com/squid-cache/squid/security/advisories/GHSA-2g3c-pg7q-g59w |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 5.0.3 ≤ |
|||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:21.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2023:6266",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6266"
},
{
"name": "RHSA-2023:6268",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6268"
},
{
"name": "RHSA-2023:6748",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6748"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-46848"
},
{
"name": "RHBZ#2245919",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245919"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-2g3c-pg7q-g59w"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231214-0005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/squid-cache/squid",
"defaultStatus": "unaffected",
"packageName": "squid",
"versions": [
{
"lessThan": "6.4",
"status": "affected",
"version": "5.0.3",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "squid",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7:5.5-5.el9_2.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "squid",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7:5.5-6.el9_3.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "squid",
"product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7:5.2-1.el9_0.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "squid",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "squid",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "squid:4/squid",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
}
],
"datePublic": "2023-10-19T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-681",
"description": "Incorrect Conversion between Numeric Types",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-23T02:54:46.453Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2023:6266",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6266"
},
{
"name": "RHSA-2023:6268",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6268"
},
{
"name": "RHSA-2023:6748",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6748"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-46848"
},
{
"name": "RHBZ#2245919",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245919"
},
{
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-2g3c-pg7q-g59w"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-24T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-10-19T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Squid: denial of service in ftp",
"x_redhatCweChain": "CWE-400-\u003eCWE-681: Uncontrolled Resource Consumption leads to Incorrect Conversion between Numeric Types"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-46848",
"datePublished": "2023-11-03T07:58:05.613Z",
"dateReserved": "2023-10-27T08:36:38.158Z",
"dateUpdated": "2024-11-23T02:54:46.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-3455
Vulnerability from cvelistv5
Published
2015-05-18 15:00
Modified
2024-08-06 05:47
Severity ?
EPSS score ?
Summary
Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183598.html | vendor-advisory, x_refsource_FEDORA | |
| http://rhn.redhat.com/errata/RHSA-2015-2378.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-updates/2015-09/msg00016.html | vendor-advisory, x_refsource_SUSE | |
| http://www.securityfocus.com/bid/74438 | vdb-entry, x_refsource_BID | |
| http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1032221 | vdb-entry, x_refsource_SECTRACK | |
| http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html | vendor-advisory, x_refsource_SUSE | |
| http://advisories.mageia.org/MGASA-2015-0191.html | x_refsource_CONFIRM | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2015:230 | vendor-advisory, x_refsource_MANDRIVA | |
| http://www.squid-cache.org/Advisories/SQUID-2015_1.txt | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:47:57.745Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2016-7b40eb9e29",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183598.html"
},
{
"name": "RHSA-2015:2378",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2378.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "openSUSE-SU-2015:1546",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00016.html"
},
{
"name": "74438",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74438"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "1032221",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032221"
},
{
"name": "openSUSE-SU-2016:2081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2015-0191.html"
},
{
"name": "MDVSA-2015:230",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:230"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2015_1.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-20T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2016-7b40eb9e29",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183598.html"
},
{
"name": "RHSA-2015:2378",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2378.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "openSUSE-SU-2015:1546",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00016.html"
},
{
"name": "74438",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74438"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "1032221",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032221"
},
{
"name": "openSUSE-SU-2016:2081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2015-0191.html"
},
{
"name": "MDVSA-2015:230",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:230"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2015_1.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3455",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2016-7b40eb9e29",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183598.html"
},
{
"name": "RHSA-2015:2378",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2378.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "openSUSE-SU-2015:1546",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00016.html"
},
{
"name": "74438",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74438"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "1032221",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032221"
},
{
"name": "openSUSE-SU-2016:2081",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"name": "http://advisories.mageia.org/MGASA-2015-0191.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2015-0191.html"
},
{
"name": "MDVSA-2015:230",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:230"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2015_1.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2015_1.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-3455",
"datePublished": "2015-05-18T15:00:00",
"dateReserved": "2015-04-29T00:00:00",
"dateUpdated": "2024-08-06T05:47:57.745Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-12526
Vulnerability from cvelistv5
Published
2019-11-26 16:41
Modified
2024-08-04 23:24
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-based buffer overflow. When receiving data from a remote server in response to an URN request, Squid fails to ensure that the response can fit within the buffer. This leads to attacker controlled data overflowing in the heap.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1156326 | x_refsource_CONFIRM | |
| http://www.squid-cache.org/Advisories/SQUID-2019_7.txt | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/4213-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html | mailing-list, x_refsource_MLIST | |
| https://security.gentoo.org/glsa/202003-34 | vendor-advisory, x_refsource_GENTOO | |
| https://www.debian.org/security/2020/dsa-4682 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:24:38.860Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1156326"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_7.txt"
},
{
"name": "USN-4213-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4213-1/"
},
{
"name": "FEDORA-2019-0b16cbdd0e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/"
},
{
"name": "FEDORA-2019-9538783033",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/"
},
{
"name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2028-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html"
},
{
"name": "GLSA-202003-34",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-34"
},
{
"name": "DSA-4682",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-based buffer overflow. When receiving data from a remote server in response to an URN request, Squid fails to ensure that the response can fit within the buffer. This leads to attacker controlled data overflowing in the heap."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-10T23:06:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1156326"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_7.txt"
},
{
"name": "USN-4213-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4213-1/"
},
{
"name": "FEDORA-2019-0b16cbdd0e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/"
},
{
"name": "FEDORA-2019-9538783033",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/"
},
{
"name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2028-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html"
},
{
"name": "GLSA-202003-34",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-34"
},
{
"name": "DSA-4682",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12526",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-based buffer overflow. When receiving data from a remote server in response to an URN request, Squid fails to ensure that the response can fit within the buffer. This leads to attacker controlled data overflowing in the heap."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1156326",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1156326"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2019_7.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_7.txt"
},
{
"name": "USN-4213-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4213-1/"
},
{
"name": "FEDORA-2019-0b16cbdd0e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/"
},
{
"name": "FEDORA-2019-9538783033",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/"
},
{
"name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2028-1] squid3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html"
},
{
"name": "GLSA-202003-34",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-34"
},
{
"name": "DSA-4682",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12526",
"datePublished": "2019-11-26T16:41:57",
"dateReserved": "2019-06-02T00:00:00",
"dateUpdated": "2024-08-04T23:24:38.860Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8450
Vulnerability from cvelistv5
Published
2020-02-04 19:51
Modified
2024-08-04 09:56
Severity ?
EPSS score ?
Summary
An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:28.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2020_1.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch"
},
{
"name": "USN-4289-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4289-1/"
},
{
"name": "openSUSE-SU-2020:0307",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html"
},
{
"name": "GLSA-202003-34",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-34"
},
{
"name": "FEDORA-2020-ab8e7463ab",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/"
},
{
"name": "FEDORA-2020-790296a8f4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/"
},
{
"name": "openSUSE-SU-2020:0606",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html"
},
{
"name": "DSA-4682",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210304-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-04T12:06:29",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2020_1.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch"
},
{
"name": "USN-4289-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4289-1/"
},
{
"name": "openSUSE-SU-2020:0307",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html"
},
{
"name": "GLSA-202003-34",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-34"
},
{
"name": "FEDORA-2020-ab8e7463ab",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/"
},
{
"name": "FEDORA-2020-790296a8f4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/"
},
{
"name": "openSUSE-SU-2020:0606",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html"
},
{
"name": "DSA-4682",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210304-0002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-8450",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2020_1.txt",
"refsource": "MISC",
"url": "http://www.squid-cache.org/Advisories/SQUID-2020_1.txt"
},
{
"name": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch",
"refsource": "MISC",
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch"
},
{
"name": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch",
"refsource": "MISC",
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch"
},
{
"name": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch",
"refsource": "MISC",
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch"
},
{
"name": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch",
"refsource": "MISC",
"url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch"
},
{
"name": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch",
"refsource": "MISC",
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch"
},
{
"name": "USN-4289-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4289-1/"
},
{
"name": "openSUSE-SU-2020:0307",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html"
},
{
"name": "GLSA-202003-34",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-34"
},
{
"name": "FEDORA-2020-ab8e7463ab",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/"
},
{
"name": "FEDORA-2020-790296a8f4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/"
},
{
"name": "openSUSE-SU-2020:0606",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html"
},
{
"name": "DSA-4682",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210304-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210304-0002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-8450",
"datePublished": "2020-02-04T19:51:21",
"dateReserved": "2020-01-30T00:00:00",
"dateUpdated": "2024-08-04T09:56:28.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2023-12-04 23:15
Modified
2024-11-21 08:33
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with "collapsed_forwarding on" are vulnerable. Configurations with "collapsed_forwarding off" or without a "collapsed_forwarding" directive are not vulnerable. This bug is fixed by Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should remove all collapsed_forwarding lines from their squid.conf.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58165CD0-BDD1-48E3-86A8-4A3CA5AC2039",
"versionEndIncluding": "5.9",
"versionStartIncluding": "3.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with \"collapsed_forwarding on\" are vulnerable. Configurations with \"collapsed_forwarding off\" or without a \"collapsed_forwarding\" directive are not vulnerable. This bug is fixed by Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should remove all collapsed_forwarding lines from their squid.conf."
},
{
"lang": "es",
"value": "Squid es un proxy de almacenamiento en cach\u00e9 para la Web que admite HTTP, HTTPS, FTP y m\u00e1s. Las versiones afectadas de squid est\u00e1n sujetas a un error Use-After-Free que puede provocar un ataque de denegaci\u00f3n de servicio mediante reenv\u00edo colapsado. Todas las versiones de Squid desde la 3.5 hasta la 5.9 inclusive configuradas con \"collapsed_forwarding on\" son vulnerables. Las configuraciones con \"collapsed_forwarding desactivado\" o sin una directiva \"collapsed_forwarding\" no son vulnerables. Este error se solucion\u00f3 con la versi\u00f3n 6.0.1 de Squid. Se recomienda a los usuarios que actualicen. Los usuarios que no puedan actualizar deben eliminar todas las l\u00edneas collapsed_forwarding de su squid.conf."
}
],
"id": "CVE-2023-49288",
"lastModified": "2024-11-21T08:33:11.613",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-04T23:15:27.477",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-rj5h-46j6-q2g5"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/"
},
{
"source": "security-advisories@github.com",
"url": "https://security.netapp.com/advisory/ntap-20240119-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-rj5h-46j6-q2g5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20240119-0006/"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-08-18 21:00
Modified
2024-11-21 01:05
Severity ?
Summary
The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "35C30CB9-FA3A-408D-A8B0-8805E75657BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable3:*:*:*:*:*:*",
"matchCriteriaId": "A03692DD-779F-4E3C-861C-29943870A816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable4:*:*:*:*:*:*",
"matchCriteriaId": "79FF6B3C-A3CE-4AA2-80F9-44D05A6B2F08",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function."
},
{
"lang": "es",
"value": "La funci\u00f3n strListGetItem en src/HttpHeaderTools.c en Squid v2.7 a permite a los atacantes remotos causar una denegaci\u00f3n de servicio a trav\u00e9s de una cabecera auth manipulada con ciertos delimitadores coma que lanzan un bucle infinito de llamadas a la funci\u00f3n strcspn."
}
],
"id": "CVE-2009-2855",
"lastModified": "2024-11-21T01:05:54.650",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-08-18T21:00:00.640",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534982"
},
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=31%3Bfilename=diff%3Batt=1%3Bbug=534982"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2009/07/20/10"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2009/08/03/3"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2009/08/04/6"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/36091"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1022757"
},
{
"source": "cve@mitre.org",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=2541"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=2704"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=518182"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52610"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10592"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=31%3Bfilename=diff%3Batt=1%3Bbug=534982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2009/07/20/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2009/08/03/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2009/08/04/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/36091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022757"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=2541"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/bugs/show_bug.cgi?id=2704"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=518182"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52610"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10592"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "This issue did not affect the versions of the squid packages, as shipped with Red Hat Enterprise Linux 3 and 4.\n\nThe issue was addressed in the squid packages as shipped with Red Hat Enterprise Linux 5 via:\nhttps://rhn.redhat.com/errata/RHSA-2010-0221.html\n",
"lastModified": "2010-03-31T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-02-20 11:59
Modified
2024-11-21 02:23
Severity ?
Summary
CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN64455813/index.html | Vendor Advisory | |
| vultures@jpcert.or.jp | http://jvndb.jvn.jp/jvndb/JVNDB-2015-000019 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN64455813/index.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvndb.jvn.jp/jvndb/JVNDB-2015-000019 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29017047-581E-4A88-8160-A2A97E9E7F89",
"versionEndIncluding": "3.1.0.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n CRLF en Squid anterior a versi\u00f3n 3.1.1, permite a los atacantes remotos inyectar encabezados HTTP arbitrarios y conducir ataques de divisi\u00f3n de respuesta HTTP por medio de un encabezado dise\u00f1ado en una respuesta."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/93.html\" target=\"_blank\"\u003eCWE-93: CWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)\u003c/a\u003e",
"id": "CVE-2015-0881",
"lastModified": "2024-11-21T02:23:54.703",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-02-20T11:59:04.840",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN64455813/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN64455813/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000019"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-11 19:15
Modified
2024-11-21 04:23
Severity ?
Summary
An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checking its table. The length is then used to start decoding the string. There are no checks to ensure that the length it calculates isn't greater than the input buffer. This leads to adjacent memory being decoded as well. An attacker would not be able to retrieve the decoded data unless the Squid maintainer had configured the display of usernames on error pages.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 29 | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 15.1 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E2C5F7C-FADE-4A8C-8A7D-7597874B6C9A",
"versionEndExcluding": "2.7",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC9F2659-B37B-4E7B-AE40-B91BF3CE4E88",
"versionEndIncluding": "3.5.28",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61861774-A71F-48CB-B6B2-0489C57E4E66",
"versionEndIncluding": "4.7",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable1:*:*:*:*:*:*",
"matchCriteriaId": "01930746-6E15-445F-BD30-C4E83FA9AE25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable2:*:*:*:*:*:*",
"matchCriteriaId": "EFBB466C-C679-4B4B-87C2-E7853E5B3F04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable3:*:*:*:*:*:*",
"matchCriteriaId": "A03692DD-779F-4E3C-861C-29943870A816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable4:*:*:*:*:*:*",
"matchCriteriaId": "79FF6B3C-A3CE-4AA2-80F9-44D05A6B2F08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable5:*:*:*:*:*:*",
"matchCriteriaId": "3CF6E367-D33B-4B60-8C40-4618C47D53E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable6:*:*:*:*:*:*",
"matchCriteriaId": "0FA1F4FE-629C-4489-A13C-017A824C840F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable7:*:*:*:*:*:*",
"matchCriteriaId": "2479C5BF-94E1-4153-9FA3-333BC00F01D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable8:*:*:*:*:*:*",
"matchCriteriaId": "8ABFCCCC-7584-466E-97CC-6EBD3934A70E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable9:*:*:*:*:*:*",
"matchCriteriaId": "F17E49BF-FB11-4EE6-B6AC-30914F381B2F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
"matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checking its table. The length is then used to start decoding the string. There are no checks to ensure that the length it calculates isn\u0027t greater than the input buffer. This leads to adjacent memory being decoded as well. An attacker would not be able to retrieve the decoded data unless the Squid maintainer had configured the display of usernames on error pages."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Squid versiones 2.x hasta 2.7.STABLE9, versiones 3.x hasta 3.5.28 y versiones 4.x hasta 4.7. Cuando Squid se configura para utilizar la autenticaci\u00f3n b\u00e1sica, el encabezado Proxy-Authorization se analiza por medio de uudecode. uudecode determina cu\u00e1ntos bytes se descodificar\u00e1n mediante la iteraci\u00f3n sobre la entrada y comprobando su tabla. A continuaci\u00f3n, la longitud se utiliza para empezar a decodificar la cadena. No hay comprobaciones para asegurarse de que la longitud que calcula no es mayor que el b\u00fafer de entrada. Esto conlleva a que la memoria adyacente esta siendo decodificada tambi\u00e9n. Un atacante no podr\u00eda recuperar los datos descodificados a menos que el mantenedor de Squid haya configurado la visualizaci\u00f3n de nombres de usuario en las p\u00e1ginas de error."
}
],
"id": "CVE-2019-12529",
"lastModified": "2024-11-21T04:23:02.987",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-11T19:15:13.157",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-dd46b5417809647f561d8a5e0e74c3aacd235258.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/commits/v4"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00018.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/42"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4065-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4065-2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4507"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-dd46b5417809647f561d8a5e0e74c3aacd235258.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/commits/v4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/42"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4065-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4065-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4507"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-27 12:15
Modified
2024-11-21 06:00
Severity ?
Summary
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unspecified short query string. This attack is limited to clients with Cache Manager API access privilege.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "119FC718-7AE6-43E0-A019-DB4AC5CEFAE5",
"versionEndExcluding": "4.15",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68801A75-0B13-444A-B88F-8BDD4EE953D3",
"versionEndExcluding": "5.0.6",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unspecified short query string. This attack is limited to clients with Cache Manager API access privilege."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Squid versiones anteriores a 4.15 y versiones 5.x anteriores a 5.0.6.\u0026#xa0;Debido a una comprobaci\u00f3n del analizador incorrecta, permite un ataque de Denegaci\u00f3n de Servicio contra la API del administrador de cach\u00e9.\u0026#xa0;Esto permite a un cliente confiable desencadenar filtraciones de memoria.\u0026#xa0;Con el tiempo, conlleva a una Denegaci\u00f3n de Servicio por medio de una cadena de consulta corta no especificada.\u0026#xa0;Este ataque est\u00e1 limitado a clientes con privilegios de acceso a la API de Cache Manager"
}
],
"id": "CVE-2021-28652",
"lastModified": "2024-11-21T06:00:01.900",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-27T12:15:08.230",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/14"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/11/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.squid-cache.org/show_bug.cgi?id=5106"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-m47m-9hvw-7447"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4924"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/11/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.squid-cache.org/show_bug.cgi?id=5106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-m47m-9hvw-7447"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4924"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-02-03 18:30
Modified
2024-11-21 01:11
Severity ?
Summary
lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B7EB3DBC-313E-4F55-90F3-BED0918A4EFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C3DCC264-510E-43D1-9C13-99CEA54C7940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ED31C038-4142-4C2C-B540-9223C5C199FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "177060A9-6211-4B6D-96BE-48B4BD1FAFEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A7E210DD-8EE6-4182-A78E-F791FCFDEFCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50327E36-756E-434D-804D-1E44A4ABAE1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3AE100C3-0245-4305-B514-77D0572C2947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "35C30CB9-FA3A-408D-A8B0-8805E75657BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62B9F669-6217-498A-902E-22EDEEFC565E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "047EDDD6-02F5-4B53-8FCA-781962392080",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "01AD43AB-40BF-449F-A121-A8587E7AE449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "3942285D-E20C-45C5-9EF8-821F6D782CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "B3FDB45B-4D91-4427-9565-812919086E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "86C3C8B5-C2A3-4454-9F89-38A860278366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "8B37B7B4-2EAC-4C2A-9526-5C62CBA1DB8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "056EDEEE-A09C-47A2-9217-72E4B8387E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable8:*:*:*:*:*:*:*",
"matchCriteriaId": "2593CB12-03E2-4F98-9B89-C09D5EADE077",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "A44B7A4F-3070-4092-B9AF-3A1CD0897CC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable11:*:*:*:*:*:*:*",
"matchCriteriaId": "042FE60B-7239-45C7-8EE3-A036AC7778F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable12:*:*:*:*:*:*:*",
"matchCriteriaId": "ADF61A74-9CF9-413E-B997-4FAE5BA28939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable13:*:*:*:*:*:*:*",
"matchCriteriaId": "5605B00F-438B-45CC-A55D-E75E57BC4684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable14:*:*:*:*:*:*:*",
"matchCriteriaId": "8316B22E-B016-4F0E-9A3F-383E9B1A85A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable15:*:*:*:*:*:*:*",
"matchCriteriaId": "49A2C5CB-E2F1-4A72-9EA3-912050AFEF7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable16:*:*:*:*:*:*:*",
"matchCriteriaId": "574C7DCC-B6E5-42A0-AA44-A0BCD67D1884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable17:*:*:*:*:*:*:*",
"matchCriteriaId": "A2B1F1A5-B435-4A5C-86DF-EC3F29D94417",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable18:*:*:*:*:*:*:*",
"matchCriteriaId": "113EF7A6-3B8D-4A50-8873-FD36FCBF284C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable19:*:*:*:*:*:*:*",
"matchCriteriaId": "DC97E2DA-7378-486B-9178-3B38FF58589B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable20:*:*:*:*:*:*:*",
"matchCriteriaId": "1F178890-2F7E-43F5-8D6D-5EFCD790E758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable21:*:*:*:*:*:*:*",
"matchCriteriaId": "9FA231EB-0F06-4D13-B50D-76FC8393187A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable22:*:*:*:*:*:*:*",
"matchCriteriaId": "31AB1D33-65EE-46DF-9D29-6B2BFACE7EC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A8586AD-E820-4BAE-AAF9-AC7EF2316C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "802E3D2B-90B7-4725-854F-4174116BC314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7501697A-BCFD-4DC3-8D87-CC9A186D9589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6C4455-85F4-462D-9FF6-F830ED7D398E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B600BF4C-8169-4086-BFE6-F066BE5F5406",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "46272D1B-1468-48C0-B37A-7D06FAC39C47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DA782B4B-486F-4197-BD5D-ABF791D57211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "558D8641-E097-4D91-9B6E-07433844BB82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0B46F5F1-38FC-4E25-8F04-CA2730561DF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C69B0A4D-9619-4BEA-A846-C4438C2660F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "ED17FE35-6B2C-41BF-A7C7-2EECBDB5A934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "78A50750-3A31-482C-B95C-019C8934850E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF6AC30-9570-4D4B-835E-CCADEB546F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB84E4E-6A0A-41C8-9DDF-3C18F526F155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2E49E5C3-D01F-4DBC-B33A-5495D3EC44F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "79C53B22-9F33-43E7-8D1F-EEB0DEF4B503",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header."
},
{
"lang": "es",
"value": "lib/rfc1035.c en Squid 2.x, desde v3.0 hasta v3.0.STABLE22, y desde v3.1 hasta v3.1.0.15 permite a atacantes remotos producir una denegaci\u00f3n de servicio (fallo de aserci\u00f3n) a trav\u00e9s de un paquete DNS manipulado que unicamente contiene una cabecera."
}
],
"id": "CVE-2010-0308",
"lastModified": "2024-11-21T01:11:56.890",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-02-03T18:30:00.767",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://events.ccc.de/congress/2009/Fahrplan/attachments/1483_26c3_ipv4_fuckups.pdf"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/62044"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38451"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38455"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/37522"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1023520"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2010_1.txt"
},
{
"source": "secalert@redhat.com",
"url": "http://www.squid-cache.org/Versions/v2/HEAD/changesets/12597.patch"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9163.patch"
},
{
"source": "secalert@redhat.com",
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-9853.patch"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0260"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56001"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11270"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://events.ccc.de/congress/2009/Fahrplan/attachments/1483_26c3_ipv4_fuckups.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/62044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38451"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38455"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023520"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2010_1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/Versions/v2/HEAD/changesets/12597.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9163.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-9853.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11270"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0308\n\nThis issue was addressed in the squid packages as shipped with Red Hat Enterprise Linux 5 via:\nhttps://rhn.redhat.com/errata/RHSA-2010-0221.html\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future squid update may address this flaw in Red Hat Enterprise Linux 3 and 4.",
"lastModified": "2010-03-31T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-12 14:55
Modified
2024-11-21 02:14
Severity ?
Summary
Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.4.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "52528A34-0850-4B9E-BA07-96C3C487AFEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.4.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "9854B7ED-18A2-46D3-BC5E-6D0616FDCABC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.4.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "63CBE3D5-B1FF-4EA6-AA5A-271E324A7E18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.4.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "6A975352-2A0A-42CD-8BC2-F3439FCE910A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.4.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "9198C08C-3A28-4C70-A1E2-2594D55CAA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.4.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "8CA7A0D8-A373-4591-A02E-6B0DB8CEB990",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.4.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "00D5BF21-0292-4CDB-A995-CE62C40B6F06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.5.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "2914D032-6969-4522-8D2F-B93D55CB4231",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.5.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "3DBDF00F-0FCC-4C6B-8541-7FBF2FF79CEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.5.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "1460A9BC-464D-47FC-9CDE-08E094E84520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.5.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA370C48-58E9-4A66-8CEB-01ABB90DDDF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.5.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "F7D47FF1-44FC-4798-B7DB-45B3825496AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.5.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "6AFABF40-3269-44D6-98BE-30030002BB40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.5.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "15D4C357-F4AC-4BB3-889D-0B76DB28D8A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.5.stable8:*:*:*:*:*:*:*",
"matchCriteriaId": "B16B99BF-4DC3-4525-8153-B45287DB5BA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.5.stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "00A8E046-A375-442D-B96B-DBD2993652AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.5.stable10:*:*:*:*:*:*:*",
"matchCriteriaId": "CE90AB17-3998-42D6-BB43-577C05BD8380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.5.stable11:*:*:*:*:*:*:*",
"matchCriteriaId": "6B516FB5-5779-4F81-812B-A321E3E711FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.5.stable12:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD5E8F7-19C7-4733-9A57-033572E8A78B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.5.stable13:*:*:*:*:*:*:*",
"matchCriteriaId": "EB55AD78-C3FA-4DC5-81F0-83CB1385AE5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.5.stable14:*:*:*:*:*:*:*",
"matchCriteriaId": "2B43CE92-434B-4F93-9355-F9CD6D5959EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.6.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "BFC44EF3-8E51-4085-BF6D-57D04C8E8340",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.6.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB29D4DB-00A6-4119-864C-999C182BA2A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.6.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "8361513B-2354-4530-A695-D90331617281",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.6.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "317DF3DF-25DB-4CE6-9528-DFFFCDB2C6FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.6.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "7DDB0DAC-0F5B-4FA6-9278-673C9270ED9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.6.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "986064E6-7DE5-4632-ACE4-F700A4CD8CCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.6.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "726A4FF6-A281-43A0-AEDB-D07AE665BBFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.6.stable8:*:*:*:*:*:*:*",
"matchCriteriaId": "5B6723FF-DB8C-4364-B404-50C8D19316BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.6.stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "0F3343F7-DAD2-4782-81AE-2FFC050EAC20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.6.stable10:*:*:*:*:*:*:*",
"matchCriteriaId": "1F36B48F-8649-4FA8-8B27-CD6481633313",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.6.stable11:*:*:*:*:*:*:*",
"matchCriteriaId": "CB2FABCA-9DFF-4671-B5FD-91F4843ADE14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.6.stable12:*:*:*:*:*:*:*",
"matchCriteriaId": "176881FC-4CD9-46A0-B993-304BB836E361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.6.stable13:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9E3B27-CA69-44EB-A77B-79353077D4E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.6.stable14:*:*:*:*:*:*:*",
"matchCriteriaId": "DE4FA6B2-CABC-44B8-8BEF-245BB95015B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.6.stable15:*:*:*:*:*:*:*",
"matchCriteriaId": "329A0C99-0475-4118-8E2A-A3F995952EFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.6.stable16:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B427C2-15DC-4A49-B0E9-194CA2F8EC7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.6.stable17:*:*:*:*:*:*:*",
"matchCriteriaId": "493E5DB0-EFC0-4D16-983E-380FCCEF0ACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.6.stable18:*:*:*:*:*:*:*",
"matchCriteriaId": "AFB7FCC8-0C90-49F1-97AD-35BBCB84F282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.6.stable19:*:*:*:*:*:*:*",
"matchCriteriaId": "7C2468B0-D8A5-4DE0-B604-B52260833C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.6.stable20:*:*:*:*:*:*:*",
"matchCriteriaId": "599FEFA0-CBA8-4C84-B632-46E3838AD6FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.6.stable21:*:*:*:*:*:*:*",
"matchCriteriaId": "90EF0842-FEB5-404C-97C7-FFB2E7FA620E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.6.stable22:*:*:*:*:*:*:*",
"matchCriteriaId": "FA285976-CD73-4AD7-9F22-A9E0B0D0C876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.6.stable23:*:*:*:*:*:*:*",
"matchCriteriaId": "20BD53FF-2712-475E-BE4D-D4A966D792A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "5EEFEBEE-BA1F-4466-8910-0E643548BC4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "882B5A39-3C56-4C36-977B-16E684F24F69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "054BB0F6-3438-451C-845E-55F74883EF3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "C89EF961-A285-43E9-A20F-E0D394CB08D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "0DF54C1E-228E-4EAE-AD2F-50057FCB6AE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "A53A0BE0-2AB4-43A6-A3DB-B8D70FAB1970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "22EB6552-4AD4-42A1-8751-0F222DBBA802",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7.stable8:*:*:*:*:*:*:*",
"matchCriteriaId": "056A0D7F-8DF5-430E-A9EE-3443E99A2886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7.stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "2758C732-401C-4147-AC84-FDD88BBB7E9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62B9F669-6217-498A-902E-22EDEEFC565E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:-:pre1:*:*:*:*:*",
"matchCriteriaId": "ED54A2B3-6D36-4016-9BF1-83FAD500103F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:-:pre2:*:*:*:*:*",
"matchCriteriaId": "C4F368E3-88A6-463C-AA18-8FA1B9E35A84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:-:pre3:*:*:*:*:*",
"matchCriteriaId": "1451771E-F456-4631-89C8-0A49F4C8F03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:-:pre4:*:*:*:*:*",
"matchCriteriaId": "FC881283-D0DF-482E-8A06-5CFCF0FA0BB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:-:pre5:*:*:*:*:*",
"matchCriteriaId": "E746946A-2D07-402B-A071-9B674F6FEA75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:-:pre6:*:*:*:*:*",
"matchCriteriaId": "6B1A697B-3777-492F-BA53-0BA7A9934C03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:-:pre7:*:*:*:*:*",
"matchCriteriaId": "1C579925-591E-4BD7-A888-B8D2B0228D34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "131C4C00-3811-42BF-A84A-EB2E5DA156B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "047EDDD6-02F5-4B53-8FCA-781962392080",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "01AD43AB-40BF-449F-A121-A8587E7AE449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "3942285D-E20C-45C5-9EF8-821F6D782CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "B3FDB45B-4D91-4427-9565-812919086E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "86C3C8B5-C2A3-4454-9F89-38A860278366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "8B37B7B4-2EAC-4C2A-9526-5C62CBA1DB8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "056EDEEE-A09C-47A2-9217-72E4B8387E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable8:*:*:*:*:*:*:*",
"matchCriteriaId": "2593CB12-03E2-4F98-9B89-C09D5EADE077",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "A44B7A4F-3070-4092-B9AF-3A1CD0897CC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable10:*:*:*:*:*:*:*",
"matchCriteriaId": "EF79D9A9-9C11-4E6D-81D1-32CA8CA95223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable11:*:*:*:*:*:*:*",
"matchCriteriaId": "042FE60B-7239-45C7-8EE3-A036AC7778F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FF5EE89A-720F-456A-BD26-FE46BBA29D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable12:*:*:*:*:*:*:*",
"matchCriteriaId": "ADF61A74-9CF9-413E-B997-4FAE5BA28939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable13:*:*:*:*:*:*:*",
"matchCriteriaId": "5605B00F-438B-45CC-A55D-E75E57BC4684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable14:*:*:*:*:*:*:*",
"matchCriteriaId": "8316B22E-B016-4F0E-9A3F-383E9B1A85A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable15:*:*:*:*:*:*:*",
"matchCriteriaId": "49A2C5CB-E2F1-4A72-9EA3-912050AFEF7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable16:*:*:*:*:*:*:*",
"matchCriteriaId": "574C7DCC-B6E5-42A0-AA44-A0BCD67D1884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable16:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4D0DAD04-02C4-4FC4-BE08-3CAA3B85EB0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable17:*:*:*:*:*:*:*",
"matchCriteriaId": "A2B1F1A5-B435-4A5C-86DF-EC3F29D94417",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable18:*:*:*:*:*:*:*",
"matchCriteriaId": "113EF7A6-3B8D-4A50-8873-FD36FCBF284C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable19:*:*:*:*:*:*:*",
"matchCriteriaId": "DC97E2DA-7378-486B-9178-3B38FF58589B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable20:*:*:*:*:*:*:*",
"matchCriteriaId": "1F178890-2F7E-43F5-8D6D-5EFCD790E758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable21:*:*:*:*:*:*:*",
"matchCriteriaId": "9FA231EB-0F06-4D13-B50D-76FC8393187A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable22:*:*:*:*:*:*:*",
"matchCriteriaId": "31AB1D33-65EE-46DF-9D29-6B2BFACE7EC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable23:*:*:*:*:*:*:*",
"matchCriteriaId": "BDA4744F-5FB2-4DF8-A7B9-A33EAB004CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable24:*:*:*:*:*:*:*",
"matchCriteriaId": "72023FB9-F081-4F0A-9E81-2AF0470EB278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable25:*:*:*:*:*:*:*",
"matchCriteriaId": "2F7D973B-9D57-4F74-89B1-A18CDA388EF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A8586AD-E820-4BAE-AAF9-AC7EF2316C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "802E3D2B-90B7-4725-854F-4174116BC314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7501697A-BCFD-4DC3-8D87-CC9A186D9589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6C4455-85F4-462D-9FF6-F830ED7D398E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B600BF4C-8169-4086-BFE6-F066BE5F5406",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "46272D1B-1468-48C0-B37A-7D06FAC39C47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DA782B4B-486F-4197-BD5D-ABF791D57211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "558D8641-E097-4D91-9B6E-07433844BB82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0B46F5F1-38FC-4E25-8F04-CA2730561DF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C69B0A4D-9619-4BEA-A846-C4438C2660F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "ED17FE35-6B2C-41BF-A7C7-2EECBDB5A934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "78A50750-3A31-482C-B95C-019C8934850E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF6AC30-9570-4D4B-835E-CCADEB546F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB84E4E-6A0A-41C8-9DDF-3C18F526F155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2E49E5C3-D01F-4DBC-B33A-5495D3EC44F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "79C53B22-9F33-43E7-8D1F-EEB0DEF4B503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "25B60DB2-F50C-42F0-B6C9-B25C34B8F578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "DE973F9E-8387-464F-AFA0-25215B340173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "03D3F0E3-0C50-4A86-87F4-90FC82B312F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE26BEC0-B9C7-43F0-B0FB-E81870170B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0778579-A193-4C61-BB1A-6D2E733F3958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED5DC63-6E9D-4068-95DF-AF8FD9A0A7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DE890F9-12C0-4D66-B6C1-6A5A87FAD5F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FB414FE3-3567-474B-B5A7-D3EF5DD63AB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF450F17-12A2-4E33-875A-5F3C2CA4A5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E3AB229E-2C32-410B-BFE2-62DCA734C3F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "78A6D6B0-9BC0-418E-84EE-23697A0FEC19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF7AFE1-A45A-43B7-B3C7-45C060D046BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "41914354-D5BE-4B1F-BED3-0ECA43586537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9A3716-8670-4847-A6EB-F601184D369E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E88EE3-EC00-4F1F-BAEF-4F1F893C5C5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A330DFA8-BF79-45CC-BF88-6CEA26D7BC9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "679A55F8-34B4-435A-8BCE-8F842F3FB269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "898674F9-6BF7-469F-A74E-558EAFC2CD27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "3F50E718-1CF2-4C8F-A1EA-5F769B203B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFAB3BA-BBE9-4CFB-BE6B-BDF3E7772E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F523B8-463E-4FB0-ACB6-E36AAAF85CD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA593D9-907D-4051-A3F2-0F88F01A7C79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "20D2B364-B98A-4484-A10A-86AF43774096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0B7BF076-0D43-407A-86DC-D1163922A787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA576F49-A7F5-4013-89DF-F6C91C15B547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3F52FE-FFB3-4221-8DC7-3F5680A07429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "604FEF42-ABA7-42C1-8A5F-C3AECFD68481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DC2568C1-89CB-41C1-9126-A8665614D0B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C18B5392-3FDB-49E6-89DB-7945D337FBFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9E0E7F-E93C-4DE9-8D91-5EE50BCFAC2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0BFF9D8B-343B-415D-8AF8-B07AF94CC48B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "16F5794B-BBFB-4B12-9A0B-88A0334681C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "17D0083E-8D50-4DC6-979F-685D5CB588AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "138FAD73-1D25-4F46-B9EA-599FF0EDA1AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE34DC1-F654-474E-B6A3-D81B9BF4D6CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8A4BF7AC-7D9F-40D8-A5AA-BE1EBF37CF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "643E8B9B-C3F4-4171-BF67-D9359BDCE5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "A73CBC60-1EF1-4730-9350-EB51F269695B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2721E403-A553-492F-897F-1CD1E2685139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "85B091C4-8104-4A1E-A09D-EBCD114DC829",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA2EDF9C-45AD-4980-8DEF-C7F473B22CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BE4B8448-49FA-491C-A6A2-040233D670B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "11480BB1-874C-48EB-BB03-081313310608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1B739890-99E8-434C-97D4-3739E6C31838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0C7B1871-3C85-4B88-AB42-E60BF5CDFB04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0A71DCD2-0E54-46A7-8309-CDB0736AD5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CD54BDDF-F7A8-4715-BA0E-4E7F741492FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9A2B9699-6622-4883-BA03-E3374C54871A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "78391DAF-2096-4DC4-80E4-D4D2859DCA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "9B062A06-31C1-4B23-B7BD-9F751ABD6A37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "728DD64E-C267-475A-BEA8-C139581DD7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE8F3F5-45A2-418A-9D8E-4E6DFC888BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F4845D4-40D9-431E-A63C-E949B9D9F959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF070E6-0B73-4F6D-8932-B284697FCD2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E07992B-92B4-4307-8DBD-085376C1D6DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "386550A3-A55B-4F24-9625-6A50260ADA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "810D1F9E-81E5-45F0-B62B-AB0A797FF8B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4673327A-1E50-47CC-AD83-6A3D2E687292",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6624AF2D-9EF0-4597-B8B2-20D7A309EA6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F75D13-ED59-42A9-A662-AC77DBA20903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1D2DEDED-818C-42E4-821C-954CE7406DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EEED0A2E-AA5D-4835-A7C6-499325A0EB32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BEDD0AF5-8252-4548-941B-26581393E918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3E939AD4-B8F3-4BC0-9948-3C92B88D2593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "73CAD438-969B-4D2E-8A2F-9264AFAD9DE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1DD85E57-9A51-42DF-8BF7-E5701BAA64AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E983C5C3-C93C-4750-8DC5-31D6206335A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DEC8D212-6E8B-45F7-B7FB-9FFA64C1DB8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F03B2A6E-1D63-42F2-BB31-18EC120B6543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3BC83C4B-7C06-40D7-9EF6-76E752E5724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1E1CC9-81A7-47D5-87AC-86703E257D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D716D8C4-2089-4E61-9487-B2085B74B5BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5332A8F5-8F97-465B-AF24-2FEF0B055006",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6567D19B-DF18-4C52-984A-591524A83AD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "06832CD3-C761-4941-AFAB-822477C568F6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1C288F-326B-497B-B26C-D26E01262DDB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow."
},
{
"lang": "es",
"value": "Error de superaci\u00f3n de l\u00edmite (off-by-one) en la funci\u00f3n snmpHandleUdp en snmp_core.cc en Squid 2.x y 3.x, cuando un puerto SNMP est\u00e1 configurado, permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una solicitud UDP SNMP manipulada, lo que provoca un desbordamiento de buffer basado en memoria din\u00e1mica."
}
],
"id": "CVE-2014-6270",
"lastModified": "2024-11-21T02:14:03.690",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-12T14:55:07.907",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/oss-sec/2014/q3/542"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/oss-sec/2014/q3/550"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/69686"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-2921-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=895773"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1139967"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95873"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/oss-sec/2014/q3/542"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://seclists.org/oss-sec/2014/q3/550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/69686"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2921-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=895773"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1139967"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95873"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201607-01"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-14 15:09
Modified
2024-11-21 02:01
Severity ?
Summary
Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A8586AD-E820-4BAE-AAF9-AC7EF2316C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "802E3D2B-90B7-4725-854F-4174116BC314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7501697A-BCFD-4DC3-8D87-CC9A186D9589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6C4455-85F4-462D-9FF6-F830ED7D398E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B600BF4C-8169-4086-BFE6-F066BE5F5406",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "46272D1B-1468-48C0-B37A-7D06FAC39C47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DA782B4B-486F-4197-BD5D-ABF791D57211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "558D8641-E097-4D91-9B6E-07433844BB82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0B46F5F1-38FC-4E25-8F04-CA2730561DF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C69B0A4D-9619-4BEA-A846-C4438C2660F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "ED17FE35-6B2C-41BF-A7C7-2EECBDB5A934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "78A50750-3A31-482C-B95C-019C8934850E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF6AC30-9570-4D4B-835E-CCADEB546F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB84E4E-6A0A-41C8-9DDF-3C18F526F155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2E49E5C3-D01F-4DBC-B33A-5495D3EC44F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "79C53B22-9F33-43E7-8D1F-EEB0DEF4B503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "25B60DB2-F50C-42F0-B6C9-B25C34B8F578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "DE973F9E-8387-464F-AFA0-25215B340173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "03D3F0E3-0C50-4A86-87F4-90FC82B312F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE26BEC0-B9C7-43F0-B0FB-E81870170B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0778579-A193-4C61-BB1A-6D2E733F3958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED5DC63-6E9D-4068-95DF-AF8FD9A0A7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DE890F9-12C0-4D66-B6C1-6A5A87FAD5F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FB414FE3-3567-474B-B5A7-D3EF5DD63AB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF450F17-12A2-4E33-875A-5F3C2CA4A5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E3AB229E-2C32-410B-BFE2-62DCA734C3F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "78A6D6B0-9BC0-418E-84EE-23697A0FEC19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF7AFE1-A45A-43B7-B3C7-45C060D046BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "41914354-D5BE-4B1F-BED3-0ECA43586537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9A3716-8670-4847-A6EB-F601184D369E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E88EE3-EC00-4F1F-BAEF-4F1F893C5C5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A330DFA8-BF79-45CC-BF88-6CEA26D7BC9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "679A55F8-34B4-435A-8BCE-8F842F3FB269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "898674F9-6BF7-469F-A74E-558EAFC2CD27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "3F50E718-1CF2-4C8F-A1EA-5F769B203B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFAB3BA-BBE9-4CFB-BE6B-BDF3E7772E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F523B8-463E-4FB0-ACB6-E36AAAF85CD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA593D9-907D-4051-A3F2-0F88F01A7C79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "20D2B364-B98A-4484-A10A-86AF43774096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0B7BF076-0D43-407A-86DC-D1163922A787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA576F49-A7F5-4013-89DF-F6C91C15B547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3F52FE-FFB3-4221-8DC7-3F5680A07429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "604FEF42-ABA7-42C1-8A5F-C3AECFD68481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DC2568C1-89CB-41C1-9126-A8665614D0B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C18B5392-3FDB-49E6-89DB-7945D337FBFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9E0E7F-E93C-4DE9-8D91-5EE50BCFAC2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0BFF9D8B-343B-415D-8AF8-B07AF94CC48B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "16F5794B-BBFB-4B12-9A0B-88A0334681C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "17D0083E-8D50-4DC6-979F-685D5CB588AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "138FAD73-1D25-4F46-B9EA-599FF0EDA1AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE34DC1-F654-474E-B6A3-D81B9BF4D6CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8A4BF7AC-7D9F-40D8-A5AA-BE1EBF37CF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "643E8B9B-C3F4-4171-BF67-D9359BDCE5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "A73CBC60-1EF1-4730-9350-EB51F269695B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2721E403-A553-492F-897F-1CD1E2685139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "85B091C4-8104-4A1E-A09D-EBCD114DC829",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA2EDF9C-45AD-4980-8DEF-C7F473B22CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BE4B8448-49FA-491C-A6A2-040233D670B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "11480BB1-874C-48EB-BB03-081313310608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1B739890-99E8-434C-97D4-3739E6C31838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0C7B1871-3C85-4B88-AB42-E60BF5CDFB04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0A71DCD2-0E54-46A7-8309-CDB0736AD5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CD54BDDF-F7A8-4715-BA0E-4E7F741492FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9A2B9699-6622-4883-BA03-E3374C54871A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "78391DAF-2096-4DC4-80E4-D4D2859DCA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "9B062A06-31C1-4B23-B7BD-9F751ABD6A37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "728DD64E-C267-475A-BEA8-C139581DD7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE8F3F5-45A2-418A-9D8E-4E6DFC888BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F4845D4-40D9-431E-A63C-E949B9D9F959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF070E6-0B73-4F6D-8932-B284697FCD2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E07992B-92B4-4307-8DBD-085376C1D6DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "386550A3-A55B-4F24-9625-6A50260ADA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "810D1F9E-81E5-45F0-B62B-AB0A797FF8B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4673327A-1E50-47CC-AD83-6A3D2E687292",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6624AF2D-9EF0-4597-B8B2-20D7A309EA6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F75D13-ED59-42A9-A662-AC77DBA20903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1D2DEDED-818C-42E4-821C-954CE7406DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EEED0A2E-AA5D-4835-A7C6-499325A0EB32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BEDD0AF5-8252-4548-941B-26581393E918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3E939AD4-B8F3-4BC0-9948-3C92B88D2593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1DD85E57-9A51-42DF-8BF7-E5701BAA64AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E983C5C3-C93C-4750-8DC5-31D6206335A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DEC8D212-6E8B-45F7-B7FB-9FFA64C1DB8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F03B2A6E-1D63-42F2-BB31-18EC120B6543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3BC83C4B-7C06-40D7-9EF6-76E752E5724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1E1CC9-81A7-47D5-87AC-86703E257D29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management."
},
{
"lang": "es",
"value": "Squid 3.1 anterior a 3.3.12 y 3.4 anterior a 3.4.4, cuando SSL-Bump est\u00e1 habilitado, permite a atacantes remotos causar una denegaci\u00f3n de servicio (fallo de aserci\u00f3n) a trav\u00e9s de una solicitud de rango manipulada, relacionado con gesti\u00f3n de estado."
}
],
"id": "CVE-2014-0128",
"lastModified": "2024-11-21T02:01:26.307",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-14T15:09:05.710",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00030.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00060.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/57288"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/57889"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/66112"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2014_1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/57288"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/57889"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/66112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2014_1.txt"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-05-18 15:59
Modified
2024-11-21 02:29
Severity ?
Summary
Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*",
"matchCriteriaId": "104DA87B-DEE4-4262-AE50-8E6BC43B228B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1C288F-326B-497B-B26C-D26E01262DDB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFAB3BA-BBE9-4CFB-BE6B-BDF3E7772E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F523B8-463E-4FB0-ACB6-E36AAAF85CD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA593D9-907D-4051-A3F2-0F88F01A7C79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "20D2B364-B98A-4484-A10A-86AF43774096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0B7BF076-0D43-407A-86DC-D1163922A787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA576F49-A7F5-4013-89DF-F6C91C15B547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3F52FE-FFB3-4221-8DC7-3F5680A07429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "604FEF42-ABA7-42C1-8A5F-C3AECFD68481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DC2568C1-89CB-41C1-9126-A8665614D0B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C18B5392-3FDB-49E6-89DB-7945D337FBFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9E0E7F-E93C-4DE9-8D91-5EE50BCFAC2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0BFF9D8B-343B-415D-8AF8-B07AF94CC48B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "16F5794B-BBFB-4B12-9A0B-88A0334681C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "17D0083E-8D50-4DC6-979F-685D5CB588AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "138FAD73-1D25-4F46-B9EA-599FF0EDA1AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE34DC1-F654-474E-B6A3-D81B9BF4D6CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8A4BF7AC-7D9F-40D8-A5AA-BE1EBF37CF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "643E8B9B-C3F4-4171-BF67-D9359BDCE5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "A73CBC60-1EF1-4730-9350-EB51F269695B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2721E403-A553-492F-897F-1CD1E2685139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "85B091C4-8104-4A1E-A09D-EBCD114DC829",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA2EDF9C-45AD-4980-8DEF-C7F473B22CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BE4B8448-49FA-491C-A6A2-040233D670B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "11480BB1-874C-48EB-BB03-081313310608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1B739890-99E8-434C-97D4-3739E6C31838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0C7B1871-3C85-4B88-AB42-E60BF5CDFB04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0A71DCD2-0E54-46A7-8309-CDB0736AD5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CD54BDDF-F7A8-4715-BA0E-4E7F741492FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9A2B9699-6622-4883-BA03-E3374C54871A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "78391DAF-2096-4DC4-80E4-D4D2859DCA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "9B062A06-31C1-4B23-B7BD-9F751ABD6A37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "DE426934-A9E2-4019-99EA-5A76EA7CDF5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "728DD64E-C267-475A-BEA8-C139581DD7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A7A83183-74B1-4041-A961-D9F382AAC7E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE8F3F5-45A2-418A-9D8E-4E6DFC888BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F4845D4-40D9-431E-A63C-E949B9D9F959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF070E6-0B73-4F6D-8932-B284697FCD2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E07992B-92B4-4307-8DBD-085376C1D6DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "386550A3-A55B-4F24-9625-6A50260ADA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "810D1F9E-81E5-45F0-B62B-AB0A797FF8B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4673327A-1E50-47CC-AD83-6A3D2E687292",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6624AF2D-9EF0-4597-B8B2-20D7A309EA6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F75D13-ED59-42A9-A662-AC77DBA20903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1D2DEDED-818C-42E4-821C-954CE7406DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EEED0A2E-AA5D-4835-A7C6-499325A0EB32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BEDD0AF5-8252-4548-941B-26581393E918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3E939AD4-B8F3-4BC0-9948-3C92B88D2593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "73CAD438-969B-4D2E-8A2F-9264AFAD9DE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "87259A2E-E132-45BA-8AC4-8CC50B1F659A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1DD85E57-9A51-42DF-8BF7-E5701BAA64AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E983C5C3-C93C-4750-8DC5-31D6206335A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DEC8D212-6E8B-45F7-B7FB-9FFA64C1DB8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F03B2A6E-1D63-42F2-BB31-18EC120B6543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3BC83C4B-7C06-40D7-9EF6-76E752E5724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1E1CC9-81A7-47D5-87AC-86703E257D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D716D8C4-2089-4E61-9487-B2085B74B5BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5332A8F5-8F97-465B-AF24-2FEF0B055006",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6567D19B-DF18-4C52-984A-591524A83AD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "06832CD3-C761-4941-AFAB-822477C568F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "40507A48-FD3B-4309-B017-A1644C5C3520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0211EBCA-144F-4BDD-8F0C-E5F7BDF96E7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7A52E699-6C08-4324-AD38-E8D40A02701F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "94C493CA-CBF0-4D15-8D1A-0E972E31F7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C398219E-503D-4DE5-85E8-5570536D6FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0868B12-EDF9-42D9-BB43-15F623A3310B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F710949D-F0FE-43F4-ADB3-6EB679A70280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB75144-2437-40A8-8CA3-A487B603F7DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6CED2CB3-BE78-4818-A6D7-847A1ACE74DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "705D8320-A278-483A-AE47-802044CE685E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "715634E1-F7BE-4106-BDA7-B7D147EEA800",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate."
},
{
"lang": "es",
"value": "Squid 3.2.x en versiones anteriores a 3.2.14, 3.3.x en versiones anteriores a 3.3.14, 3.4.x en versiones anteriores a 3.4.13 y 3.5.x en versiones anteriores a 3.5.4, cuando el primer cliente est\u00e1 configurado mediante SSL-bump, no valida adecuadamente el dominio o campos de nombre de host de certificados X.509, lo que permite a atacantes man-in-the-middle suplantar servidores SSL a trav\u00e9s de un certificado v\u00e1lido."
}
],
"id": "CVE-2015-3455",
"lastModified": "2024-11-21T02:29:27.457",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-05-18T15:59:11.650",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2015-0191.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183598.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00016.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2378.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:230"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/74438"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032221"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2015_1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2015-0191.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183598.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2378.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/74438"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2015_1.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-25 14:59
Modified
2024-11-21 02:51
Severity ?
Summary
Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62B9F669-6217-498A-902E-22EDEEFC565E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A8586AD-E820-4BAE-AAF9-AC7EF2316C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "802E3D2B-90B7-4725-854F-4174116BC314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7501697A-BCFD-4DC3-8D87-CC9A186D9589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6C4455-85F4-462D-9FF6-F830ED7D398E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B600BF4C-8169-4086-BFE6-F066BE5F5406",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "46272D1B-1468-48C0-B37A-7D06FAC39C47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DA782B4B-486F-4197-BD5D-ABF791D57211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "558D8641-E097-4D91-9B6E-07433844BB82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0B46F5F1-38FC-4E25-8F04-CA2730561DF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C69B0A4D-9619-4BEA-A846-C4438C2660F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "ED17FE35-6B2C-41BF-A7C7-2EECBDB5A934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "78A50750-3A31-482C-B95C-019C8934850E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF6AC30-9570-4D4B-835E-CCADEB546F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB84E4E-6A0A-41C8-9DDF-3C18F526F155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2E49E5C3-D01F-4DBC-B33A-5495D3EC44F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "79C53B22-9F33-43E7-8D1F-EEB0DEF4B503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "25B60DB2-F50C-42F0-B6C9-B25C34B8F578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "DE973F9E-8387-464F-AFA0-25215B340173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "03D3F0E3-0C50-4A86-87F4-90FC82B312F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE26BEC0-B9C7-43F0-B0FB-E81870170B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0778579-A193-4C61-BB1A-6D2E733F3958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED5DC63-6E9D-4068-95DF-AF8FD9A0A7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DE890F9-12C0-4D66-B6C1-6A5A87FAD5F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FB414FE3-3567-474B-B5A7-D3EF5DD63AB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF450F17-12A2-4E33-875A-5F3C2CA4A5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E3AB229E-2C32-410B-BFE2-62DCA734C3F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "78A6D6B0-9BC0-418E-84EE-23697A0FEC19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF7AFE1-A45A-43B7-B3C7-45C060D046BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "41914354-D5BE-4B1F-BED3-0ECA43586537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9A3716-8670-4847-A6EB-F601184D369E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E88EE3-EC00-4F1F-BAEF-4F1F893C5C5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A330DFA8-BF79-45CC-BF88-6CEA26D7BC9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B218819-0975-4E1F-8F6C-D666655937B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "594A05FF-E5D2-4132-BF03-44D6866D8133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B22C192-02F2-4AD4-A305-BADCC09E8075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "679A55F8-34B4-435A-8BCE-8F842F3FB269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "898674F9-6BF7-469F-A74E-558EAFC2CD27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "3F50E718-1CF2-4C8F-A1EA-5F769B203B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "290D66F4-D27F-4E86-AC95-05082F3C2E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "A8CD6A42-2C79-48EB-8F6C-0A7CE0C6AAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "ABBA9A61-2B05-4527-A49D-425AD5FD863B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "E893D7A8-9C39-438C-8EF2-9573EEDC884A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "0B707451-BF0E-4F79-A348-B1141ABA6EF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "810AAA9D-F4B2-4F0A-89DD-2D9378516481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "516F3F77-3AEA-489D-A36F-C502B4D9BF01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFAB3BA-BBE9-4CFB-BE6B-BDF3E7772E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F523B8-463E-4FB0-ACB6-E36AAAF85CD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA593D9-907D-4051-A3F2-0F88F01A7C79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "20D2B364-B98A-4484-A10A-86AF43774096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0B7BF076-0D43-407A-86DC-D1163922A787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA576F49-A7F5-4013-89DF-F6C91C15B547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3F52FE-FFB3-4221-8DC7-3F5680A07429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "604FEF42-ABA7-42C1-8A5F-C3AECFD68481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DC2568C1-89CB-41C1-9126-A8665614D0B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C18B5392-3FDB-49E6-89DB-7945D337FBFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9E0E7F-E93C-4DE9-8D91-5EE50BCFAC2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0BFF9D8B-343B-415D-8AF8-B07AF94CC48B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "16F5794B-BBFB-4B12-9A0B-88A0334681C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "17D0083E-8D50-4DC6-979F-685D5CB588AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "138FAD73-1D25-4F46-B9EA-599FF0EDA1AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE34DC1-F654-474E-B6A3-D81B9BF4D6CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8A4BF7AC-7D9F-40D8-A5AA-BE1EBF37CF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "643E8B9B-C3F4-4171-BF67-D9359BDCE5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "A73CBC60-1EF1-4730-9350-EB51F269695B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2721E403-A553-492F-897F-1CD1E2685139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "85B091C4-8104-4A1E-A09D-EBCD114DC829",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA2EDF9C-45AD-4980-8DEF-C7F473B22CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BE4B8448-49FA-491C-A6A2-040233D670B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "11480BB1-874C-48EB-BB03-081313310608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1B739890-99E8-434C-97D4-3739E6C31838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0C7B1871-3C85-4B88-AB42-E60BF5CDFB04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0A71DCD2-0E54-46A7-8309-CDB0736AD5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CD54BDDF-F7A8-4715-BA0E-4E7F741492FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9A2B9699-6622-4883-BA03-E3374C54871A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "78391DAF-2096-4DC4-80E4-D4D2859DCA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "9B062A06-31C1-4B23-B7BD-9F751ABD6A37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "DE426934-A9E2-4019-99EA-5A76EA7CDF5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "728DD64E-C267-475A-BEA8-C139581DD7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A7A83183-74B1-4041-A961-D9F382AAC7E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE8F3F5-45A2-418A-9D8E-4E6DFC888BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F4845D4-40D9-431E-A63C-E949B9D9F959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF070E6-0B73-4F6D-8932-B284697FCD2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E07992B-92B4-4307-8DBD-085376C1D6DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "386550A3-A55B-4F24-9625-6A50260ADA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "810D1F9E-81E5-45F0-B62B-AB0A797FF8B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4673327A-1E50-47CC-AD83-6A3D2E687292",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6624AF2D-9EF0-4597-B8B2-20D7A309EA6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F75D13-ED59-42A9-A662-AC77DBA20903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1D2DEDED-818C-42E4-821C-954CE7406DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EEED0A2E-AA5D-4835-A7C6-499325A0EB32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BEDD0AF5-8252-4548-941B-26581393E918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3E939AD4-B8F3-4BC0-9948-3C92B88D2593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "73CAD438-969B-4D2E-8A2F-9264AFAD9DE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "87259A2E-E132-45BA-8AC4-8CC50B1F659A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "76245991-1D91-4475-87E1-FBB77A1B3CDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1DD85E57-9A51-42DF-8BF7-E5701BAA64AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E983C5C3-C93C-4750-8DC5-31D6206335A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DEC8D212-6E8B-45F7-B7FB-9FFA64C1DB8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F03B2A6E-1D63-42F2-BB31-18EC120B6543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3BC83C4B-7C06-40D7-9EF6-76E752E5724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1E1CC9-81A7-47D5-87AC-86703E257D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D716D8C4-2089-4E61-9487-B2085B74B5BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BBC5AAD-34E1-48A5-972A-A09D66EFE825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "79E26DC8-1030-4F3F-96B9-6BF159D86FCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "40507A48-FD3B-4309-B017-A1644C5C3520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0211EBCA-144F-4BDD-8F0C-E5F7BDF96E7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7A52E699-6C08-4324-AD38-E8D40A02701F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "94C493CA-CBF0-4D15-8D1A-0E972E31F7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C398219E-503D-4DE5-85E8-5570536D6FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "BBF91088-0BD3-48EB-8D19-C05F156D4A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "3441D193-DA62-4AC1-8E50-3AEEF8C659F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0868B12-EDF9-42D9-BB43-15F623A3310B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F710949D-F0FE-43F4-ADB3-6EB679A70280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB75144-2437-40A8-8CA3-A487B603F7DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6CED2CB3-BE78-4818-A6D7-847A1ACE74DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "705D8320-A278-483A-AE47-802044CE685E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "715634E1-F7BE-4106-BDA7-B7D147EEA800",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "21E9E155-FC6F-46E7-8BF7-65DF097409D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CF72FA7A-E35D-4000-9DDA-71E55EA3A4D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3F10F-938E-44D6-845D-B66EF9812C21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B1D82EEE-F65E-4657-B0F7-6CE33D219134",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C9E6A845-B67C-4112-8240-9F61D6AF3B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4BEDD7E3-E263-4A09-9C11-3E008E01BC28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "80E3FF16-A6CD-456C-B58A-381A75D8616C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "87D02AB2-AA26-4416-B689-02C5EEF2099C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A134E1F1-AFCC-498B-8840-5884CF858769",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F4E7D0-B6F4-476E-A011-55619E91A3B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "95588755-27E8-4DB7-B865-A784D3638FE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2CD4DDBC-4243-459A-B43D-FF8F0AE0BA3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0F90E11F-FC03-46D9-A9C4-A578196D59D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "EDC9BEE2-D7E4-4192-963C-E9F2364FC8CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "060FCBEA-DEAA-42FB-88C9-4B78136B172F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "74987102-8CA8-4120-B686-F18579A96A46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DA7828AA-48B6-44CD-8507-345A4F0A25BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6640F25F-CC8B-4B05-A97A-2186BD0B5ED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A037F780-6FC9-4130-908F-B5434FA0C7DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1DDEB455-F082-44E4-8CEA-019C0084BF05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "49555803-288E-4B0A-B12A-890E5E0AD05F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEE374C-365E-49DE-A9F9-6083044C774D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*",
"matchCriteriaId": "CC7A498A-A669-4C42-8134-86103C799D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*",
"matchCriteriaId": "104DA87B-DEE4-4262-AE50-8E6BC43B228B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses."
},
{
"lang": "es",
"value": "Desbordamiento de buffer en Squid 3.x en versiones anteriores a 3.5.17 y 4.x en versiones anteriores a 4.0.9 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de respuestas Edge Side Includes (ESI) manipuladas."
}
],
"id": "CVE-2016-4054",
"lastModified": "2024-11-21T02:51:15.140",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-25T14:59:05.487",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3625"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/6"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/9"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/86788"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1035647"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_6.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2995-1"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2016:1138"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2016:1139"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2016:1140"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/86788"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1035647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_6.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2995-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2016:1138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2016:1139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2016:1140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201607-01"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-01 20:15
Modified
2025-02-13 18:15
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8CC0157-8647-4BC3-AD22-4325B85D8A78",
"versionEndExcluding": "6.4",
"versionStartIncluding": "3.3.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid\u0027s patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages."
},
{
"lang": "es",
"value": "Squid es un proxy de almacenamiento en cach\u00e9 para la Web. Debido a un error de validaci\u00f3n incorrecta del \u00edndice especificado, las versiones de Squid 3.3.0.1 a 5.9 y 6.0 anteriores a 6.4 compiladas usando `--with-openssl` son vulnerables a un ataque de Denegaci\u00f3n de Servicio contra la validaci\u00f3n del certificado SSL. Este problema permite que un servidor remoto realice una denegaci\u00f3n de servicio contra Squid Proxy iniciando un protocolo de enlace TLS con un certificado SSL especialmente manipulado en una cadena de certificados de servidor. Este ataque se limita a HTTPS y SSL-Bump. Este error se solucion\u00f3 en la versi\u00f3n 6.4 de Squid. Adem\u00e1s, los parches que solucionan este problema para las versiones estables se pueden encontrar en los archivos de parches de Squid. Aquellos que utilicen una versi\u00f3n empaquetada de Squid deben consultar al proveedor del paquete para obtener informaci\u00f3n sobre la disponibilidad de paquetes actualizados."
}
],
"id": "CVE-2023-46724",
"lastModified": "2025-02-13T18:15:36.657",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-01T20:15:08.800",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v5/SQUID-2023_4.patch"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v6/SQUID-2023_4.patch"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/squid-cache/squid/commit/b70f864940225dfe69f9f653f948e787f99c3810"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/"
},
{
"source": "security-advisories@github.com",
"url": "https://security.netapp.com/advisory/ntap-20231208-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v5/SQUID-2023_4.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v6/SQUID-2023_4.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/squid-cache/squid/commit/b70f864940225dfe69f9f653f948e787f99c3810"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20231208-0001/"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
},
{
"lang": "en",
"value": "CWE-129"
},
{
"lang": "en",
"value": "CWE-786"
},
{
"lang": "en",
"value": "CWE-823"
},
{
"lang": "en",
"value": "CWE-1285"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-15 19:15
Modified
2024-11-21 04:23
Severity ?
Summary
An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is implemented via url_regex. The handler for url_regex rules URL decodes an incoming request. This allows an attacker to encode their URL to bypass the url_regex check, and gain access to the blocked resource.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5584C95-5CB1-4D45-8C05-633746AE2AB4",
"versionEndIncluding": "4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is implemented via url_regex. The handler for url_regex rules URL decodes an incoming request. This allows an attacker to encode their URL to bypass the url_regex check, and gain access to the blocked resource."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Squid versiones hasta 4.7. Al manejar las peticiones de los usuarios, Squid verifica sus reglas para visualizar si la petici\u00f3n debe ser denegada. Squid por defecto viene con reglas para bloquear el acceso al Cache Manager, que sirve informaci\u00f3n detallada del servidor destinada al mantenedor. Esta regla es implementada por medio de url_regex. El manejador de reglas URL de url_regex decodifica una petici\u00f3n entrante. Esto permite a un atacante codificar su URL para omitir la comprobaci\u00f3n de url_regex y obtener acceso al recurso bloqueado."
}
],
"id": "CVE-2019-12524",
"lastModified": "2024-11-21T04:23:02.080",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-15T19:15:12.533",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12524.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210205-0006/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4446-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12524.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210205-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4446-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-04 20:15
Modified
2024-11-21 05:38
Severity ?
Summary
An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.10 | |
| opensuse | leap | 15.1 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCB84835-9A10-4970-8A4B-6467A2BD4FCB",
"versionEndExcluding": "4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Squid versiones anteriores a 4.10. Debido a una administraci\u00f3n del b\u00fafer incorrecta, un cliente remoto puede causar un desbordamiento del b\u00fafer en una instancia de Squid que act\u00faa como un proxy inverso."
}
],
"id": "CVE-2020-8450",
"lastModified": "2024-11-21T05:38:52.967",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-04T20:15:14.777",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2020_1.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-34"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210304-0002/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4289-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2020_1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-34"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210304-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4289-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-131"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-28 15:15
Modified
2025-01-03 12:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the default build configuration of Squid version 6.10.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "269E064C-AAF8-4A48-BBAB-76A37C1A0684",
"versionEndExcluding": "6.10",
"versionStartIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the default build configuration of Squid version 6.10."
},
{
"lang": "es",
"value": "Squid es un proxy de almacenamiento en cach\u00e9 de c\u00f3digo abierto para la Web compatible con HTTP, HTTPS, FTP y m\u00e1s. Debido a errores de validaci\u00f3n de entrada, liberaci\u00f3n prematura de recursos durante el tiempo de vida \u00fatil esperado y falta de liberaci\u00f3n de recursos despu\u00e9s del tiempo de vida \u00fatil efectivo, Squid es vulnerable a ataques de denegaci\u00f3n de servicio por parte de un servidor confiable contra todos los clientes que utilicen el proxy. Este error se corrigi\u00f3 en la configuraci\u00f3n de compilaci\u00f3n predeterminada de la versi\u00f3n 6.10 de Squid."
}
],
"id": "CVE-2024-45802",
"lastModified": "2025-01-03T12:15:26.117",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-28T15:15:04.857",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-f975-v7qw-q7hj"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20250103-0004/"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-04-28 10:06
Modified
2024-11-21 01:38
Severity ?
Summary
Squid 3.1.9 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher is unable to provide a squid.conf file for a vulnerable system, and the observed behavior is consistent with a squid.conf file that was (perhaps inadvertently) designed to allow access based on a "req_header Host" acl regex that matches www.uol.com.br
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | 3.1.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "41914354-D5BE-4B1F-BED3-0ECA43586537",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Squid 3.1.9 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher is unable to provide a squid.conf file for a vulnerable system, and the observed behavior is consistent with a squid.conf file that was (perhaps inadvertently) designed to allow access based on a \"req_header Host\" acl regex that matches www.uol.com.br"
},
{
"lang": "es",
"value": "** EN DISPUTA ** Squid v3.1.9 permite a atacantes remotos evitar la configuraci\u00f3n de acceso para el m\u00e9todo CONNECT, proporcionando un nombre de host arbitrario en la cabecera \u0027host HTTP\u0027. NOTA: este problema no puede ser reproducible, porque el investigador es incapaz de proporcionar un archivo squid.conf de un sistema vulnerable, y el comportamiento observado es consistente con un archivo squid.conf que fue (tal vez sin darse cuenta), dise\u00f1ado para permitir el acceso basado en una expresi\u00f3n regular de ACL \"host req_header\" que coincide con www.uol.com.br."
}
],
"id": "CVE-2012-2213",
"lastModified": "2024-11-21T01:38:43.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-04-28T10:06:13.273",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0117.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0131.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0140.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0146.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0163.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0165.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0117.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0131.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0140.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0146.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0163.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0165.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-09 11:29
Modified
2024-11-21 03:57
Severity ?
Summary
Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA0D3B55-6D37-49A2-93E4-9E227195CBE8",
"versionEndExcluding": "4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet."
},
{
"lang": "es",
"value": "Squid en versiones anteriores a la 4.4, cuando est\u00e1 habilitado SNMP, permite una denegaci\u00f3n de servicio (fuga de memoria) mediante un paquete SNMP."
}
],
"id": "CVE-2018-19132",
"lastModified": "2024-11-21T03:57:23.527",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-09T11:29:03.953",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2018_5.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v5/changesets/squid-5-644131ff1e00c1895d77561f561d29c104ba6b11.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/pull/313"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00032.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4059-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2018_5.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v5/changesets/squid-5-644131ff1e00c1895d77561f561d29c104ba6b11.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/pull/313"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4059-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-772"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-09 23:29
Modified
2024-11-21 03:39
Severity ?
Summary
The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07AA78F0-BFDD-4DF6-9B03-D70E23B73E1C",
"versionEndExcluding": "4.0.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later."
},
{
"lang": "es",
"value": "Squid Software Foundation Squid HTTP Caching Proxy, en versiones anteriores a la 4.0.23, contiene una vulnerabilidad de desreferencia de puntero NULL en el procesamiento de cabeceras HTTP Response X-Forwarded-For. Esto puede resultar en una denegaci\u00f3n de servicio (DoS) para todos los clientes que empleen el proxy. Este ataque parece ser explotable mediante un servidor HTTP remoto que responda con una cabecera X-Forwarded-For a ciertos tipos de petici\u00f3n HTTP. Parece ser que la vulnerabilidad se ha solucionado en la versi\u00f3n 4.0.23 y siguientes."
}
],
"id": "CVE-2018-1000027",
"lastModified": "2024-11-21T03:39:27.673",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-09T23:29:00.870",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2018_2.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_2.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2018_2.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/pull/129/files"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3557-1/"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4059-2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2018_2.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_2.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2018_2.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/pull/129/files"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3557-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4059-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4122"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-04 20:15
Modified
2024-11-21 05:38
Severity ?
Summary
An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating and a denial of service for all clients using the proxy.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| opensuse | leap | 15.1 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCB84835-9A10-4970-8A4B-6467A2BD4FCB",
"versionEndExcluding": "4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating and a denial of service for all clients using the proxy."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Squid versiones anteriores a 4.10. Debido a una comprobaci\u00f3n de entrada incorrecta, el analizador de credenciales de autenticaci\u00f3n NTLM en la funci\u00f3n ext_lm_group_acl puede escribir en la memoria fuera del b\u00fafer de credenciales. En sistemas con protecciones de acceso a la memoria, esto puede resultar en que el proceso auxiliar termine inesperadamente. Esto conlleva a que el proceso de Squid tambi\u00e9n termine y a una denegaci\u00f3n de servicio para todos los clientes que est\u00e1n usando el proxy."
}
],
"id": "CVE-2020-8517",
"lastModified": "2024-11-21T05:38:59.020",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-04T20:15:14.857",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2020_3.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-6982f1187a26557e582172965e266f544ea562a5.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-34"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210304-0002/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4289-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2020_3.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-6982f1187a26557e582172965e266f544ea562a5.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-34"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210304-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4289-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-11-06 21:59
Modified
2024-11-21 02:21
Severity ?
Summary
Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | 3.4.4 | |
| squid-cache | squid | 3.4.5 | |
| squid-cache | squid | 3.4.6 | |
| squid-cache | squid | 3.4.7 | |
| squid-cache | squid | 3.4.8 | |
| squid-cache | squid | 3.4.9 | |
| squid-cache | squid | 3.4.10 | |
| squid-cache | squid | 3.4.11 | |
| squid-cache | squid | 3.4.12 | |
| squid-cache | squid | 3.4.13 | |
| squid-cache | squid | 3.5.0.1 | |
| squid-cache | squid | 3.5.0.2 | |
| squid-cache | squid | 3.5.0.3 | |
| squid-cache | squid | 3.5.0.4 | |
| squid-cache | squid | 3.5.1 | |
| opensuse | opensuse | 13.1 | |
| opensuse | opensuse | 13.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D716D8C4-2089-4E61-9487-B2085B74B5BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5332A8F5-8F97-465B-AF24-2FEF0B055006",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6567D19B-DF18-4C52-984A-591524A83AD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "06832CD3-C761-4941-AFAB-822477C568F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "40507A48-FD3B-4309-B017-A1644C5C3520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0211EBCA-144F-4BDD-8F0C-E5F7BDF96E7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7A52E699-6C08-4324-AD38-E8D40A02701F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "94C493CA-CBF0-4D15-8D1A-0E972E31F7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C398219E-503D-4DE5-85E8-5570536D6FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "BBF91088-0BD3-48EB-8D19-C05F156D4A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0868B12-EDF9-42D9-BB43-15F623A3310B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F710949D-F0FE-43F4-ADB3-6EB679A70280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB75144-2437-40A8-8CA3-A487B603F7DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6CED2CB3-BE78-4818-A6D7-847A1ACE74DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "705D8320-A278-483A-AE47-802044CE685E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka \"Nonce replay vulnerability.\""
},
{
"lang": "es",
"value": "Squid 3.4.4 hasta la versi\u00f3n 3.4.11 y 3.5.0.1 hasta la versi\u00f3n 3.5.1, cuando es utilizada la autenticaci\u00f3n Digest, permiten a usuarios remotos autenticados retener el acceso aprovechando un nonce caducado, tambi\u00e9n conocido como \u0027Nonce replay vulnerability\u0027."
}
],
"id": "CVE-2014-9749",
"lastModified": "2024-11-21T02:21:34.983",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-11-06T21:59:00.123",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.squid-cache.org/show_bug.cgi?id=4066"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00052.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/10/01/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/10/11/4"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/10/12/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.squid-cache.org/show_bug.cgi?id=4066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00052.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/10/01/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/10/11/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/10/12/2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-26 17:15
Modified
2024-11-21 04:33
Severity ?
Summary
An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.04 | |
| canonical | ubuntu_linux | 19.10 | |
| debian | debian_linux | 8.0 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "466DF174-7C87-4D0E-B10D-F3F88014D9F5",
"versionEndIncluding": "2.7",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC9F2659-B37B-4E7B-AE40-B91BF3CE4E88",
"versionEndIncluding": "3.5.28",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A278895E-7005-4F4B-8649-A013F60E33D4",
"versionEndIncluding": "4.8",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable2:*:*:*:*:*:*",
"matchCriteriaId": "EFBB466C-C679-4B4B-87C2-E7853E5B3F04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable3:*:*:*:*:*:*",
"matchCriteriaId": "A03692DD-779F-4E3C-861C-29943870A816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable4:*:*:*:*:*:*",
"matchCriteriaId": "79FF6B3C-A3CE-4AA2-80F9-44D05A6B2F08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable5:*:*:*:*:*:*",
"matchCriteriaId": "3CF6E367-D33B-4B60-8C40-4618C47D53E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable6:*:*:*:*:*:*",
"matchCriteriaId": "0FA1F4FE-629C-4489-A13C-017A824C840F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable7:*:*:*:*:*:*",
"matchCriteriaId": "2479C5BF-94E1-4153-9FA3-333BC00F01D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable8:*:*:*:*:*:*",
"matchCriteriaId": "8ABFCCCC-7584-466E-97CC-6EBD3934A70E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable9:*:*:*:*:*:*",
"matchCriteriaId": "F17E49BF-FB11-4EE6-B6AC-30914F381B2F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Squid versiones 2.x, 3.x y versiones 4.x hasta 4.8. Debido a una gesti\u00f3n de datos incorrecta, es vulnerable a una divulgaci\u00f3n de informaci\u00f3n cuando se procesa HTTP Digest Authentication. Los tokens Nonce contienen el valor de byte sin procesar de un puntero que se encuentra dentro de la asignaci\u00f3n de memoria heap. Esta informaci\u00f3n reduce las protecciones de ASLR y puede ayudar a atacantes a aislar \u00e1reas de memoria para apuntar ataques de ejecuci\u00f3n de c\u00f3digo remota."
}
],
"id": "CVE-2019-18679",
"lastModified": "2024-11-21T04:33:31.133",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-26T17:15:13.047",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_11.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1156324"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/pull/491"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/202003-34"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4213-1/"
},
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_11.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1156324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/pull/491"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202003-34"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4213-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2020/dsa-4682"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-09 23:29
Modified
2024-11-21 03:39
Severity ?
Summary
The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax.. This vulnerability appears to have been fixed in 4.0.23 and later.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FEA210B-5C46-41BF-9419-7C6F71ADDC9E",
"versionEndIncluding": "3.5.27",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A880903B-1BA7-4AEF-9751-0D99C9D5F3FE",
"versionEndIncluding": "4.0.22",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax.. This vulnerability appears to have been fixed in 4.0.23 and later."
},
{
"lang": "es",
"value": "Squid Software Foundation Squid HTTP Caching Proxy, en versiones 3.0 a 3.5.27 y 4.0 a 4.0.22 contiene una vulnerabilidad de manipulaci\u00f3n de punteros incorrecta en el procesamiento de respuestas ESI. Esto puede resultar en una denegaci\u00f3n de servicio (DoS) para todos los clientes que empleen el proxy. Parece que el ataque puede ser explotado mediante servidores remotos que env\u00edan una carga \u00fatil de respuesta HTTP que contiene una sintaxis v\u00e1lida pero inusual de ESI. Parece ser que la vulnerabilidad se ha solucionado en la versi\u00f3n 4.0.23 y siguientes."
}
],
"id": "CVE-2018-1000024",
"lastModified": "2024-11-21T03:39:27.140",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-09T23:29:00.730",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2018_1.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3557-1/"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4059-2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2018_1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3557-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4059-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4122"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-09 22:15
Modified
2024-11-21 05:59
Severity ?
3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08C691FC-146C-47D0-8FAD-FA7C5A8A2800",
"versionEndIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD26F61-9933-44D9-9F99-5A4702D90A56",
"versionEndIncluding": "5.0.5",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody."
},
{
"lang": "es",
"value": "Squid versiones hasta 4.14 y 5.xa 5.0.5, en algunas configuraciones, permite la divulgaci\u00f3n de informaci\u00f3n debido a una lectura fuera de l\u00edmites en los datos del protocolo WCCP.\u0026#xa0;Esto puede ser aprovechado como parte de una cadena para la ejecuci\u00f3n remota de c\u00f3digo como nobody"
}
],
"id": "CVE-2021-28116",
"lastModified": "2024-11-21T05:59:06.753",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-09T22:15:12.880",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/10/04/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-rgf3-9v3p-qp82"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202105-14"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5171"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-157/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/10/04/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-rgf3-9v3p-qp82"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202105-14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5171"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-157/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-09 22:55
Modified
2024-11-21 01:54
Severity ?
Summary
Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server termination) via a long name in a DNS lookup request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| opensuse | opensuse | 11.4 | |
| opensuse | opensuse | 12.2 | |
| opensuse | opensuse | 12.3 | |
| squid-cache | squid | 3.2.0.1 | |
| squid-cache | squid | 3.2.0.2 | |
| squid-cache | squid | 3.2.0.3 | |
| squid-cache | squid | 3.2.0.4 | |
| squid-cache | squid | 3.2.0.5 | |
| squid-cache | squid | 3.2.0.6 | |
| squid-cache | squid | 3.2.0.7 | |
| squid-cache | squid | 3.2.0.8 | |
| squid-cache | squid | 3.2.0.9 | |
| squid-cache | squid | 3.2.0.10 | |
| squid-cache | squid | 3.2.0.11 | |
| squid-cache | squid | 3.3.0 | |
| squid-cache | squid | 3.3.0.2 | |
| squid-cache | squid | 3.3.0.3 | |
| squid-cache | squid | 3.3.1 | |
| squid-cache | squid | 3.3.2 | |
| squid-cache | squid | 3.3.3 | |
| squid-cache | squid | 3.3.4 | |
| squid-cache | squid | 3.3.5 | |
| squid-cache | squid | 3.3.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFAB3BA-BBE9-4CFB-BE6B-BDF3E7772E7F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F523B8-463E-4FB0-ACB6-E36AAAF85CD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA593D9-907D-4051-A3F2-0F88F01A7C79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "20D2B364-B98A-4484-A10A-86AF43774096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0B7BF076-0D43-407A-86DC-D1163922A787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA576F49-A7F5-4013-89DF-F6C91C15B547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3F52FE-FFB3-4221-8DC7-3F5680A07429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "604FEF42-ABA7-42C1-8A5F-C3AECFD68481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DC2568C1-89CB-41C1-9126-A8665614D0B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C18B5392-3FDB-49E6-89DB-7945D337FBFB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9E0E7F-E93C-4DE9-8D91-5EE50BCFAC2A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "728DD64E-C267-475A-BEA8-C139581DD7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE8F3F5-45A2-418A-9D8E-4E6DFC888BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F4845D4-40D9-431E-A63C-E949B9D9F959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF070E6-0B73-4F6D-8932-B284697FCD2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E07992B-92B4-4307-8DBD-085376C1D6DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "386550A3-A55B-4F24-9625-6A50260ADA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "810D1F9E-81E5-45F0-B62B-AB0A797FF8B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4673327A-1E50-47CC-AD83-6A3D2E687292",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6624AF2D-9EF0-4597-B8B2-20D7A309EA6F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server termination) via a long name in a DNS lookup request."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en la funci\u00f3n idnsALookup en dns_internal.cc en Squid v3.2 hasta v3.2.11 y v3.3 hasta v3.3.6, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria o finalizaci\u00f3n de servicio) a trav\u00e9s de un nombre largo en una petici\u00f3n \u201cDNS lookup\u201d."
}
],
"id": "CVE-2013-4115",
"lastModified": "2024-11-21T01:54:54.763",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-08-09T22:55:03.747",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00024.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00025.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00030.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00032.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00033.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54076"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54834"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54839"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/07/11/8"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/61111"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2013_2.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9200.patch"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10487.patch"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11823.patch"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12587.patch"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85564"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00033.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54839"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/07/11/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/61111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2013_2.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9200.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10487.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11823.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12587.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85564"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-26 15:59
Modified
2024-11-21 02:16
Severity ?
Summary
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0B1C288F-326B-497B-B26C-D26E01262DDB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
"matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE26BEC0-B9C7-43F0-B0FB-E81870170B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0778579-A193-4C61-BB1A-6D2E733F3958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED5DC63-6E9D-4068-95DF-AF8FD9A0A7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DE890F9-12C0-4D66-B6C1-6A5A87FAD5F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FB414FE3-3567-474B-B5A7-D3EF5DD63AB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF450F17-12A2-4E33-875A-5F3C2CA4A5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E3AB229E-2C32-410B-BFE2-62DCA734C3F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "78A6D6B0-9BC0-418E-84EE-23697A0FEC19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF7AFE1-A45A-43B7-B3C7-45C060D046BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "41914354-D5BE-4B1F-BED3-0ECA43586537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9A3716-8670-4847-A6EB-F601184D369E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E88EE3-EC00-4F1F-BAEF-4F1F893C5C5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A330DFA8-BF79-45CC-BF88-6CEA26D7BC9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "679A55F8-34B4-435A-8BCE-8F842F3FB269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "898674F9-6BF7-469F-A74E-558EAFC2CD27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "3F50E718-1CF2-4C8F-A1EA-5F769B203B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "290D66F4-D27F-4E86-AC95-05082F3C2E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "A8CD6A42-2C79-48EB-8F6C-0A7CE0C6AAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "ABBA9A61-2B05-4527-A49D-425AD5FD863B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "E893D7A8-9C39-438C-8EF2-9573EEDC884A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "0B707451-BF0E-4F79-A348-B1141ABA6EF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "810AAA9D-F4B2-4F0A-89DD-2D9378516481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "516F3F77-3AEA-489D-A36F-C502B4D9BF01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFAB3BA-BBE9-4CFB-BE6B-BDF3E7772E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F523B8-463E-4FB0-ACB6-E36AAAF85CD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA593D9-907D-4051-A3F2-0F88F01A7C79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "20D2B364-B98A-4484-A10A-86AF43774096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0B7BF076-0D43-407A-86DC-D1163922A787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA576F49-A7F5-4013-89DF-F6C91C15B547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3F52FE-FFB3-4221-8DC7-3F5680A07429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "604FEF42-ABA7-42C1-8A5F-C3AECFD68481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DC2568C1-89CB-41C1-9126-A8665614D0B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C18B5392-3FDB-49E6-89DB-7945D337FBFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9E0E7F-E93C-4DE9-8D91-5EE50BCFAC2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0BFF9D8B-343B-415D-8AF8-B07AF94CC48B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "16F5794B-BBFB-4B12-9A0B-88A0334681C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "17D0083E-8D50-4DC6-979F-685D5CB588AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "138FAD73-1D25-4F46-B9EA-599FF0EDA1AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE34DC1-F654-474E-B6A3-D81B9BF4D6CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8A4BF7AC-7D9F-40D8-A5AA-BE1EBF37CF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "643E8B9B-C3F4-4171-BF67-D9359BDCE5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "A73CBC60-1EF1-4730-9350-EB51F269695B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2721E403-A553-492F-897F-1CD1E2685139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "85B091C4-8104-4A1E-A09D-EBCD114DC829",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA2EDF9C-45AD-4980-8DEF-C7F473B22CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BE4B8448-49FA-491C-A6A2-040233D670B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "11480BB1-874C-48EB-BB03-081313310608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1B739890-99E8-434C-97D4-3739E6C31838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0C7B1871-3C85-4B88-AB42-E60BF5CDFB04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0A71DCD2-0E54-46A7-8309-CDB0736AD5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CD54BDDF-F7A8-4715-BA0E-4E7F741492FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9A2B9699-6622-4883-BA03-E3374C54871A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "78391DAF-2096-4DC4-80E4-D4D2859DCA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "9B062A06-31C1-4B23-B7BD-9F751ABD6A37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "728DD64E-C267-475A-BEA8-C139581DD7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A7A83183-74B1-4041-A961-D9F382AAC7E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE8F3F5-45A2-418A-9D8E-4E6DFC888BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F4845D4-40D9-431E-A63C-E949B9D9F959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF070E6-0B73-4F6D-8932-B284697FCD2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E07992B-92B4-4307-8DBD-085376C1D6DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "386550A3-A55B-4F24-9625-6A50260ADA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "810D1F9E-81E5-45F0-B62B-AB0A797FF8B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4673327A-1E50-47CC-AD83-6A3D2E687292",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6624AF2D-9EF0-4597-B8B2-20D7A309EA6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F75D13-ED59-42A9-A662-AC77DBA20903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1D2DEDED-818C-42E4-821C-954CE7406DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EEED0A2E-AA5D-4835-A7C6-499325A0EB32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BEDD0AF5-8252-4548-941B-26581393E918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3E939AD4-B8F3-4BC0-9948-3C92B88D2593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "73CAD438-969B-4D2E-8A2F-9264AFAD9DE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1DD85E57-9A51-42DF-8BF7-E5701BAA64AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E983C5C3-C93C-4750-8DC5-31D6206335A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DEC8D212-6E8B-45F7-B7FB-9FFA64C1DB8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F03B2A6E-1D63-42F2-BB31-18EC120B6543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3BC83C4B-7C06-40D7-9EF6-76E752E5724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1E1CC9-81A7-47D5-87AC-86703E257D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D716D8C4-2089-4E61-9487-B2085B74B5BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5332A8F5-8F97-465B-AF24-2FEF0B055006",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6567D19B-DF18-4C52-984A-591524A83AD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "06832CD3-C761-4941-AFAB-822477C568F6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size."
},
{
"lang": "es",
"value": "El m\u00f3dulo pinger en Squid 3.x anterior a 3.4.8 permite a atacantes remotos obtener informaci\u00f3n sensible o causar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un tama\u00f1o de paquete (1) ICMP o (2) ICMP6 manipulado."
}
],
"id": "CVE-2014-7142",
"lastModified": "2024-11-21T02:16:24.693",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-26T15:59:04.950",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2014/q3/539"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2014/q3/613"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2014/q3/626"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/60242"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://ubuntu.com/usn/usn-2422-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/70022"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2014_4.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=891268"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2014/q3/539"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2014/q3/613"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2014/q3/626"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/60242"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://ubuntu.com/usn/usn-2422-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/70022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2014_4.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=891268"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-02-27 05:59
Modified
2024-11-21 02:48
Severity ?
Summary
Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62B9F669-6217-498A-902E-22EDEEFC565E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:-:pre1:*:*:*:*:*",
"matchCriteriaId": "ED54A2B3-6D36-4016-9BF1-83FAD500103F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:-:pre2:*:*:*:*:*",
"matchCriteriaId": "C4F368E3-88A6-463C-AA18-8FA1B9E35A84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:-:pre3:*:*:*:*:*",
"matchCriteriaId": "1451771E-F456-4631-89C8-0A49F4C8F03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:-:pre4:*:*:*:*:*",
"matchCriteriaId": "FC881283-D0DF-482E-8A06-5CFCF0FA0BB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:-:pre5:*:*:*:*:*",
"matchCriteriaId": "E746946A-2D07-402B-A071-9B674F6FEA75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:-:pre6:*:*:*:*:*",
"matchCriteriaId": "6B1A697B-3777-492F-BA53-0BA7A9934C03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:-:pre7:*:*:*:*:*",
"matchCriteriaId": "1C579925-591E-4BD7-A888-B8D2B0228D34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "131C4C00-3811-42BF-A84A-EB2E5DA156B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "047EDDD6-02F5-4B53-8FCA-781962392080",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "01AD43AB-40BF-449F-A121-A8587E7AE449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "3942285D-E20C-45C5-9EF8-821F6D782CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "B3FDB45B-4D91-4427-9565-812919086E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "86C3C8B5-C2A3-4454-9F89-38A860278366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "8B37B7B4-2EAC-4C2A-9526-5C62CBA1DB8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "056EDEEE-A09C-47A2-9217-72E4B8387E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable8:*:*:*:*:*:*:*",
"matchCriteriaId": "2593CB12-03E2-4F98-9B89-C09D5EADE077",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "A44B7A4F-3070-4092-B9AF-3A1CD0897CC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable10:*:*:*:*:*:*:*",
"matchCriteriaId": "EF79D9A9-9C11-4E6D-81D1-32CA8CA95223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable11:*:*:*:*:*:*:*",
"matchCriteriaId": "042FE60B-7239-45C7-8EE3-A036AC7778F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FF5EE89A-720F-456A-BD26-FE46BBA29D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable12:*:*:*:*:*:*:*",
"matchCriteriaId": "ADF61A74-9CF9-413E-B997-4FAE5BA28939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable13:*:*:*:*:*:*:*",
"matchCriteriaId": "5605B00F-438B-45CC-A55D-E75E57BC4684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable14:*:*:*:*:*:*:*",
"matchCriteriaId": "8316B22E-B016-4F0E-9A3F-383E9B1A85A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable15:*:*:*:*:*:*:*",
"matchCriteriaId": "49A2C5CB-E2F1-4A72-9EA3-912050AFEF7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable16:*:*:*:*:*:*:*",
"matchCriteriaId": "574C7DCC-B6E5-42A0-AA44-A0BCD67D1884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable16:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4D0DAD04-02C4-4FC4-BE08-3CAA3B85EB0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable17:*:*:*:*:*:*:*",
"matchCriteriaId": "A2B1F1A5-B435-4A5C-86DF-EC3F29D94417",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable18:*:*:*:*:*:*:*",
"matchCriteriaId": "113EF7A6-3B8D-4A50-8873-FD36FCBF284C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable19:*:*:*:*:*:*:*",
"matchCriteriaId": "DC97E2DA-7378-486B-9178-3B38FF58589B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable20:*:*:*:*:*:*:*",
"matchCriteriaId": "1F178890-2F7E-43F5-8D6D-5EFCD790E758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable21:*:*:*:*:*:*:*",
"matchCriteriaId": "9FA231EB-0F06-4D13-B50D-76FC8393187A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable22:*:*:*:*:*:*:*",
"matchCriteriaId": "31AB1D33-65EE-46DF-9D29-6B2BFACE7EC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable23:*:*:*:*:*:*:*",
"matchCriteriaId": "BDA4744F-5FB2-4DF8-A7B9-A33EAB004CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable24:*:*:*:*:*:*:*",
"matchCriteriaId": "72023FB9-F081-4F0A-9E81-2AF0470EB278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable25:*:*:*:*:*:*:*",
"matchCriteriaId": "2F7D973B-9D57-4F74-89B1-A18CDA388EF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A8586AD-E820-4BAE-AAF9-AC7EF2316C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "802E3D2B-90B7-4725-854F-4174116BC314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7501697A-BCFD-4DC3-8D87-CC9A186D9589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6C4455-85F4-462D-9FF6-F830ED7D398E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B600BF4C-8169-4086-BFE6-F066BE5F5406",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "46272D1B-1468-48C0-B37A-7D06FAC39C47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DA782B4B-486F-4197-BD5D-ABF791D57211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "558D8641-E097-4D91-9B6E-07433844BB82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0B46F5F1-38FC-4E25-8F04-CA2730561DF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C69B0A4D-9619-4BEA-A846-C4438C2660F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "ED17FE35-6B2C-41BF-A7C7-2EECBDB5A934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "78A50750-3A31-482C-B95C-019C8934850E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF6AC30-9570-4D4B-835E-CCADEB546F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB84E4E-6A0A-41C8-9DDF-3C18F526F155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2E49E5C3-D01F-4DBC-B33A-5495D3EC44F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "79C53B22-9F33-43E7-8D1F-EEB0DEF4B503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "25B60DB2-F50C-42F0-B6C9-B25C34B8F578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "DE973F9E-8387-464F-AFA0-25215B340173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "03D3F0E3-0C50-4A86-87F4-90FC82B312F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE26BEC0-B9C7-43F0-B0FB-E81870170B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0778579-A193-4C61-BB1A-6D2E733F3958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED5DC63-6E9D-4068-95DF-AF8FD9A0A7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DE890F9-12C0-4D66-B6C1-6A5A87FAD5F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FB414FE3-3567-474B-B5A7-D3EF5DD63AB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF450F17-12A2-4E33-875A-5F3C2CA4A5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E3AB229E-2C32-410B-BFE2-62DCA734C3F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "78A6D6B0-9BC0-418E-84EE-23697A0FEC19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF7AFE1-A45A-43B7-B3C7-45C060D046BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "41914354-D5BE-4B1F-BED3-0ECA43586537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9A3716-8670-4847-A6EB-F601184D369E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E88EE3-EC00-4F1F-BAEF-4F1F893C5C5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A330DFA8-BF79-45CC-BF88-6CEA26D7BC9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "679A55F8-34B4-435A-8BCE-8F842F3FB269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "898674F9-6BF7-469F-A74E-558EAFC2CD27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "3F50E718-1CF2-4C8F-A1EA-5F769B203B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFAB3BA-BBE9-4CFB-BE6B-BDF3E7772E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F523B8-463E-4FB0-ACB6-E36AAAF85CD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA593D9-907D-4051-A3F2-0F88F01A7C79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "20D2B364-B98A-4484-A10A-86AF43774096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0B7BF076-0D43-407A-86DC-D1163922A787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA576F49-A7F5-4013-89DF-F6C91C15B547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3F52FE-FFB3-4221-8DC7-3F5680A07429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "604FEF42-ABA7-42C1-8A5F-C3AECFD68481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DC2568C1-89CB-41C1-9126-A8665614D0B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C18B5392-3FDB-49E6-89DB-7945D337FBFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9E0E7F-E93C-4DE9-8D91-5EE50BCFAC2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0BFF9D8B-343B-415D-8AF8-B07AF94CC48B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "16F5794B-BBFB-4B12-9A0B-88A0334681C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "17D0083E-8D50-4DC6-979F-685D5CB588AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "138FAD73-1D25-4F46-B9EA-599FF0EDA1AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE34DC1-F654-474E-B6A3-D81B9BF4D6CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8A4BF7AC-7D9F-40D8-A5AA-BE1EBF37CF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "643E8B9B-C3F4-4171-BF67-D9359BDCE5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "A73CBC60-1EF1-4730-9350-EB51F269695B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2721E403-A553-492F-897F-1CD1E2685139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "85B091C4-8104-4A1E-A09D-EBCD114DC829",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA2EDF9C-45AD-4980-8DEF-C7F473B22CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BE4B8448-49FA-491C-A6A2-040233D670B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "11480BB1-874C-48EB-BB03-081313310608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1B739890-99E8-434C-97D4-3739E6C31838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0C7B1871-3C85-4B88-AB42-E60BF5CDFB04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0A71DCD2-0E54-46A7-8309-CDB0736AD5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CD54BDDF-F7A8-4715-BA0E-4E7F741492FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9A2B9699-6622-4883-BA03-E3374C54871A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "78391DAF-2096-4DC4-80E4-D4D2859DCA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "9B062A06-31C1-4B23-B7BD-9F751ABD6A37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "DE426934-A9E2-4019-99EA-5A76EA7CDF5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "728DD64E-C267-475A-BEA8-C139581DD7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE8F3F5-45A2-418A-9D8E-4E6DFC888BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F4845D4-40D9-431E-A63C-E949B9D9F959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF070E6-0B73-4F6D-8932-B284697FCD2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E07992B-92B4-4307-8DBD-085376C1D6DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "386550A3-A55B-4F24-9625-6A50260ADA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "810D1F9E-81E5-45F0-B62B-AB0A797FF8B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4673327A-1E50-47CC-AD83-6A3D2E687292",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6624AF2D-9EF0-4597-B8B2-20D7A309EA6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F75D13-ED59-42A9-A662-AC77DBA20903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1D2DEDED-818C-42E4-821C-954CE7406DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EEED0A2E-AA5D-4835-A7C6-499325A0EB32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BEDD0AF5-8252-4548-941B-26581393E918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3E939AD4-B8F3-4BC0-9948-3C92B88D2593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "73CAD438-969B-4D2E-8A2F-9264AFAD9DE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "87259A2E-E132-45BA-8AC4-8CC50B1F659A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1DD85E57-9A51-42DF-8BF7-E5701BAA64AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E983C5C3-C93C-4750-8DC5-31D6206335A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DEC8D212-6E8B-45F7-B7FB-9FFA64C1DB8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F03B2A6E-1D63-42F2-BB31-18EC120B6543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3BC83C4B-7C06-40D7-9EF6-76E752E5724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1E1CC9-81A7-47D5-87AC-86703E257D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D716D8C4-2089-4E61-9487-B2085B74B5BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "40507A48-FD3B-4309-B017-A1644C5C3520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0211EBCA-144F-4BDD-8F0C-E5F7BDF96E7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7A52E699-6C08-4324-AD38-E8D40A02701F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "94C493CA-CBF0-4D15-8D1A-0E972E31F7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C398219E-503D-4DE5-85E8-5570536D6FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "BBF91088-0BD3-48EB-8D19-C05F156D4A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0868B12-EDF9-42D9-BB43-15F623A3310B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F710949D-F0FE-43F4-ADB3-6EB679A70280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB75144-2437-40A8-8CA3-A487B603F7DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6CED2CB3-BE78-4818-A6D7-847A1ACE74DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "705D8320-A278-483A-AE47-802044CE685E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "060FCBEA-DEAA-42FB-88C9-4B78136B172F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "74987102-8CA8-4120-B686-F18579A96A46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DA7828AA-48B6-44CD-8507-345A4F0A25BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6640F25F-CC8B-4B05-A97A-2186BD0B5ED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A037F780-6FC9-4130-908F-B5434FA0C7DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1DDEB455-F082-44E4-8CEA-019C0084BF05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header."
},
{
"lang": "es",
"value": "Squid 3.x en versiones anteriores a 3.5.15 y 4.x en versiones anteriores a 4.0.7 no a\u00f1ade datos a objetos String adecuadamente, lo que permite a servidores remotos provocar una denegaci\u00f3n de servicio (error de aserci\u00f3n y salida de demonio) a trav\u00e9s de una cadena larga, seg\u00fan lo demostrado por una cabecera HTTP Vary manipulada."
}
],
"id": "CVE-2016-2569",
"lastModified": "2024-11-21T02:48:43.297",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-02-27T05:59:03.843",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2600.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2016/02/26/2"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1035101"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_2.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13991.patch"
},
{
"source": "cve@mitre.org",
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-14552.patch"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/3557-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2600.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2016/02/26/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_2.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13991.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-14552.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/3557-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-19 21:59
Modified
2024-11-21 02:48
Severity ?
Summary
The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintext HTTP message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | 4.0.4 | |
| squid-cache | squid | 4.0.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9EBF17FC-0EA0-4489-8FC5-FD2CA5CED77E",
"versionEndIncluding": "3.5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6640F25F-CC8B-4B05-A97A-2186BD0B5ED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A037F780-6FC9-4130-908F-B5434FA0C7DE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintext HTTP message."
},
{
"lang": "es",
"value": "El m\u00e9todo FwdState::connectedToPeer en FwdState.cc en Squid en versiones anteriores a 3.5.14 y 4.0.x en versiones anteriores a 4.0.6 no maneja correctamente los errores de apretones de manos SSL cuando se construye con la opci\u00f3n --with-openssl, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de un mensaje HTTP en texto plano."
}
],
"id": "CVE-2016-2390",
"lastModified": "2024-11-21T02:48:22.447",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-19T21:59:07.957",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.squid-cache.org/show_bug.cgi?id=4437"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.squid-cache.org/pipermail/squid-announce/2016-February/000037.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.squid-cache.org/pipermail/squid-announce/2016-February/000038.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1035045"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.squid-cache.org/show_bug.cgi?id=4437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.squid-cache.org/pipermail/squid-announce/2016-February/000037.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.squid-cache.org/pipermail/squid-announce/2016-February/000038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_1.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-03 08:15
Modified
2024-12-18 01:15
Severity ?
9.3 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 | |
| redhat | enterprise_linux_eus | 8.6 | |
| redhat | enterprise_linux_eus | 8.8 | |
| redhat | enterprise_linux_eus | 9.0 | |
| redhat | enterprise_linux_eus | 9.2 | |
| redhat | enterprise_linux_for_arm_64 | 8.0_aarch64 | |
| redhat | enterprise_linux_for_ibm_z_systems | 8.0_s390x | |
| redhat | enterprise_linux_for_power_little_endian | 8.0_ppc64le | |
| redhat | enterprise_linux_server_aus | 8.2 | |
| redhat | enterprise_linux_server_aus | 8.4 | |
| redhat | enterprise_linux_server_aus | 8.6 | |
| redhat | enterprise_linux_server_aus | 9.2 | |
| redhat | enterprise_linux_server_tus | 8.2 | |
| redhat | enterprise_linux_server_tus | 8.4 | |
| redhat | enterprise_linux_server_tus | 8.6 | |
| redhat | enterprise_linux_server_tus | 8.8 | |
| redhat | enterprise_linux_server_tus | 9.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D68B5D22-7802-4AA1-9835-97208C2DF9BD",
"versionEndExcluding": "6.4",
"versionStartIncluding": "2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "62C31522-0A17-4025-B269-855C7F4B45C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4DDA3E5A-8754-4C48-9A27-E2415F8A6000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C74F6FA-FA6C-4648-9079-91446E45EE47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*",
"matchCriteriaId": "5A47EF78-A5B6-4B89-8B74-EEB0647C549F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*",
"matchCriteriaId": "32AF225E-94C0-4D07-900C-DD868C05F554",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "23D471AC-7DCA-4425-AD91-E5D928753A8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F32CA554-F9D7-425B-8F1C-89678507F28C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F1CA946D-1665-4874-9D41-C7D963DD1F56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "647A34CD-AB8C-44DD-8FD7-03315633FF1B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems."
},
{
"lang": "es",
"value": "SQUID es vulnerable al contrabando de solicitudes HTTP, causado por la indulgencia de los decodificadores fragmentados, lo que permite a un atacante remoto realizar el contrabando de solicitudes/respuestas a trav\u00e9s del firewall y los sistemas de seguridad frontales."
}
],
"id": "CVE-2023-46846",
"lastModified": "2024-12-18T01:15:06.010",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-03T08:15:07.953",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6266"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6267"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6268"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6748"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6801"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6803"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6804"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6810"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7213"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:11049"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-46846"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245910"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-j83v-w3p4-5cqh"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6266"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6267"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6268"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6748"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6803"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6804"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6810"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7213"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-46846"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245910"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-j83v-w3p4-5cqh"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20231130-0002/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-27 17:59
Modified
2024-11-21 02:43
Severity ?
Summary
Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2016/12/18/1 | Mailing List, Patch, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/94953 | Broken Link, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1037512 | Broken Link, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.squid-cache.org/Advisories/SQUID-2016_10.txt | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/12/18/1 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94953 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1037512 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.squid-cache.org/Advisories/SQUID-2016_10.txt | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9AE6398D-3000-4C1B-8BB3-37AE280BEDD2",
"versionEndExcluding": "3.5.23",
"versionStartIncluding": "3.5.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32C73B3C-ECDF-450E-A039-9F09A18570E4",
"versionEndExcluding": "4.0.17",
"versionStartIncluding": "4.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients."
},
{
"lang": "es",
"value": "Comparaci\u00f3n incorrecta del encabezado de HTTP Request en Squid HTTP Proxy 3.5.0.1 hasta la versi\u00f3n 3.5.22 y 4.0.1 hasta la versi\u00f3n 4.0.16 resulta en que la funcionalidad Collapsed Forwarding identifica de forma equivocada algunas respuestas privadas como adecuadas para la entrega a m\u00faltiples clientes."
}
],
"id": "CVE-2016-10003",
"lastModified": "2024-11-21T02:43:04.500",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-27T17:59:00.180",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/18/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94953"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037512"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_10.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/18/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94953"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037512"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_10.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-697"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-26 17:15
Modified
2024-11-21 04:33
Severity ?
Summary
An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incorrect input validation, there is a heap-based buffer overflow that can result in Denial of Service to all clients using the proxy. Severity is high due to this vulnerability occurring before normal security checks; any remote client that can reach the proxy port can trivially perform the attack via a crafted URI scheme.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.04 | |
| canonical | ubuntu_linux | 19.10 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC9F2659-B37B-4E7B-AE40-B91BF3CE4E88",
"versionEndIncluding": "3.5.28",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A278895E-7005-4F4B-8649-A013F60E33D4",
"versionEndIncluding": "4.8",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incorrect input validation, there is a heap-based buffer overflow that can result in Denial of Service to all clients using the proxy. Severity is high due to this vulnerability occurring before normal security checks; any remote client that can reach the proxy port can trivially perform the attack via a crafted URI scheme."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Squid versiones 2.x, 3.x y versiones 4.x hasta 4.8. Debido a una comprobaci\u00f3n de entrada incorrecta, hay un desbordamiento del b\u00fafer en la regi\u00f3n heap de la memoria que puede resultar en una Denegaci\u00f3n de Servicio a todos los clientes que usan el proxy. La gravedad es alta debido a que esta vulnerabilidad ocurre antes de las comprobaciones de seguridad normales; cualquier cliente remoto que pueda alcanzar el puerto proxy puede realizar trivialmente el ataque por medio de un esquema de URI especialmente dise\u00f1ado."
}
],
"id": "CVE-2019-18676",
"lastModified": "2024-11-21T04:33:30.657",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-26T17:15:12.843",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_8.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-fbbdf75efd7a5cc244b4886a9d42ea458c5a3a73.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1156329"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/pull/275"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4213-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4446-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_8.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-fbbdf75efd7a5cc244b4886a9d42ea458c5a3a73.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1156329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/pull/275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4213-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4446-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-17 22:15
Modified
2024-11-21 06:34
Severity ?
Summary
In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| debian | debian_linux | 12.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC9F2659-B37B-4E7B-AE40-B91BF3CE4E88",
"versionEndIncluding": "3.5.28",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD4A9EF2-CA36-4C09-8A67-6AE01B16E04E",
"versionEndIncluding": "4.17",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56C44696-C2E8-42DC-877F-B97943F8DD87",
"versionEndExcluding": "5.6",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses."
},
{
"lang": "es",
"value": "En Squid versiones 3.x hasta 3.5.28, versiones 4.x hasta 4.17 y versiones 5.x anteriores a 5.6, debido a una administraci\u00f3n inapropiada del b\u00fafer, puede producirse una denegaci\u00f3n de servicio cuando son procesadas respuestas largas del servidor Gopher"
}
],
"id": "CVE-2021-46784",
"lastModified": "2024-11-21T06:34:42.853",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-17T22:15:08.737",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/10"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2023/10/21/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2021_7.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v5/changesets/SQUID-2021_7.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/commit/5e2ea2b13bd98f53e29964ca26bb0d602a8a12b9"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-f5cp-6rh3-284w"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2021-46784"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20221223-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2023/10/21/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2021_7.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v5/changesets/SQUID-2021_7.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/commit/5e2ea2b13bd98f53e29964ca26bb0d602a8a12b9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-f5cp-6rh3-284w"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2021-46784"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20221223-0007/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-617"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-25 19:15
Modified
2024-11-21 07:23
Severity ?
Summary
An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12D3C02F-A954-4850-BF8E-B1C57531AD1E",
"versionEndIncluding": "4.17",
"versionStartIncluding": "4.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0AA329B0-3111-4416-A9F0-32ED782323ED",
"versionEndExcluding": "5.7",
"versionStartIncluding": "5.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Squid 4.9 a 4.17 y 5.0.6 a 5.6. Debido al manejo inconsistente de los URI internos, puede haber exposici\u00f3n de informaci\u00f3n confidencial sobre los clientes que usan el proxy a trav\u00e9s de una solicitud HTTPS a una URL del administrador de cach\u00e9 interno. Esto se solucion\u00f3 en 5.7."
}
],
"id": "CVE-2022-41317",
"lastModified": "2024-11-21T07:23:02.073",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-25T19:15:10.767",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_1.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_1.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-rcg9-7fqm-83mq"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2022/09/23/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_1.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_1.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-rcg9-7fqm-83mq"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2022/09/23/1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-697"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-02 17:15
Modified
2024-11-21 05:06
Severity ?
Summary
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source. When configured for relaxed header parsing (the default), Squid relays headers containing whitespace characters to upstream servers. When this occurs as a prefix to a Content-Length header, the frame length specified will be ignored by Squid (allowing for a conflicting length to be used from another Content-Length header) but relayed upstream.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 20.04 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 | |
| fedoraproject | fedora | 33 | |
| opensuse | leap | 15.1 | |
| opensuse | leap | 15.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A9D1D4D-25A3-4B02-86CA-CCC939C70E44",
"versionEndExcluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84BC35EF-F998-4114-BF16-E77078504004",
"versionEndExcluding": "5.0.4",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source. When configured for relaxed header parsing (the default), Squid relays headers containing whitespace characters to upstream servers. When this occurs as a prefix to a Content-Length header, the frame length specified will be ignored by Squid (allowing for a conflicting length to be used from another Content-Length header) but relayed upstream."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Squid versiones anteriores a 4.13 y versiones 5.x anteriores a 5.0.4.\u0026#xa0;Debido a una comprobaci\u00f3n de datos incorrecta, los ataques de Contrabando de Peticiones HTTP pueden tener \u00e9xito contra el tr\u00e1fico HTTP y HTTPS.\u0026#xa0;Esto conlleva a un envenenamiento de la cach\u00e9.\u0026#xa0;Esto permite a cualquier cliente, incluyendo los scripts del navegador, omitir la seguridad local y envenenar el cach\u00e9 del proxy y cualquier cach\u00e9 aguas abajo con contenido de una fuente arbitraria.\u0026#xa0;Cuando es configurado para un an\u00e1lisis de encabezado relajado (el valor predeterminado), Squid transmite encabezados que contienen caracteres de espacio en blanco hacia los servidores aguas arriba.\u0026#xa0;Cuando esto ocurre como un prefijo en un encabezado Content-Length, Squid ignorar\u00e1 la longitud de trama especificada (permitiendo usar una longitud conflictiva desde otro encabezado Content-Length) pero se retransmitir\u00e1 aguas arriba"
}
],
"id": "CVE-2020-15810",
"lastModified": "2024-11-21T05:06:13.550",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-02T17:15:11.627",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-3365-q9qx-f98m"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMTFLVB7GLRF2CKGFPZ4G4R5DIIPHWI3/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210219-0007/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210226-0006/"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://security.netapp.com/advisory/ntap-20210226-0007/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4477-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4551-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-3365-q9qx-f98m"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMTFLVB7GLRF2CKGFPZ4G4R5DIIPHWI3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210219-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210226-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://security.netapp.com/advisory/ntap-20210226-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4477-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4551-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4751"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-24 18:15
Modified
2024-11-21 05:15
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 20.04 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 | |
| fedoraproject | fedora | 33 | |
| opensuse | leap | 15.1 | |
| opensuse | leap | 15.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77F27CCE-271D-4EFC-A417-DAEAB0DDA82A",
"versionEndExcluding": "4.13",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC0541DD-366F-47F9-981B-525697B1D166",
"versionEndExcluding": "5.0.4",
"versionStartIncluding": "5.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF."
},
{
"lang": "es",
"value": "Squid versiones anteriores a 4.13 y versiones 5.x anteriores a 5.0.4, permite que un peer de confianza lleve a cabo una Denegaci\u00f3n de Servicio mediante el consumo de todos los ciclos de la CPU disponibles durante el manejo de un mensaje de respuesta de Cache Digest dise\u00f1ado. Esto solo ocurre cuando cache_peer es usado con la funcionalidad cache digest. El problema se presenta porque el bloqueo en vivo de peerDigestHandleReply() en el archivo peer_digest.cc maneja inapropiadamente EOF."
}
],
"id": "CVE-2020-24606",
"lastModified": "2024-11-21T05:15:08.487",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-24T18:15:10.047",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_9.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMTFLVB7GLRF2CKGFPZ4G4R5DIIPHWI3/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210219-0007/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210226-0006/"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://security.netapp.com/advisory/ntap-20210226-0007/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4477-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4551-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_9.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMTFLVB7GLRF2CKGFPZ4G4R5DIIPHWI3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210219-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210226-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://security.netapp.com/advisory/ntap-20210226-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4477-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4551-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4751"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-667"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-25 14:59
Modified
2024-11-21 02:51
Severity ?
Summary
Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62B9F669-6217-498A-902E-22EDEEFC565E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A8586AD-E820-4BAE-AAF9-AC7EF2316C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "802E3D2B-90B7-4725-854F-4174116BC314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7501697A-BCFD-4DC3-8D87-CC9A186D9589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6C4455-85F4-462D-9FF6-F830ED7D398E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B600BF4C-8169-4086-BFE6-F066BE5F5406",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "46272D1B-1468-48C0-B37A-7D06FAC39C47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DA782B4B-486F-4197-BD5D-ABF791D57211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "558D8641-E097-4D91-9B6E-07433844BB82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0B46F5F1-38FC-4E25-8F04-CA2730561DF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C69B0A4D-9619-4BEA-A846-C4438C2660F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "ED17FE35-6B2C-41BF-A7C7-2EECBDB5A934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "78A50750-3A31-482C-B95C-019C8934850E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF6AC30-9570-4D4B-835E-CCADEB546F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB84E4E-6A0A-41C8-9DDF-3C18F526F155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2E49E5C3-D01F-4DBC-B33A-5495D3EC44F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "79C53B22-9F33-43E7-8D1F-EEB0DEF4B503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "25B60DB2-F50C-42F0-B6C9-B25C34B8F578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "DE973F9E-8387-464F-AFA0-25215B340173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "03D3F0E3-0C50-4A86-87F4-90FC82B312F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE26BEC0-B9C7-43F0-B0FB-E81870170B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0778579-A193-4C61-BB1A-6D2E733F3958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED5DC63-6E9D-4068-95DF-AF8FD9A0A7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DE890F9-12C0-4D66-B6C1-6A5A87FAD5F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FB414FE3-3567-474B-B5A7-D3EF5DD63AB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF450F17-12A2-4E33-875A-5F3C2CA4A5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E3AB229E-2C32-410B-BFE2-62DCA734C3F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "78A6D6B0-9BC0-418E-84EE-23697A0FEC19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF7AFE1-A45A-43B7-B3C7-45C060D046BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "41914354-D5BE-4B1F-BED3-0ECA43586537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9A3716-8670-4847-A6EB-F601184D369E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E88EE3-EC00-4F1F-BAEF-4F1F893C5C5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A330DFA8-BF79-45CC-BF88-6CEA26D7BC9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B218819-0975-4E1F-8F6C-D666655937B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "594A05FF-E5D2-4132-BF03-44D6866D8133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B22C192-02F2-4AD4-A305-BADCC09E8075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "679A55F8-34B4-435A-8BCE-8F842F3FB269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "898674F9-6BF7-469F-A74E-558EAFC2CD27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "3F50E718-1CF2-4C8F-A1EA-5F769B203B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "290D66F4-D27F-4E86-AC95-05082F3C2E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "A8CD6A42-2C79-48EB-8F6C-0A7CE0C6AAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "ABBA9A61-2B05-4527-A49D-425AD5FD863B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "E893D7A8-9C39-438C-8EF2-9573EEDC884A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "0B707451-BF0E-4F79-A348-B1141ABA6EF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "810AAA9D-F4B2-4F0A-89DD-2D9378516481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "516F3F77-3AEA-489D-A36F-C502B4D9BF01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFAB3BA-BBE9-4CFB-BE6B-BDF3E7772E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F523B8-463E-4FB0-ACB6-E36AAAF85CD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA593D9-907D-4051-A3F2-0F88F01A7C79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "20D2B364-B98A-4484-A10A-86AF43774096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0B7BF076-0D43-407A-86DC-D1163922A787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA576F49-A7F5-4013-89DF-F6C91C15B547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3F52FE-FFB3-4221-8DC7-3F5680A07429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "604FEF42-ABA7-42C1-8A5F-C3AECFD68481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DC2568C1-89CB-41C1-9126-A8665614D0B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C18B5392-3FDB-49E6-89DB-7945D337FBFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9E0E7F-E93C-4DE9-8D91-5EE50BCFAC2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0BFF9D8B-343B-415D-8AF8-B07AF94CC48B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "16F5794B-BBFB-4B12-9A0B-88A0334681C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "17D0083E-8D50-4DC6-979F-685D5CB588AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "138FAD73-1D25-4F46-B9EA-599FF0EDA1AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE34DC1-F654-474E-B6A3-D81B9BF4D6CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8A4BF7AC-7D9F-40D8-A5AA-BE1EBF37CF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "643E8B9B-C3F4-4171-BF67-D9359BDCE5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "A73CBC60-1EF1-4730-9350-EB51F269695B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2721E403-A553-492F-897F-1CD1E2685139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "85B091C4-8104-4A1E-A09D-EBCD114DC829",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA2EDF9C-45AD-4980-8DEF-C7F473B22CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BE4B8448-49FA-491C-A6A2-040233D670B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "11480BB1-874C-48EB-BB03-081313310608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1B739890-99E8-434C-97D4-3739E6C31838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0C7B1871-3C85-4B88-AB42-E60BF5CDFB04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0A71DCD2-0E54-46A7-8309-CDB0736AD5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CD54BDDF-F7A8-4715-BA0E-4E7F741492FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9A2B9699-6622-4883-BA03-E3374C54871A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "78391DAF-2096-4DC4-80E4-D4D2859DCA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "9B062A06-31C1-4B23-B7BD-9F751ABD6A37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "DE426934-A9E2-4019-99EA-5A76EA7CDF5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "728DD64E-C267-475A-BEA8-C139581DD7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A7A83183-74B1-4041-A961-D9F382AAC7E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE8F3F5-45A2-418A-9D8E-4E6DFC888BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F4845D4-40D9-431E-A63C-E949B9D9F959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF070E6-0B73-4F6D-8932-B284697FCD2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E07992B-92B4-4307-8DBD-085376C1D6DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "386550A3-A55B-4F24-9625-6A50260ADA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "810D1F9E-81E5-45F0-B62B-AB0A797FF8B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4673327A-1E50-47CC-AD83-6A3D2E687292",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6624AF2D-9EF0-4597-B8B2-20D7A309EA6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F75D13-ED59-42A9-A662-AC77DBA20903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1D2DEDED-818C-42E4-821C-954CE7406DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EEED0A2E-AA5D-4835-A7C6-499325A0EB32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BEDD0AF5-8252-4548-941B-26581393E918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3E939AD4-B8F3-4BC0-9948-3C92B88D2593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "73CAD438-969B-4D2E-8A2F-9264AFAD9DE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "87259A2E-E132-45BA-8AC4-8CC50B1F659A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "76245991-1D91-4475-87E1-FBB77A1B3CDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1DD85E57-9A51-42DF-8BF7-E5701BAA64AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E983C5C3-C93C-4750-8DC5-31D6206335A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DEC8D212-6E8B-45F7-B7FB-9FFA64C1DB8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F03B2A6E-1D63-42F2-BB31-18EC120B6543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3BC83C4B-7C06-40D7-9EF6-76E752E5724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1E1CC9-81A7-47D5-87AC-86703E257D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D716D8C4-2089-4E61-9487-B2085B74B5BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BBC5AAD-34E1-48A5-972A-A09D66EFE825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "79E26DC8-1030-4F3F-96B9-6BF159D86FCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "40507A48-FD3B-4309-B017-A1644C5C3520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0211EBCA-144F-4BDD-8F0C-E5F7BDF96E7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7A52E699-6C08-4324-AD38-E8D40A02701F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "94C493CA-CBF0-4D15-8D1A-0E972E31F7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C398219E-503D-4DE5-85E8-5570536D6FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "BBF91088-0BD3-48EB-8D19-C05F156D4A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "3441D193-DA62-4AC1-8E50-3AEEF8C659F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0868B12-EDF9-42D9-BB43-15F623A3310B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F710949D-F0FE-43F4-ADB3-6EB679A70280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB75144-2437-40A8-8CA3-A487B603F7DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6CED2CB3-BE78-4818-A6D7-847A1ACE74DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "705D8320-A278-483A-AE47-802044CE685E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "715634E1-F7BE-4106-BDA7-B7D147EEA800",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "21E9E155-FC6F-46E7-8BF7-65DF097409D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CF72FA7A-E35D-4000-9DDA-71E55EA3A4D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3F10F-938E-44D6-845D-B66EF9812C21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B1D82EEE-F65E-4657-B0F7-6CE33D219134",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C9E6A845-B67C-4112-8240-9F61D6AF3B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4BEDD7E3-E263-4A09-9C11-3E008E01BC28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "80E3FF16-A6CD-456C-B58A-381A75D8616C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "87D02AB2-AA26-4416-B689-02C5EEF2099C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A134E1F1-AFCC-498B-8840-5884CF858769",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F4E7D0-B6F4-476E-A011-55619E91A3B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "95588755-27E8-4DB7-B865-A784D3638FE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2CD4DDBC-4243-459A-B43D-FF8F0AE0BA3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0F90E11F-FC03-46D9-A9C4-A578196D59D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "EDC9BEE2-D7E4-4192-963C-E9F2364FC8CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "060FCBEA-DEAA-42FB-88C9-4B78136B172F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "74987102-8CA8-4120-B686-F18579A96A46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DA7828AA-48B6-44CD-8507-345A4F0A25BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6640F25F-CC8B-4B05-A97A-2186BD0B5ED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A037F780-6FC9-4130-908F-B5434FA0C7DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1DDEB455-F082-44E4-8CEA-019C0084BF05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "49555803-288E-4B0A-B12A-890E5E0AD05F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEE374C-365E-49DE-A9F9-6083044C774D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de buffer basado en pila en Squid 3.x en versiones anteriores a 3.5.17 y 4.x en versiones anteriores a 4.0.9 permiten a servidores HTTP remotos provocar una denegaci\u00f3n de servicio o ejecutar c\u00f3digo arbitrario a trav\u00e9s de respuestas Edge Side Includes (ESI) manipuladas."
}
],
"id": "CVE-2016-4052",
"lastModified": "2024-11-21T02:51:14.673",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-25T14:59:03.313",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3625"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/6"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/9"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/86788"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1035647"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_6.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2995-1"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2016:1138"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2016:1139"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2016:1140"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/86788"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1035647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_6.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2995-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2016:1138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2016:1139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2016:1140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201607-01"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-09-20 21:00
Modified
2024-11-21 01:17
Severity ?
Summary
The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62B9F669-6217-498A-902E-22EDEEFC565E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "047EDDD6-02F5-4B53-8FCA-781962392080",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "01AD43AB-40BF-449F-A121-A8587E7AE449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "3942285D-E20C-45C5-9EF8-821F6D782CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "B3FDB45B-4D91-4427-9565-812919086E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "86C3C8B5-C2A3-4454-9F89-38A860278366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "8B37B7B4-2EAC-4C2A-9526-5C62CBA1DB8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "056EDEEE-A09C-47A2-9217-72E4B8387E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable8:*:*:*:*:*:*:*",
"matchCriteriaId": "2593CB12-03E2-4F98-9B89-C09D5EADE077",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "A44B7A4F-3070-4092-B9AF-3A1CD0897CC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable10:*:*:*:*:*:*:*",
"matchCriteriaId": "EF79D9A9-9C11-4E6D-81D1-32CA8CA95223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable11:*:*:*:*:*:*:*",
"matchCriteriaId": "042FE60B-7239-45C7-8EE3-A036AC7778F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FF5EE89A-720F-456A-BD26-FE46BBA29D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable12:*:*:*:*:*:*:*",
"matchCriteriaId": "ADF61A74-9CF9-413E-B997-4FAE5BA28939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable13:*:*:*:*:*:*:*",
"matchCriteriaId": "5605B00F-438B-45CC-A55D-E75E57BC4684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable14:*:*:*:*:*:*:*",
"matchCriteriaId": "8316B22E-B016-4F0E-9A3F-383E9B1A85A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable15:*:*:*:*:*:*:*",
"matchCriteriaId": "49A2C5CB-E2F1-4A72-9EA3-912050AFEF7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable16:*:*:*:*:*:*:*",
"matchCriteriaId": "574C7DCC-B6E5-42A0-AA44-A0BCD67D1884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable16:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4D0DAD04-02C4-4FC4-BE08-3CAA3B85EB0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable17:*:*:*:*:*:*:*",
"matchCriteriaId": "A2B1F1A5-B435-4A5C-86DF-EC3F29D94417",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable18:*:*:*:*:*:*:*",
"matchCriteriaId": "113EF7A6-3B8D-4A50-8873-FD36FCBF284C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable19:*:*:*:*:*:*:*",
"matchCriteriaId": "DC97E2DA-7378-486B-9178-3B38FF58589B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable20:*:*:*:*:*:*:*",
"matchCriteriaId": "1F178890-2F7E-43F5-8D6D-5EFCD790E758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable21:*:*:*:*:*:*:*",
"matchCriteriaId": "9FA231EB-0F06-4D13-B50D-76FC8393187A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable22:*:*:*:*:*:*:*",
"matchCriteriaId": "31AB1D33-65EE-46DF-9D29-6B2BFACE7EC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable23:*:*:*:*:*:*:*",
"matchCriteriaId": "BDA4744F-5FB2-4DF8-A7B9-A33EAB004CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable24:*:*:*:*:*:*:*",
"matchCriteriaId": "72023FB9-F081-4F0A-9E81-2AF0470EB278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable25:*:*:*:*:*:*:*",
"matchCriteriaId": "2F7D973B-9D57-4F74-89B1-A18CDA388EF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A8586AD-E820-4BAE-AAF9-AC7EF2316C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "802E3D2B-90B7-4725-854F-4174116BC314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7501697A-BCFD-4DC3-8D87-CC9A186D9589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6C4455-85F4-462D-9FF6-F830ED7D398E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B600BF4C-8169-4086-BFE6-F066BE5F5406",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "46272D1B-1468-48C0-B37A-7D06FAC39C47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DA782B4B-486F-4197-BD5D-ABF791D57211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "558D8641-E097-4D91-9B6E-07433844BB82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0B46F5F1-38FC-4E25-8F04-CA2730561DF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C69B0A4D-9619-4BEA-A846-C4438C2660F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "ED17FE35-6B2C-41BF-A7C7-2EECBDB5A934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "78A50750-3A31-482C-B95C-019C8934850E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF6AC30-9570-4D4B-835E-CCADEB546F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB84E4E-6A0A-41C8-9DDF-3C18F526F155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2E49E5C3-D01F-4DBC-B33A-5495D3EC44F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "79C53B22-9F33-43E7-8D1F-EEB0DEF4B503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "25B60DB2-F50C-42F0-B6C9-B25C34B8F578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "DE973F9E-8387-464F-AFA0-25215B340173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "03D3F0E3-0C50-4A86-87F4-90FC82B312F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE26BEC0-B9C7-43F0-B0FB-E81870170B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0778579-A193-4C61-BB1A-6D2E733F3958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED5DC63-6E9D-4068-95DF-AF8FD9A0A7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DE890F9-12C0-4D66-B6C1-6A5A87FAD5F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FB414FE3-3567-474B-B5A7-D3EF5DD63AB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF450F17-12A2-4E33-875A-5F3C2CA4A5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E3AB229E-2C32-410B-BFE2-62DCA734C3F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "78A6D6B0-9BC0-418E-84EE-23697A0FEC19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request."
},
{
"lang": "es",
"value": "Las funciones de comparaci\u00f3n de cadenas en String.cci en Squid v3.x anteriores a v3.1.8 y v3.2.x anteriores a v3.2.0.2 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (desreferenciaci\u00f3n a puntero nulo y ca\u00edda del demonio) a trav\u00e9s de una petici\u00f3n manipulada.\r\n"
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/476.html\r\n\r\n\u0027CWE-476: NULL Pointer Dereference\u0027",
"id": "CVE-2010-3072",
"lastModified": "2024-11-21T01:17:58.600",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-09-20T21:00:02.597",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047787.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047820.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41298"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41477"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/41534"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2010/dsa-2111"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/05/2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/07/7"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/42982"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2010_3.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9189.patch"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10090.patch"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/2433"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=630444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047787.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047820.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41298"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41477"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/41534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-2111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/05/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2010/09/07/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/42982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2010_3.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9189.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10090.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/2433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=630444"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-26 17:15
Modified
2024-11-21 04:23
Severity ?
Summary
An issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-based buffer overflow. When receiving data from a remote server in response to an URN request, Squid fails to ensure that the response can fit within the buffer. This leads to attacker controlled data overflowing in the heap.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.04 | |
| canonical | ubuntu_linux | 19.10 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 | |
| opensuse | leap | 15.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC9F2659-B37B-4E7B-AE40-B91BF3CE4E88",
"versionEndIncluding": "3.5.28",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A278895E-7005-4F4B-8649-A013F60E33D4",
"versionEndIncluding": "4.8",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-based buffer overflow. When receiving data from a remote server in response to an URN request, Squid fails to ensure that the response can fit within the buffer. This leads to attacker controlled data overflowing in the heap."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Squid versiones anteriores a 4.9. El manejo de respuesta URN en Squid sufre de un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria. Cuando se reciben datos desde un servidor remoto en respuesta a una petici\u00f3n URN, Squid no se asegura de que la respuesta pueda caber dentro del b\u00fafer. Esto conlleva al desbordamiento de datos controlados por el atacante en la pila."
}
],
"id": "CVE-2019-12526",
"lastModified": "2024-11-21T04:23:02.443",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-26T17:15:10.843",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_7.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1156326"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-34"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4213-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_7.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1156326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-34"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4213-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-24 00:15
Modified
2024-11-21 08:58
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client Manager reports. Squid older than 5.0.5 have not been tested and should be assumed to be vulnerable. All Squid-5.x up to and including 5.9 are vulnerable. All Squid-6.x up to and including 6.5 are vulnerable. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. As a workaround, prevent access to Cache Manager using Squid's main access control: `http_access deny manager`.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3D67FB6-14F1-40C3-B636-ADDF38F94FA9",
"versionEndIncluding": "5.9",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "434DE988-6D70-4BAE-8A1A-D07871424517",
"versionEndExcluding": "6.6",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client Manager reports. Squid older than 5.0.5 have not been tested and should be assumed to be vulnerable. All Squid-5.x up to and including 5.9 are vulnerable. All Squid-6.x up to and including 6.5 are vulnerable. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid\u0027s patch archives. As a workaround, prevent access to Cache Manager using Squid\u0027s main access control: `http_access deny manager`."
},
{
"lang": "es",
"value": "Squid es un proxy de almacenamiento en cach\u00e9 para la Web. Debido a un error de referencia de puntero caducado, Squid anterior a la versi\u00f3n 6.6 es vulnerable a un ataque de denegaci\u00f3n de servicio contra las respuestas de error del Administrador de Cach\u00e9. Este problema permite que un cliente confiable realice una Denegaci\u00f3n de Servicio al generar p\u00e1ginas de error para los informes de Client Manager. Los calamares mayores de 5.0.5 no han sido probados y se debe suponer que son vulnerables. Todos los Squid-5.x hasta 5.9 includa, son vulnerables. Todos los Squid-6.x hasta 6.5 includa, son vulnerables. Este error se solucion\u00f3 con la versi\u00f3n 6.6 de Squid. Adem\u00e1s, los parches que solucionan este problema para las versiones estables se pueden encontrar en los archivos de parches de Squid. Como workaround, evite el acceso al Administrador de cach\u00e9 utilizando el control de acceso principal de Squid: `http_access deny manager`."
}
],
"id": "CVE-2024-23638",
"lastModified": "2024-11-21T08:58:03.733",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-24T00:15:08.573",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v5/SQUID-2023_11.patch"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v6/SQUID-2023_11.patch"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/squid-cache/squid/commit/290ae202883ac28a48867079c2fb34c40efd382b"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/squid-cache/squid/commit/e8118a7381213f5cfcdeb4cec1d2d854bfd261c8"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-j49p-553x-48rx"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7R4KPSO3MQT3KAOZV7LC2GG3CYMCGK7H/"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWQHRDRHDM5PQTU6BHH4C5KGL37X6TVI/"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit"
],
"url": "https://megamansec.github.io/Squid-Security-Audit/stream-assert.html"
},
{
"source": "security-advisories@github.com",
"url": "https://security.netapp.com/advisory/ntap-20240208-0010/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v5/SQUID-2023_11.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v6/SQUID-2023_11.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/squid-cache/squid/commit/290ae202883ac28a48867079c2fb34c40efd382b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/squid-cache/squid/commit/e8118a7381213f5cfcdeb4cec1d2d854bfd261c8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-j49p-553x-48rx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7R4KPSO3MQT3KAOZV7LC2GG3CYMCGK7H/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWQHRDRHDM5PQTU6BHH4C5KGL37X6TVI/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://megamansec.github.io/Squid-Security-Audit/stream-assert.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20240208-0010/"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-825"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-672"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-02-08 20:55
Modified
2024-11-21 01:47
Severity ?
Summary
cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect order of arguments or incorrect comparison.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A8586AD-E820-4BAE-AAF9-AC7EF2316C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "802E3D2B-90B7-4725-854F-4174116BC314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7501697A-BCFD-4DC3-8D87-CC9A186D9589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6C4455-85F4-462D-9FF6-F830ED7D398E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B600BF4C-8169-4086-BFE6-F066BE5F5406",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "46272D1B-1468-48C0-B37A-7D06FAC39C47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DA782B4B-486F-4197-BD5D-ABF791D57211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "558D8641-E097-4D91-9B6E-07433844BB82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0B46F5F1-38FC-4E25-8F04-CA2730561DF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C69B0A4D-9619-4BEA-A846-C4438C2660F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "ED17FE35-6B2C-41BF-A7C7-2EECBDB5A934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "78A50750-3A31-482C-B95C-019C8934850E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF6AC30-9570-4D4B-835E-CCADEB546F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB84E4E-6A0A-41C8-9DDF-3C18F526F155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2E49E5C3-D01F-4DBC-B33A-5495D3EC44F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "79C53B22-9F33-43E7-8D1F-EEB0DEF4B503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "25B60DB2-F50C-42F0-B6C9-B25C34B8F578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "DE973F9E-8387-464F-AFA0-25215B340173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "03D3F0E3-0C50-4A86-87F4-90FC82B312F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE26BEC0-B9C7-43F0-B0FB-E81870170B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0778579-A193-4C61-BB1A-6D2E733F3958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED5DC63-6E9D-4068-95DF-AF8FD9A0A7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DE890F9-12C0-4D66-B6C1-6A5A87FAD5F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FB414FE3-3567-474B-B5A7-D3EF5DD63AB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF450F17-12A2-4E33-875A-5F3C2CA4A5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E3AB229E-2C32-410B-BFE2-62DCA734C3F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "78A6D6B0-9BC0-418E-84EE-23697A0FEC19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF7AFE1-A45A-43B7-B3C7-45C060D046BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "41914354-D5BE-4B1F-BED3-0ECA43586537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9A3716-8670-4847-A6EB-F601184D369E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E88EE3-EC00-4F1F-BAEF-4F1F893C5C5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A330DFA8-BF79-45CC-BF88-6CEA26D7BC9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "679A55F8-34B4-435A-8BCE-8F842F3FB269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "898674F9-6BF7-469F-A74E-558EAFC2CD27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "3F50E718-1CF2-4C8F-A1EA-5F769B203B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "516F3F77-3AEA-489D-A36F-C502B4D9BF01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFAB3BA-BBE9-4CFB-BE6B-BDF3E7772E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F523B8-463E-4FB0-ACB6-E36AAAF85CD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA593D9-907D-4051-A3F2-0F88F01A7C79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "20D2B364-B98A-4484-A10A-86AF43774096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0B7BF076-0D43-407A-86DC-D1163922A787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA576F49-A7F5-4013-89DF-F6C91C15B547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3F52FE-FFB3-4221-8DC7-3F5680A07429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "604FEF42-ABA7-42C1-8A5F-C3AECFD68481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DC2568C1-89CB-41C1-9126-A8665614D0B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C18B5392-3FDB-49E6-89DB-7945D337FBFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9E0E7F-E93C-4DE9-8D91-5EE50BCFAC2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0BFF9D8B-343B-415D-8AF8-B07AF94CC48B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "16F5794B-BBFB-4B12-9A0B-88A0334681C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "17D0083E-8D50-4DC6-979F-685D5CB588AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "138FAD73-1D25-4F46-B9EA-599FF0EDA1AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE34DC1-F654-474E-B6A3-D81B9BF4D6CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8A4BF7AC-7D9F-40D8-A5AA-BE1EBF37CF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "643E8B9B-C3F4-4171-BF67-D9359BDCE5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "A73CBC60-1EF1-4730-9350-EB51F269695B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2721E403-A553-492F-897F-1CD1E2685139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "85B091C4-8104-4A1E-A09D-EBCD114DC829",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA2EDF9C-45AD-4980-8DEF-C7F473B22CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BE4B8448-49FA-491C-A6A2-040233D670B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "7118F616-25CA-4E34-AA13-4D14BB62419F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect order of arguments or incorrect comparison."
},
{
"lang": "es",
"value": "cachemgr.cgi en Squid v3.1.x, v3.2.x y posiblemente, v3.1.22, v3.2.4 y otras versiones, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de recursos) a trav\u00e9s de una solicitud hecha a mano. NOTA: este problema se debe a una soluci\u00f3n incorrecta para CVE-2012-5643, posiblemente con un orden incorrecto de argumentos o de comparaci\u00f3n incorrecta."
}
],
"evaluatorComment": "Per http://www.ubuntu.com/usn/USN-1713-1/\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\nUbuntu 12.10\r\nUbuntu 12.04 LTS\r\nUbuntu 11.10\r\nUbuntu 10.04 LTS\r\n",
"id": "CVE-2013-0189",
"lastModified": "2024-11-21T01:47:01.633",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-02-08T20:55:01.377",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bazaar.launchpad.net/~squid/squid/3.2/revision/11743"
},
{
"source": "secalert@redhat.com",
"url": "http://bazaar.launchpad.net/~squid/squid/3.2/revision/11744"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://lists.fedoraproject.org/pipermail/scm-commits/2013-January/934637.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00025.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00032.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52024"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/54839"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2013/dsa-2631"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:129"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/57646"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID-2012_1.patch"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.2/changesets/SQUID-2012_1.patch"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1713-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=887962#c9"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=895972"
},
{
"source": "secalert@redhat.com",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bazaar.launchpad.net/~squid/squid/3.2/revision/11743"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bazaar.launchpad.net/~squid/squid/3.2/revision/11744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.fedoraproject.org/pipermail/scm-commits/2013-January/934637.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/54839"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2631"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:129"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/57646"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID-2012_1.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.2/changesets/SQUID-2012_1.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1713-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=887962#c9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=895972"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0029"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-15 20:15
Modified
2024-11-21 04:23
Severity ?
Summary
An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers the request. The absolute URL can include the decoded UserInfo (username and password) for certain protocols. This decoded info is prepended to the domain. This allows an attacker to provide a username that has special characters to delimit the domain, and treat the rest of the URL as a path or query string. An attacker could first make a request to their domain using an encoded username, then when a request for the target domain comes in that decodes to the exact URL, it will serve the attacker's HTML instead of the real HTML. On Squid servers that also act as reverse proxies, this allows an attacker to gain access to features that only reverse proxies can use, such as ESI.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5584C95-5CB1-4D45-8C05-633746AE2AB4",
"versionEndIncluding": "4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers the request. The absolute URL can include the decoded UserInfo (username and password) for certain protocols. This decoded info is prepended to the domain. This allows an attacker to provide a username that has special characters to delimit the domain, and treat the rest of the URL as a path or query string. An attacker could first make a request to their domain using an encoded username, then when a request for the target domain comes in that decodes to the exact URL, it will serve the attacker\u0027s HTML instead of the real HTML. On Squid servers that also act as reverse proxies, this allows an attacker to gain access to features that only reverse proxies can use, such as ESI."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Squid versiones hasta 4.7 y 5. Cuando se recibe una petici\u00f3n, Squid comprueba su memoria cach\u00e9 para visualizar si puede servir una respuesta. Lo hace al realizar un hash MD5 de la URL absoluta de la petici\u00f3n. Si se encuentra, sirve la petici\u00f3n. La URL absoluta puede incluir la UserInfo decodificada (nombre de usuario y contrase\u00f1a) para determinados protocolos. Esta informaci\u00f3n decodificada se antepone al dominio. Esto permite a un atacante proporcionar un nombre de usuario que tenga caracteres especiales para delimitar el dominio y tratar el resto de la URL como una ruta o cadena de consulta. Un atacante podr\u00eda primero hacer una petici\u00f3n a su dominio usando un nombre de usuario codificado, luego, cuando llega una petici\u00f3n para el dominio objetivo que decodifica a la URL exacta, servir\u00e1 el HTML del atacante en lugar del HTML real. En los servidores de Squid que tambi\u00e9n act\u00faan como proxies inversos, esto permite a un atacante conseguir acceso a funcionalidades que solo los proxies inversos pueden utilizar, tal y como ESI."
}
],
"id": "CVE-2019-12520",
"lastModified": "2024-11-21T04:23:01.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-15T20:15:13.520",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/commits/v4"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12520.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210205-0006/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4446-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/commits/v4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12520.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210205-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4446-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-11 19:15
Modified
2024-11-21 04:23
Severity ?
Summary
An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user controlled data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| fedoraproject | fedora | 29 | |
| debian | debian_linux | 10.0 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.04 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux_eus | 8.1 | |
| redhat | enterprise_linux_eus | 8.2 | |
| redhat | enterprise_linux_eus | 8.4 | |
| redhat | enterprise_linux_eus | 8.6 | |
| redhat | enterprise_linux_server_aus | 8.2 | |
| redhat | enterprise_linux_server_aus | 8.4 | |
| redhat | enterprise_linux_server_aus | 8.6 | |
| redhat | enterprise_linux_server_tus | 8.2 | |
| redhat | enterprise_linux_server_tus | 8.4 | |
| redhat | enterprise_linux_server_tus | 8.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73EA62F6-6E71-49AE-8435-4C8652BA2E78",
"versionEndIncluding": "4.7",
"versionStartIncluding": "4.0.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92BC9265-6959-4D37-BE5E-8C45E98992F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "831F0F47-3565-4763-B16F-C87B1FF2035E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E3F09B5-569F-4C58-9FCA-3C0953D107B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn\u0027t greater than the buffer, leading to a heap-based buffer overflow with user controlled data."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Squid versiones 4.0.23 hasta 4.7. Al comprobar la autenticaci\u00f3n b\u00e1sica con la funci\u00f3n HttpHeader::getAuth, Squid utiliza un b\u00fafer global para almacenar los datos descodificados. Squid no comprueba que la longitud descodificada no sea superior que el b\u00fafer, lo que conlleva a un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria con datos controlados por el usuario."
}
],
"id": "CVE-2019-12527",
"lastModified": "2024-11-21T04:23:02.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-11T19:15:13.097",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/109143"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2593"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/commits/v4"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/42"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4065-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4507"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/109143"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2593"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/commits/v4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/42"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4065-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4507"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-08 20:15
Modified
2024-11-21 06:06
Severity ?
Summary
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| squid-cache | squid | 2.5.stable2 | |
| squid-cache | squid | 2.5.stable3 | |
| squid-cache | squid | 2.5.stable4 | |
| squid-cache | squid | 2.5.stable5 | |
| squid-cache | squid | 2.5.stable6 | |
| squid-cache | squid | 2.5.stable7 | |
| squid-cache | squid | 2.5.stable8 | |
| squid-cache | squid | 2.5.stable9 | |
| squid-cache | squid | 2.5.stable10 | |
| squid-cache | squid | 2.5.stable11 | |
| squid-cache | squid | 2.5.stable12 | |
| squid-cache | squid | 2.5.stable13 | |
| squid-cache | squid | 2.5.stable14 | |
| squid-cache | squid | 2.6 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 | |
| netapp | cloud_manager | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9ED22D0-23B0-4441-91C9-CBC1C57A7D6D",
"versionEndExcluding": "4.15",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68801A75-0B13-444A-B88F-8BDD4EE953D3",
"versionEndExcluding": "5.0.6",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.5.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "3DBDF00F-0FCC-4C6B-8541-7FBF2FF79CEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.5.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "1460A9BC-464D-47FC-9CDE-08E094E84520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.5.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA370C48-58E9-4A66-8CEB-01ABB90DDDF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.5.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "F7D47FF1-44FC-4798-B7DB-45B3825496AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.5.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "6AFABF40-3269-44D6-98BE-30030002BB40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.5.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "15D4C357-F4AC-4BB3-889D-0B76DB28D8A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.5.stable8:*:*:*:*:*:*:*",
"matchCriteriaId": "B16B99BF-4DC3-4525-8153-B45287DB5BA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.5.stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "00A8E046-A375-442D-B96B-DBD2993652AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.5.stable10:*:*:*:*:*:*:*",
"matchCriteriaId": "CE90AB17-3998-42D6-BB43-577C05BD8380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.5.stable11:*:*:*:*:*:*:*",
"matchCriteriaId": "6B516FB5-5779-4F81-812B-A321E3E711FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.5.stable12:*:*:*:*:*:*:*",
"matchCriteriaId": "6DD5E8F7-19C7-4733-9A57-033572E8A78B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.5.stable13:*:*:*:*:*:*:*",
"matchCriteriaId": "EB55AD78-C3FA-4DC5-81F0-83CB1385AE5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.5.stable14:*:*:*:*:*:*:*",
"matchCriteriaId": "2B43CE92-434B-4F93-9355-F9CD6D5959EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3AE100C3-0245-4305-B514-77D0572C2947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:-:*:*:*:*:*:*",
"matchCriteriaId": "A4E50120-7298-4BC5-AC36-708EFCCFA1F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable2:*:*:*:*:*:*",
"matchCriteriaId": "EFBB466C-C679-4B4B-87C2-E7853E5B3F04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable3:*:*:*:*:*:*",
"matchCriteriaId": "A03692DD-779F-4E3C-861C-29943870A816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable4:*:*:*:*:*:*",
"matchCriteriaId": "79FF6B3C-A3CE-4AA2-80F9-44D05A6B2F08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable5:*:*:*:*:*:*",
"matchCriteriaId": "3CF6E367-D33B-4B60-8C40-4618C47D53E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable6:*:*:*:*:*:*",
"matchCriteriaId": "0FA1F4FE-629C-4489-A13C-017A824C840F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable7:*:*:*:*:*:*",
"matchCriteriaId": "2479C5BF-94E1-4153-9FA3-333BC00F01D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable8:*:*:*:*:*:*",
"matchCriteriaId": "8ABFCCCC-7584-466E-97CC-6EBD3934A70E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable9:*:*:*:*:*:*",
"matchCriteriaId": "F17E49BF-FB11-4EE6-B6AC-30914F381B2F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "197D0D80-6702-4B61-B681-AFDBA7D69067",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Squid versiones anteriores a 4.15 y en versiones 5.x anteriores a 5.0.6. Un problema de desbordamiento de enteros permite a un servidor remoto conseguir una Denegaci\u00f3n de Servicio cuando se entrega respuestas a peticiones de rango HTTP. El desencadenante del problema es un encabezado que puede esperarse que se presente en el tr\u00e1fico HTTP sin ninguna intenci\u00f3n maliciosa"
}
],
"id": "CVE-2021-31807",
"lastModified": "2024-11-21T06:06:15.980",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-08T20:15:09.057",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/14"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/11/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210716-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/11/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210716-0007/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-26 15:59
Modified
2024-11-21 02:16
Severity ?
Summary
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE26BEC0-B9C7-43F0-B0FB-E81870170B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0778579-A193-4C61-BB1A-6D2E733F3958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED5DC63-6E9D-4068-95DF-AF8FD9A0A7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DE890F9-12C0-4D66-B6C1-6A5A87FAD5F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FB414FE3-3567-474B-B5A7-D3EF5DD63AB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF450F17-12A2-4E33-875A-5F3C2CA4A5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E3AB229E-2C32-410B-BFE2-62DCA734C3F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "78A6D6B0-9BC0-418E-84EE-23697A0FEC19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF7AFE1-A45A-43B7-B3C7-45C060D046BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "41914354-D5BE-4B1F-BED3-0ECA43586537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9A3716-8670-4847-A6EB-F601184D369E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E88EE3-EC00-4F1F-BAEF-4F1F893C5C5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A330DFA8-BF79-45CC-BF88-6CEA26D7BC9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "679A55F8-34B4-435A-8BCE-8F842F3FB269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "898674F9-6BF7-469F-A74E-558EAFC2CD27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "3F50E718-1CF2-4C8F-A1EA-5F769B203B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "290D66F4-D27F-4E86-AC95-05082F3C2E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "A8CD6A42-2C79-48EB-8F6C-0A7CE0C6AAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "ABBA9A61-2B05-4527-A49D-425AD5FD863B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "E893D7A8-9C39-438C-8EF2-9573EEDC884A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "0B707451-BF0E-4F79-A348-B1141ABA6EF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "810AAA9D-F4B2-4F0A-89DD-2D9378516481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "516F3F77-3AEA-489D-A36F-C502B4D9BF01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFAB3BA-BBE9-4CFB-BE6B-BDF3E7772E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F523B8-463E-4FB0-ACB6-E36AAAF85CD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA593D9-907D-4051-A3F2-0F88F01A7C79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "20D2B364-B98A-4484-A10A-86AF43774096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0B7BF076-0D43-407A-86DC-D1163922A787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA576F49-A7F5-4013-89DF-F6C91C15B547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3F52FE-FFB3-4221-8DC7-3F5680A07429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "604FEF42-ABA7-42C1-8A5F-C3AECFD68481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DC2568C1-89CB-41C1-9126-A8665614D0B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C18B5392-3FDB-49E6-89DB-7945D337FBFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9E0E7F-E93C-4DE9-8D91-5EE50BCFAC2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0BFF9D8B-343B-415D-8AF8-B07AF94CC48B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "16F5794B-BBFB-4B12-9A0B-88A0334681C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "17D0083E-8D50-4DC6-979F-685D5CB588AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "138FAD73-1D25-4F46-B9EA-599FF0EDA1AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE34DC1-F654-474E-B6A3-D81B9BF4D6CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8A4BF7AC-7D9F-40D8-A5AA-BE1EBF37CF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "643E8B9B-C3F4-4171-BF67-D9359BDCE5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "A73CBC60-1EF1-4730-9350-EB51F269695B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2721E403-A553-492F-897F-1CD1E2685139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "85B091C4-8104-4A1E-A09D-EBCD114DC829",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA2EDF9C-45AD-4980-8DEF-C7F473B22CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BE4B8448-49FA-491C-A6A2-040233D670B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "11480BB1-874C-48EB-BB03-081313310608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1B739890-99E8-434C-97D4-3739E6C31838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0C7B1871-3C85-4B88-AB42-E60BF5CDFB04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0A71DCD2-0E54-46A7-8309-CDB0736AD5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CD54BDDF-F7A8-4715-BA0E-4E7F741492FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9A2B9699-6622-4883-BA03-E3374C54871A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "78391DAF-2096-4DC4-80E4-D4D2859DCA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "9B062A06-31C1-4B23-B7BD-9F751ABD6A37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "728DD64E-C267-475A-BEA8-C139581DD7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A7A83183-74B1-4041-A961-D9F382AAC7E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE8F3F5-45A2-418A-9D8E-4E6DFC888BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F4845D4-40D9-431E-A63C-E949B9D9F959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF070E6-0B73-4F6D-8932-B284697FCD2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E07992B-92B4-4307-8DBD-085376C1D6DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "386550A3-A55B-4F24-9625-6A50260ADA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "810D1F9E-81E5-45F0-B62B-AB0A797FF8B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4673327A-1E50-47CC-AD83-6A3D2E687292",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6624AF2D-9EF0-4597-B8B2-20D7A309EA6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F75D13-ED59-42A9-A662-AC77DBA20903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1D2DEDED-818C-42E4-821C-954CE7406DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EEED0A2E-AA5D-4835-A7C6-499325A0EB32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BEDD0AF5-8252-4548-941B-26581393E918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3E939AD4-B8F3-4BC0-9948-3C92B88D2593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "73CAD438-969B-4D2E-8A2F-9264AFAD9DE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1DD85E57-9A51-42DF-8BF7-E5701BAA64AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E983C5C3-C93C-4750-8DC5-31D6206335A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DEC8D212-6E8B-45F7-B7FB-9FFA64C1DB8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F03B2A6E-1D63-42F2-BB31-18EC120B6543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3BC83C4B-7C06-40D7-9EF6-76E752E5724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1E1CC9-81A7-47D5-87AC-86703E257D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D716D8C4-2089-4E61-9487-B2085B74B5BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5332A8F5-8F97-465B-AF24-2FEF0B055006",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6567D19B-DF18-4C52-984A-591524A83AD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "06832CD3-C761-4941-AFAB-822477C568F6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet."
},
{
"lang": "es",
"value": "El m\u00f3dulo pinger en Squid 3.x anterior a 3.4.8 permite a atacantes remotos obtener informaci\u00f3n sensible o causar una denegaci\u00f3n de servicio (lectura fuera de rango y ca\u00edda) a trav\u00e9s de un tipo manipulado en un paquete (1) ICMP o (2) ICMP6."
}
],
"id": "CVE-2014-7141",
"lastModified": "2024-11-21T02:16:24.517",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-26T15:59:03.557",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/oss-sec/2014/q3/539"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/oss-sec/2014/q3/612"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/oss-sec/2014/q3/626"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/60242"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://ubuntu.com/usn/usn-2422-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/69688"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2014_4.txt"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=891268"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2014/q3/539"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2014/q3/612"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2014/q3/626"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60242"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://ubuntu.com/usn/usn-2422-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/69688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2014_4.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=891268"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-19"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-07-28 17:30
Modified
2024-11-21 01:05
Severity ?
Summary
Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) "missing or mismatched protocol identifier," (2) missing or negative status value," (3) "missing version," or (4) "missing or invalid status number," related to (a) HttpMsg.cc and (b) HttpReply.cc.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.1 | |
| squid-cache | squid | 3.1.0.1 | |
| squid-cache | squid | 3.1.0.2 | |
| squid-cache | squid | 3.1.0.3 | |
| squid-cache | squid | 3.1.0.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:pre1:*:*:*:*:*",
"matchCriteriaId": "CF9C0078-D06B-4174-AF2C-599638E5B29D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:pre2:*:*:*:*:*",
"matchCriteriaId": "F1DD47BA-EA59-4DCC-BFF3-2DF0BC332CBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:pre3:*:*:*:*:*",
"matchCriteriaId": "2BC1746D-BE02-4D04-B31D-95589EBD4C93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:pre4:*:*:*:*:*",
"matchCriteriaId": "62C35710-215C-4B80-9304-665451F3C0AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:pre5:*:*:*:*:*",
"matchCriteriaId": "76A7416C-64B2-4F52-93FD-9C504B7D4F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:pre6:*:*:*:*:*",
"matchCriteriaId": "17D51261-2071-4E8F-AD75-2ECCBE7F7C04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:pre7:*:*:*:*:*",
"matchCriteriaId": "ACD9E084-007E-4C6A-8D30-2DC9B355D7B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:stable1:*:*:*:*:*",
"matchCriteriaId": "95912E0D-FACF-459B-94FB-334FDBCC292B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:stable10:*:*:*:*:*",
"matchCriteriaId": "2C455506-7FBF-4F0E-92E7-F074B74C10D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:stable11:*:*:*:*:*",
"matchCriteriaId": "67288E3E-88BF-44CE-84EF-1BF98E8C38CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:stable12:*:*:*:*:*",
"matchCriteriaId": "B428BDA9-8C83-4DE3-9391-17AFD5D750BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:stable13:*:*:*:*:*",
"matchCriteriaId": "DC57EAB8-BFEF-4FE2-8ADB-D196EAE3E51D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:stable14:*:*:*:*:*",
"matchCriteriaId": "935F2BDE-7F76-4E13-8318-37CE97B7948F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:stable15:*:*:*:*:*",
"matchCriteriaId": "354599A2-5FCF-4F5A-85AE-00505D32B9BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:stable2:*:*:*:*:*",
"matchCriteriaId": "1F1BC7B9-9CD1-42E9-84BB-BEE3668BAAA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:stable3:*:*:*:*:*",
"matchCriteriaId": "88E3716B-863A-40D4-A7D9-F2A288B87394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:stable4:*:*:*:*:*",
"matchCriteriaId": "02FB3C5B-95F1-4839-8F68-649AFA2FEB1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:stable5:*:*:*:*:*",
"matchCriteriaId": "631CBA69-B2A1-4522-A330-6A87CCBC682C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:stable6:*:*:*:*:*",
"matchCriteriaId": "0FE7885D-D1EB-4543-B342-80BC645EE8EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:stable7:*:*:*:*:*",
"matchCriteriaId": "B7C4AE0E-9608-4D24-8EA3-0F33A5D95A5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:stable8:*:*:*:*:*",
"matchCriteriaId": "628344A8-42AE-4AD7-89A2-66711490AB30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:stable9:*:*:*:*:*",
"matchCriteriaId": "3260A290-9F63-4E5C-BEF2-015E9491AD18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:rc1:stable11:*:*:*:*:*",
"matchCriteriaId": "4F830353-C4E4-4DAF-B7ED-1B0BAE9F3253",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "131C4C00-3811-42BF-A84A-EB2E5DA156B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A8586AD-E820-4BAE-AAF9-AC7EF2316C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "802E3D2B-90B7-4725-854F-4174116BC314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7501697A-BCFD-4DC3-8D87-CC9A186D9589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6C4455-85F4-462D-9FF6-F830ED7D398E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B600BF4C-8169-4086-BFE6-F066BE5F5406",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) \"missing or mismatched protocol identifier,\" (2) missing or negative status value,\" (3) \"missing version,\" or (4) \"missing or invalid status number,\" related to (a) HttpMsg.cc and (b) HttpReply.cc."
},
{
"lang": "es",
"value": "Squid desde v3.0 hasta v3.0.STABLE16 y desde v3.1 hasta v3.1.0.11 permite a atacantes remotos producir una denegaci\u00f3n de servicio a trav\u00e9s de peticiones mal formadas que incluyen (1) \"identificador de protocolo perdido o mal utilizado,\" (2) \"valor de estatus perdido o negativo,\" (3) \"versi\u00f3n perdida,\" o (4) \"n\u00famero de estatus perdido o inv\u00e1lido\", relacionado con HttpMsg.cc y (b) HttpReply.cc."
}
],
"id": "CVE-2009-2622",
"lastModified": "2024-11-21T01:05:19.113",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-07-28T17:30:01.127",
"references": [
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/36007"
},
{
"source": "cret@cert.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:161"
},
{
"source": "cret@cert.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:178"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/35812"
},
{
"source": "cret@cert.org",
"url": "http://www.securitytracker.com/id?1022607"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2009_2.txt"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/b9661.patch"
},
{
"source": "cret@cert.org",
"url": "http://www.vupen.com/english/advisories/2009/2013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/36007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35812"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2009_2.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/b9661.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/2013"
}
],
"sourceIdentifier": "cret@cert.org",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect the versions of squid as shipped with Red Hat Enterprise Linux 3, 4, or 5.",
"lastModified": "2009-08-06T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-27 13:15
Modified
2024-11-21 06:06
Severity ?
Summary
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 | |
| netapp | cloud_manager | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32AC0EE8-444B-447A-98E9-C22F82A6203C",
"versionEndExcluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68801A75-0B13-444A-B88F-8BDD4EE953D3",
"versionEndExcluding": "5.0.6",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "197D0D80-6702-4B61-B681-AFDBA7D69067",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Squid versiones anteriores a 4.15 y versiones 5.x anteriores a 5.0.6.\u0026#xa0;Debido a un bug de administraci\u00f3n de la memoria, es vulnerable a un ataque de Denegaci\u00f3n de Servicio (contra todos los clientes que usan el proxy) por medio del procesamiento de peticiones HTTP Range"
}
],
"id": "CVE-2021-31806",
"lastModified": "2024-11-21T06:06:15.823",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-27T13:15:08.270",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/14"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/11/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210716-0007/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4924"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/11/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210716-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4924"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-116"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-27 14:15
Modified
2024-11-21 06:06
Severity ?
Summary
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy). A client sends an HTTP Range request to trigger this.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| netapp | cloud_manager | - | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32AC0EE8-444B-447A-98E9-C22F82A6203C",
"versionEndExcluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68801A75-0B13-444A-B88F-8BDD4EE953D3",
"versionEndExcluding": "5.0.6",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "197D0D80-6702-4B61-B681-AFDBA7D69067",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy). A client sends an HTTP Range request to trigger this."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Squid versiones anteriores a 4.15 y versiones 5.x anteriores a 5.0.6.\u0026#xa0;Debido a un bug de comprobaci\u00f3n de entrada, es vulnerable a ataques de Denegaci\u00f3n de Servicio (contra todos los clientes que usan el proxy).\u0026#xa0;Un cliente env\u00eda una petici\u00f3n HTTP Range para desencadenar esto"
}
],
"id": "CVE-2021-31808",
"lastModified": "2024-11-21T06:06:16.153",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-27T14:15:07.500",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/14"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/11/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210716-0007/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4924"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/11/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210716-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4924"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-25 14:59
Modified
2024-11-21 02:51
Severity ?
Summary
Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*",
"matchCriteriaId": "CC7A498A-A669-4C42-8134-86103C799D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*",
"matchCriteriaId": "104DA87B-DEE4-4262-AE50-8E6BC43B228B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B7EB3DBC-313E-4F55-90F3-BED0918A4EFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C3DCC264-510E-43D1-9C13-99CEA54C7940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ED31C038-4142-4C2C-B540-9223C5C199FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "177060A9-6211-4B6D-96BE-48B4BD1FAFEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A7E210DD-8EE6-4182-A78E-F791FCFDEFCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50327E36-756E-434D-804D-1E44A4ABAE1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3AE100C3-0245-4305-B514-77D0572C2947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "35C30CB9-FA3A-408D-A8B0-8805E75657BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62B9F669-6217-498A-902E-22EDEEFC565E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A8586AD-E820-4BAE-AAF9-AC7EF2316C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "802E3D2B-90B7-4725-854F-4174116BC314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7501697A-BCFD-4DC3-8D87-CC9A186D9589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6C4455-85F4-462D-9FF6-F830ED7D398E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B600BF4C-8169-4086-BFE6-F066BE5F5406",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "46272D1B-1468-48C0-B37A-7D06FAC39C47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DA782B4B-486F-4197-BD5D-ABF791D57211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "558D8641-E097-4D91-9B6E-07433844BB82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0B46F5F1-38FC-4E25-8F04-CA2730561DF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C69B0A4D-9619-4BEA-A846-C4438C2660F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "ED17FE35-6B2C-41BF-A7C7-2EECBDB5A934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "78A50750-3A31-482C-B95C-019C8934850E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF6AC30-9570-4D4B-835E-CCADEB546F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB84E4E-6A0A-41C8-9DDF-3C18F526F155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2E49E5C3-D01F-4DBC-B33A-5495D3EC44F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "79C53B22-9F33-43E7-8D1F-EEB0DEF4B503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "25B60DB2-F50C-42F0-B6C9-B25C34B8F578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "DE973F9E-8387-464F-AFA0-25215B340173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "03D3F0E3-0C50-4A86-87F4-90FC82B312F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE26BEC0-B9C7-43F0-B0FB-E81870170B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0778579-A193-4C61-BB1A-6D2E733F3958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED5DC63-6E9D-4068-95DF-AF8FD9A0A7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DE890F9-12C0-4D66-B6C1-6A5A87FAD5F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FB414FE3-3567-474B-B5A7-D3EF5DD63AB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF450F17-12A2-4E33-875A-5F3C2CA4A5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E3AB229E-2C32-410B-BFE2-62DCA734C3F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "78A6D6B0-9BC0-418E-84EE-23697A0FEC19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF7AFE1-A45A-43B7-B3C7-45C060D046BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "41914354-D5BE-4B1F-BED3-0ECA43586537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9A3716-8670-4847-A6EB-F601184D369E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E88EE3-EC00-4F1F-BAEF-4F1F893C5C5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A330DFA8-BF79-45CC-BF88-6CEA26D7BC9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B218819-0975-4E1F-8F6C-D666655937B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "594A05FF-E5D2-4132-BF03-44D6866D8133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B22C192-02F2-4AD4-A305-BADCC09E8075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "679A55F8-34B4-435A-8BCE-8F842F3FB269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "898674F9-6BF7-469F-A74E-558EAFC2CD27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "3F50E718-1CF2-4C8F-A1EA-5F769B203B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "290D66F4-D27F-4E86-AC95-05082F3C2E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "A8CD6A42-2C79-48EB-8F6C-0A7CE0C6AAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "ABBA9A61-2B05-4527-A49D-425AD5FD863B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "E893D7A8-9C39-438C-8EF2-9573EEDC884A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "0B707451-BF0E-4F79-A348-B1141ABA6EF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "810AAA9D-F4B2-4F0A-89DD-2D9378516481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "516F3F77-3AEA-489D-A36F-C502B4D9BF01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFAB3BA-BBE9-4CFB-BE6B-BDF3E7772E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F523B8-463E-4FB0-ACB6-E36AAAF85CD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA593D9-907D-4051-A3F2-0F88F01A7C79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "20D2B364-B98A-4484-A10A-86AF43774096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0B7BF076-0D43-407A-86DC-D1163922A787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA576F49-A7F5-4013-89DF-F6C91C15B547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3F52FE-FFB3-4221-8DC7-3F5680A07429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "604FEF42-ABA7-42C1-8A5F-C3AECFD68481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DC2568C1-89CB-41C1-9126-A8665614D0B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C18B5392-3FDB-49E6-89DB-7945D337FBFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9E0E7F-E93C-4DE9-8D91-5EE50BCFAC2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0BFF9D8B-343B-415D-8AF8-B07AF94CC48B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "16F5794B-BBFB-4B12-9A0B-88A0334681C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "17D0083E-8D50-4DC6-979F-685D5CB588AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "138FAD73-1D25-4F46-B9EA-599FF0EDA1AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE34DC1-F654-474E-B6A3-D81B9BF4D6CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8A4BF7AC-7D9F-40D8-A5AA-BE1EBF37CF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "643E8B9B-C3F4-4171-BF67-D9359BDCE5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "A73CBC60-1EF1-4730-9350-EB51F269695B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2721E403-A553-492F-897F-1CD1E2685139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "85B091C4-8104-4A1E-A09D-EBCD114DC829",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA2EDF9C-45AD-4980-8DEF-C7F473B22CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BE4B8448-49FA-491C-A6A2-040233D670B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "11480BB1-874C-48EB-BB03-081313310608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1B739890-99E8-434C-97D4-3739E6C31838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0C7B1871-3C85-4B88-AB42-E60BF5CDFB04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0A71DCD2-0E54-46A7-8309-CDB0736AD5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CD54BDDF-F7A8-4715-BA0E-4E7F741492FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9A2B9699-6622-4883-BA03-E3374C54871A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "78391DAF-2096-4DC4-80E4-D4D2859DCA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "9B062A06-31C1-4B23-B7BD-9F751ABD6A37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "DE426934-A9E2-4019-99EA-5A76EA7CDF5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "728DD64E-C267-475A-BEA8-C139581DD7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A7A83183-74B1-4041-A961-D9F382AAC7E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE8F3F5-45A2-418A-9D8E-4E6DFC888BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F4845D4-40D9-431E-A63C-E949B9D9F959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF070E6-0B73-4F6D-8932-B284697FCD2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E07992B-92B4-4307-8DBD-085376C1D6DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "386550A3-A55B-4F24-9625-6A50260ADA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "810D1F9E-81E5-45F0-B62B-AB0A797FF8B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4673327A-1E50-47CC-AD83-6A3D2E687292",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6624AF2D-9EF0-4597-B8B2-20D7A309EA6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F75D13-ED59-42A9-A662-AC77DBA20903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1D2DEDED-818C-42E4-821C-954CE7406DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EEED0A2E-AA5D-4835-A7C6-499325A0EB32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BEDD0AF5-8252-4548-941B-26581393E918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3E939AD4-B8F3-4BC0-9948-3C92B88D2593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "73CAD438-969B-4D2E-8A2F-9264AFAD9DE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "87259A2E-E132-45BA-8AC4-8CC50B1F659A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "76245991-1D91-4475-87E1-FBB77A1B3CDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1DD85E57-9A51-42DF-8BF7-E5701BAA64AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E983C5C3-C93C-4750-8DC5-31D6206335A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DEC8D212-6E8B-45F7-B7FB-9FFA64C1DB8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F03B2A6E-1D63-42F2-BB31-18EC120B6543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3BC83C4B-7C06-40D7-9EF6-76E752E5724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1E1CC9-81A7-47D5-87AC-86703E257D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D716D8C4-2089-4E61-9487-B2085B74B5BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BBC5AAD-34E1-48A5-972A-A09D66EFE825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "79E26DC8-1030-4F3F-96B9-6BF159D86FCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "40507A48-FD3B-4309-B017-A1644C5C3520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0211EBCA-144F-4BDD-8F0C-E5F7BDF96E7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7A52E699-6C08-4324-AD38-E8D40A02701F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "94C493CA-CBF0-4D15-8D1A-0E972E31F7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C398219E-503D-4DE5-85E8-5570536D6FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "BBF91088-0BD3-48EB-8D19-C05F156D4A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "3441D193-DA62-4AC1-8E50-3AEEF8C659F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0868B12-EDF9-42D9-BB43-15F623A3310B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F710949D-F0FE-43F4-ADB3-6EB679A70280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB75144-2437-40A8-8CA3-A487B603F7DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6CED2CB3-BE78-4818-A6D7-847A1ACE74DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "705D8320-A278-483A-AE47-802044CE685E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "715634E1-F7BE-4106-BDA7-B7D147EEA800",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "21E9E155-FC6F-46E7-8BF7-65DF097409D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CF72FA7A-E35D-4000-9DDA-71E55EA3A4D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3F10F-938E-44D6-845D-B66EF9812C21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B1D82EEE-F65E-4657-B0F7-6CE33D219134",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C9E6A845-B67C-4112-8240-9F61D6AF3B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4BEDD7E3-E263-4A09-9C11-3E008E01BC28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "80E3FF16-A6CD-456C-B58A-381A75D8616C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "87D02AB2-AA26-4416-B689-02C5EEF2099C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A134E1F1-AFCC-498B-8840-5884CF858769",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F4E7D0-B6F4-476E-A011-55619E91A3B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "95588755-27E8-4DB7-B865-A784D3638FE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2CD4DDBC-4243-459A-B43D-FF8F0AE0BA3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0F90E11F-FC03-46D9-A9C4-A578196D59D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "EDC9BEE2-D7E4-4192-963C-E9F2364FC8CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "060FCBEA-DEAA-42FB-88C9-4B78136B172F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "74987102-8CA8-4120-B686-F18579A96A46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DA7828AA-48B6-44CD-8507-345A4F0A25BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6640F25F-CC8B-4B05-A97A-2186BD0B5ED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A037F780-6FC9-4130-908F-B5434FA0C7DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1DDEB455-F082-44E4-8CEA-019C0084BF05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "49555803-288E-4B0A-B12A-890E5E0AD05F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEE374C-365E-49DE-A9F9-6083044C774D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data."
},
{
"lang": "es",
"value": "Desbordamiento de buffer en cachemgr.cgi en Squid 2.x, 3.x en versiones anteriores a 3.5.17 y 4.x en versiones anteriores a 4.0.9 podr\u00eda permitir a atacantes remotos provocar una denegaci\u00f3n de servicio o ejecutar c\u00f3digo arbitrario sembrando informes manager con datos manipulados."
}
],
"id": "CVE-2016-4051",
"lastModified": "2024-11-21T02:51:14.440",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-25T14:59:02.267",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3625"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/6"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/9"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/86788"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1035646"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_5.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2995-1"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2016:1138"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2016:1139"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2016:1140"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/86788"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1035646"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_5.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2995-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2016:1138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2016:1139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2016:1140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201607-01"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-30 19:15
Modified
2024-11-21 05:02
Severity ?
Summary
An issue was discovered in Squid 5.x before 5.0.3. Due to an Incorrect Synchronization, a Denial of Service can occur when processing objects in an SMP cache because of an Ipc::Mem::PageStack::pop ABA problem during access to the memory page/slot management list.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "137B599B-80D1-4903-8791-40F11BC3FCD9",
"versionEndExcluding": "5.0.3",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid 5.x before 5.0.3. Due to an Incorrect Synchronization, a Denial of Service can occur when processing objects in an SMP cache because of an Ipc::Mem::PageStack::pop ABA problem during access to the memory page/slot management list."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Squid versiones 5.x anteriores a 5.0.3. Debido a una Sincronizaci\u00f3n Incorrecta, puede ocurrir una Denegaci\u00f3n de Servicio al procesar objetos en una memoria cach\u00e9 SMP debido a un problema ABA de la funci\u00f3n Ipc::Mem::PageStack::pop durante el acceso a una lista de administraci\u00f3n de page/slot"
}
],
"id": "CVE-2020-14059",
"lastModified": "2024-11-21T05:02:27.680",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-30T19:15:11.223",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2020_5.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v5/changesets/squid-5-7a5af8db8e0377c06ed9ffbdcb1334389c7cd8ab.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210312-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2020_5.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v5/changesets/squid-5-7a5af8db8e0377c06ed9ffbdcb1334389c7cd8ab.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210312-0001/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-662"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-02-27 05:59
Modified
2024-11-21 02:48
Severity ?
Summary
The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62B9F669-6217-498A-902E-22EDEEFC565E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:-:pre1:*:*:*:*:*",
"matchCriteriaId": "ED54A2B3-6D36-4016-9BF1-83FAD500103F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:-:pre2:*:*:*:*:*",
"matchCriteriaId": "C4F368E3-88A6-463C-AA18-8FA1B9E35A84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:-:pre3:*:*:*:*:*",
"matchCriteriaId": "1451771E-F456-4631-89C8-0A49F4C8F03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:-:pre4:*:*:*:*:*",
"matchCriteriaId": "FC881283-D0DF-482E-8A06-5CFCF0FA0BB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:-:pre5:*:*:*:*:*",
"matchCriteriaId": "E746946A-2D07-402B-A071-9B674F6FEA75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:-:pre6:*:*:*:*:*",
"matchCriteriaId": "6B1A697B-3777-492F-BA53-0BA7A9934C03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:-:pre7:*:*:*:*:*",
"matchCriteriaId": "1C579925-591E-4BD7-A888-B8D2B0228D34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "131C4C00-3811-42BF-A84A-EB2E5DA156B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "047EDDD6-02F5-4B53-8FCA-781962392080",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "01AD43AB-40BF-449F-A121-A8587E7AE449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "3942285D-E20C-45C5-9EF8-821F6D782CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "B3FDB45B-4D91-4427-9565-812919086E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "86C3C8B5-C2A3-4454-9F89-38A860278366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "8B37B7B4-2EAC-4C2A-9526-5C62CBA1DB8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "056EDEEE-A09C-47A2-9217-72E4B8387E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable8:*:*:*:*:*:*:*",
"matchCriteriaId": "2593CB12-03E2-4F98-9B89-C09D5EADE077",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "A44B7A4F-3070-4092-B9AF-3A1CD0897CC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable10:*:*:*:*:*:*:*",
"matchCriteriaId": "EF79D9A9-9C11-4E6D-81D1-32CA8CA95223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable11:*:*:*:*:*:*:*",
"matchCriteriaId": "042FE60B-7239-45C7-8EE3-A036AC7778F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FF5EE89A-720F-456A-BD26-FE46BBA29D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable12:*:*:*:*:*:*:*",
"matchCriteriaId": "ADF61A74-9CF9-413E-B997-4FAE5BA28939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable13:*:*:*:*:*:*:*",
"matchCriteriaId": "5605B00F-438B-45CC-A55D-E75E57BC4684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable14:*:*:*:*:*:*:*",
"matchCriteriaId": "8316B22E-B016-4F0E-9A3F-383E9B1A85A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable15:*:*:*:*:*:*:*",
"matchCriteriaId": "49A2C5CB-E2F1-4A72-9EA3-912050AFEF7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable16:*:*:*:*:*:*:*",
"matchCriteriaId": "574C7DCC-B6E5-42A0-AA44-A0BCD67D1884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable16:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4D0DAD04-02C4-4FC4-BE08-3CAA3B85EB0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable17:*:*:*:*:*:*:*",
"matchCriteriaId": "A2B1F1A5-B435-4A5C-86DF-EC3F29D94417",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable18:*:*:*:*:*:*:*",
"matchCriteriaId": "113EF7A6-3B8D-4A50-8873-FD36FCBF284C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable19:*:*:*:*:*:*:*",
"matchCriteriaId": "DC97E2DA-7378-486B-9178-3B38FF58589B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable20:*:*:*:*:*:*:*",
"matchCriteriaId": "1F178890-2F7E-43F5-8D6D-5EFCD790E758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable21:*:*:*:*:*:*:*",
"matchCriteriaId": "9FA231EB-0F06-4D13-B50D-76FC8393187A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable22:*:*:*:*:*:*:*",
"matchCriteriaId": "31AB1D33-65EE-46DF-9D29-6B2BFACE7EC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable23:*:*:*:*:*:*:*",
"matchCriteriaId": "BDA4744F-5FB2-4DF8-A7B9-A33EAB004CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable24:*:*:*:*:*:*:*",
"matchCriteriaId": "72023FB9-F081-4F0A-9E81-2AF0470EB278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable25:*:*:*:*:*:*:*",
"matchCriteriaId": "2F7D973B-9D57-4F74-89B1-A18CDA388EF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A8586AD-E820-4BAE-AAF9-AC7EF2316C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "802E3D2B-90B7-4725-854F-4174116BC314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7501697A-BCFD-4DC3-8D87-CC9A186D9589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6C4455-85F4-462D-9FF6-F830ED7D398E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B600BF4C-8169-4086-BFE6-F066BE5F5406",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "46272D1B-1468-48C0-B37A-7D06FAC39C47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DA782B4B-486F-4197-BD5D-ABF791D57211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "558D8641-E097-4D91-9B6E-07433844BB82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0B46F5F1-38FC-4E25-8F04-CA2730561DF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C69B0A4D-9619-4BEA-A846-C4438C2660F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "ED17FE35-6B2C-41BF-A7C7-2EECBDB5A934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "78A50750-3A31-482C-B95C-019C8934850E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF6AC30-9570-4D4B-835E-CCADEB546F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB84E4E-6A0A-41C8-9DDF-3C18F526F155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2E49E5C3-D01F-4DBC-B33A-5495D3EC44F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "79C53B22-9F33-43E7-8D1F-EEB0DEF4B503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "25B60DB2-F50C-42F0-B6C9-B25C34B8F578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "DE973F9E-8387-464F-AFA0-25215B340173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "03D3F0E3-0C50-4A86-87F4-90FC82B312F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE26BEC0-B9C7-43F0-B0FB-E81870170B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0778579-A193-4C61-BB1A-6D2E733F3958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED5DC63-6E9D-4068-95DF-AF8FD9A0A7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DE890F9-12C0-4D66-B6C1-6A5A87FAD5F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FB414FE3-3567-474B-B5A7-D3EF5DD63AB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF450F17-12A2-4E33-875A-5F3C2CA4A5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E3AB229E-2C32-410B-BFE2-62DCA734C3F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "78A6D6B0-9BC0-418E-84EE-23697A0FEC19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF7AFE1-A45A-43B7-B3C7-45C060D046BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "41914354-D5BE-4B1F-BED3-0ECA43586537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9A3716-8670-4847-A6EB-F601184D369E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E88EE3-EC00-4F1F-BAEF-4F1F893C5C5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A330DFA8-BF79-45CC-BF88-6CEA26D7BC9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "679A55F8-34B4-435A-8BCE-8F842F3FB269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "898674F9-6BF7-469F-A74E-558EAFC2CD27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "3F50E718-1CF2-4C8F-A1EA-5F769B203B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFAB3BA-BBE9-4CFB-BE6B-BDF3E7772E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F523B8-463E-4FB0-ACB6-E36AAAF85CD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA593D9-907D-4051-A3F2-0F88F01A7C79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "20D2B364-B98A-4484-A10A-86AF43774096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0B7BF076-0D43-407A-86DC-D1163922A787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA576F49-A7F5-4013-89DF-F6C91C15B547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3F52FE-FFB3-4221-8DC7-3F5680A07429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "604FEF42-ABA7-42C1-8A5F-C3AECFD68481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DC2568C1-89CB-41C1-9126-A8665614D0B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C18B5392-3FDB-49E6-89DB-7945D337FBFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9E0E7F-E93C-4DE9-8D91-5EE50BCFAC2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0BFF9D8B-343B-415D-8AF8-B07AF94CC48B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "16F5794B-BBFB-4B12-9A0B-88A0334681C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "17D0083E-8D50-4DC6-979F-685D5CB588AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "138FAD73-1D25-4F46-B9EA-599FF0EDA1AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE34DC1-F654-474E-B6A3-D81B9BF4D6CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8A4BF7AC-7D9F-40D8-A5AA-BE1EBF37CF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "643E8B9B-C3F4-4171-BF67-D9359BDCE5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "A73CBC60-1EF1-4730-9350-EB51F269695B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2721E403-A553-492F-897F-1CD1E2685139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "85B091C4-8104-4A1E-A09D-EBCD114DC829",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA2EDF9C-45AD-4980-8DEF-C7F473B22CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BE4B8448-49FA-491C-A6A2-040233D670B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "11480BB1-874C-48EB-BB03-081313310608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1B739890-99E8-434C-97D4-3739E6C31838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0C7B1871-3C85-4B88-AB42-E60BF5CDFB04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0A71DCD2-0E54-46A7-8309-CDB0736AD5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CD54BDDF-F7A8-4715-BA0E-4E7F741492FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9A2B9699-6622-4883-BA03-E3374C54871A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "78391DAF-2096-4DC4-80E4-D4D2859DCA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "9B062A06-31C1-4B23-B7BD-9F751ABD6A37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "DE426934-A9E2-4019-99EA-5A76EA7CDF5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "728DD64E-C267-475A-BEA8-C139581DD7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE8F3F5-45A2-418A-9D8E-4E6DFC888BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F4845D4-40D9-431E-A63C-E949B9D9F959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF070E6-0B73-4F6D-8932-B284697FCD2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E07992B-92B4-4307-8DBD-085376C1D6DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "386550A3-A55B-4F24-9625-6A50260ADA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "810D1F9E-81E5-45F0-B62B-AB0A797FF8B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4673327A-1E50-47CC-AD83-6A3D2E687292",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6624AF2D-9EF0-4597-B8B2-20D7A309EA6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F75D13-ED59-42A9-A662-AC77DBA20903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1D2DEDED-818C-42E4-821C-954CE7406DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EEED0A2E-AA5D-4835-A7C6-499325A0EB32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BEDD0AF5-8252-4548-941B-26581393E918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3E939AD4-B8F3-4BC0-9948-3C92B88D2593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "73CAD438-969B-4D2E-8A2F-9264AFAD9DE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "87259A2E-E132-45BA-8AC4-8CC50B1F659A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1DD85E57-9A51-42DF-8BF7-E5701BAA64AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E983C5C3-C93C-4750-8DC5-31D6206335A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DEC8D212-6E8B-45F7-B7FB-9FFA64C1DB8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F03B2A6E-1D63-42F2-BB31-18EC120B6543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3BC83C4B-7C06-40D7-9EF6-76E752E5724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1E1CC9-81A7-47D5-87AC-86703E257D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D716D8C4-2089-4E61-9487-B2085B74B5BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "40507A48-FD3B-4309-B017-A1644C5C3520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0211EBCA-144F-4BDD-8F0C-E5F7BDF96E7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7A52E699-6C08-4324-AD38-E8D40A02701F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "94C493CA-CBF0-4D15-8D1A-0E972E31F7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C398219E-503D-4DE5-85E8-5570536D6FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "BBF91088-0BD3-48EB-8D19-C05F156D4A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0868B12-EDF9-42D9-BB43-15F623A3310B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F710949D-F0FE-43F4-ADB3-6EB679A70280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB75144-2437-40A8-8CA3-A487B603F7DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6CED2CB3-BE78-4818-A6D7-847A1ACE74DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "705D8320-A278-483A-AE47-802044CE685E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "060FCBEA-DEAA-42FB-88C9-4B78136B172F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "74987102-8CA8-4120-B686-F18579A96A46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DA7828AA-48B6-44CD-8507-345A4F0A25BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6640F25F-CC8B-4B05-A97A-2186BD0B5ED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A037F780-6FC9-4130-908F-B5434FA0C7DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1DDEB455-F082-44E4-8CEA-019C0084BF05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h."
},
{
"lang": "es",
"value": "El analizador de Edge Side Includes (ESI) en Squid 3.x en versiones anteriores a 3.5.15 y 4.x en versiones anteriores a 4.0.7 no comprueba los limites del buffer durante el an\u00e1lisis gramatical XML, lo que permite a servidores HTTP remotos provocar una denegaci\u00f3n de servicio (fallo de aserci\u00f3n y salida de demonio) a trav\u00e9s de un documento XML manipulado, relacionado con esi/CustomParser.cc y esi/CustomParser.h."
}
],
"id": "CVE-2016-2570",
"lastModified": "2024-11-21T02:48:43.470",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-02-27T05:59:04.797",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2600.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2016/02/26/2"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1035101"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_2.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13993.patch"
},
{
"source": "cve@mitre.org",
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-14549.patch"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/3557-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2600.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2016/02/26/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_2.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13993.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-14549.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/3557-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-03 08:15
Modified
2024-11-21 08:42
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk cache, resulting in a denial of service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| redhat | enterprise_linux | 6.0 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D384D1F-2A05-4EE0-9CB8-C83FDC53F608",
"versionEndExcluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk cache, resulting in a denial of service."
},
{
"lang": "es",
"value": "Squid es vulnerable a ataques de Denegaci\u00f3n de Servicio contra clientes HTTP y HTTPS debido a un error en el manejo inadecuado de elementos estructurales."
}
],
"id": "CVE-2023-5824",
"lastModified": "2024-11-21T08:42:34.053",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-03T08:15:08.270",
"references": [
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2023:7465"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2023:7668"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:0072"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:0397"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:0771"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:0772"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:0773"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:1153"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5824"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245914"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2023:7465"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2023:7668"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2024:0072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2024:0397"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2024:0771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2024:0772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2024:0773"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2024:1153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5824"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245914"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20231130-0003/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-02 17:15
Modified
2024-11-21 05:06
Severity ?
Summary
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 20.04 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 | |
| fedoraproject | fedora | 33 | |
| opensuse | leap | 15.1 | |
| opensuse | leap | 15.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4A9D1D4D-25A3-4B02-86CA-CCC939C70E44",
"versionEndExcluding": "4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84BC35EF-F998-4114-BF16-E77078504004",
"versionEndExcluding": "5.0.4",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Squid versiones anteriores a 4.13 y versiones 5.x anteriores a 5.0.4.\u0026#xa0;Debido a la comprobaci\u00f3n de datos incorrecta, los ataques de Divisi\u00f3n de Peticiones HTTP pueden tener \u00e9xito contra el tr\u00e1fico HTTP y HTTPS.\u0026#xa0;Esto conlleva al envenenamiento de la cach\u00e9.\u0026#xa0;Esto permite a cualquier cliente, incluyendo los scripts del navegador, omitir la seguridad local y envenenar la cach\u00e9 del navegador y cualquier cach\u00e9 aguas abajo con contenido de una fuente arbitraria.\u0026#xa0;Squid usa una b\u00fasqueda de cadenas en lugar de analizar el encabezado Transfer-Encoding para encontrar codificaci\u00f3n fragmentada.\u0026#xa0;Esto permite a un atacante ocultar una segunda petici\u00f3n dentro de Transfer-Encoding: Squid la interpreta como fragmentada y dividida en una segunda petici\u00f3n entregada en sentido ascendente.\u0026#xa0;Squid luego entregar\u00e1 dos respuestas distintas al cliente, corrompiendo cualquier cach\u00e9 aguas abajo"
}
],
"id": "CVE-2020-15811",
"lastModified": "2024-11-21T05:06:13.753",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-02T17:15:11.687",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMTFLVB7GLRF2CKGFPZ4G4R5DIIPHWI3/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210219-0007/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210226-0006/"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210226-0007/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4477-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4551-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BE6FKUN7IGTIR2MEEMWYDT7N5EJJLZI2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMTFLVB7GLRF2CKGFPZ4G4R5DIIPHWI3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HJJDI7JQFGQLVNCKMVY64LAFMKERAOK7/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210219-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210226-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210226-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4477-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4551-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4751"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-697"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-12-20 12:02
Modified
2024-11-21 01:45
Severity ?
Summary
Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B7EB3DBC-313E-4F55-90F3-BED0918A4EFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C3DCC264-510E-43D1-9C13-99CEA54C7940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ED31C038-4142-4C2C-B540-9223C5C199FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "177060A9-6211-4B6D-96BE-48B4BD1FAFEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A7E210DD-8EE6-4182-A78E-F791FCFDEFCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50327E36-756E-434D-804D-1E44A4ABAE1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3AE100C3-0245-4305-B514-77D0572C2947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "35C30CB9-FA3A-408D-A8B0-8805E75657BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable3:*:*:*:*:*:*",
"matchCriteriaId": "A03692DD-779F-4E3C-861C-29943870A816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable4:*:*:*:*:*:*",
"matchCriteriaId": "79FF6B3C-A3CE-4AA2-80F9-44D05A6B2F08",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62B9F669-6217-498A-902E-22EDEEFC565E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:-:pre1:*:*:*:*:*",
"matchCriteriaId": "ED54A2B3-6D36-4016-9BF1-83FAD500103F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:-:pre2:*:*:*:*:*",
"matchCriteriaId": "C4F368E3-88A6-463C-AA18-8FA1B9E35A84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:-:pre3:*:*:*:*:*",
"matchCriteriaId": "1451771E-F456-4631-89C8-0A49F4C8F03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:-:pre4:*:*:*:*:*",
"matchCriteriaId": "FC881283-D0DF-482E-8A06-5CFCF0FA0BB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:-:pre5:*:*:*:*:*",
"matchCriteriaId": "E746946A-2D07-402B-A071-9B674F6FEA75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:-:pre6:*:*:*:*:*",
"matchCriteriaId": "6B1A697B-3777-492F-BA53-0BA7A9934C03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:-:pre7:*:*:*:*:*",
"matchCriteriaId": "1C579925-591E-4BD7-A888-B8D2B0228D34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "131C4C00-3811-42BF-A84A-EB2E5DA156B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "047EDDD6-02F5-4B53-8FCA-781962392080",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "01AD43AB-40BF-449F-A121-A8587E7AE449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "3942285D-E20C-45C5-9EF8-821F6D782CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "B3FDB45B-4D91-4427-9565-812919086E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "86C3C8B5-C2A3-4454-9F89-38A860278366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "8B37B7B4-2EAC-4C2A-9526-5C62CBA1DB8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "056EDEEE-A09C-47A2-9217-72E4B8387E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable8:*:*:*:*:*:*:*",
"matchCriteriaId": "2593CB12-03E2-4F98-9B89-C09D5EADE077",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "A44B7A4F-3070-4092-B9AF-3A1CD0897CC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable10:*:*:*:*:*:*:*",
"matchCriteriaId": "EF79D9A9-9C11-4E6D-81D1-32CA8CA95223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable11:*:*:*:*:*:*:*",
"matchCriteriaId": "042FE60B-7239-45C7-8EE3-A036AC7778F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FF5EE89A-720F-456A-BD26-FE46BBA29D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable12:*:*:*:*:*:*:*",
"matchCriteriaId": "ADF61A74-9CF9-413E-B997-4FAE5BA28939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable13:*:*:*:*:*:*:*",
"matchCriteriaId": "5605B00F-438B-45CC-A55D-E75E57BC4684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable14:*:*:*:*:*:*:*",
"matchCriteriaId": "8316B22E-B016-4F0E-9A3F-383E9B1A85A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable15:*:*:*:*:*:*:*",
"matchCriteriaId": "49A2C5CB-E2F1-4A72-9EA3-912050AFEF7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable16:*:*:*:*:*:*:*",
"matchCriteriaId": "574C7DCC-B6E5-42A0-AA44-A0BCD67D1884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable16:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4D0DAD04-02C4-4FC4-BE08-3CAA3B85EB0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable17:*:*:*:*:*:*:*",
"matchCriteriaId": "A2B1F1A5-B435-4A5C-86DF-EC3F29D94417",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable18:*:*:*:*:*:*:*",
"matchCriteriaId": "113EF7A6-3B8D-4A50-8873-FD36FCBF284C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable19:*:*:*:*:*:*:*",
"matchCriteriaId": "DC97E2DA-7378-486B-9178-3B38FF58589B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable20:*:*:*:*:*:*:*",
"matchCriteriaId": "1F178890-2F7E-43F5-8D6D-5EFCD790E758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable21:*:*:*:*:*:*:*",
"matchCriteriaId": "9FA231EB-0F06-4D13-B50D-76FC8393187A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable22:*:*:*:*:*:*:*",
"matchCriteriaId": "31AB1D33-65EE-46DF-9D29-6B2BFACE7EC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable23:*:*:*:*:*:*:*",
"matchCriteriaId": "BDA4744F-5FB2-4DF8-A7B9-A33EAB004CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable24:*:*:*:*:*:*:*",
"matchCriteriaId": "72023FB9-F081-4F0A-9E81-2AF0470EB278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable25:*:*:*:*:*:*:*",
"matchCriteriaId": "2F7D973B-9D57-4F74-89B1-A18CDA388EF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A8586AD-E820-4BAE-AAF9-AC7EF2316C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "802E3D2B-90B7-4725-854F-4174116BC314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7501697A-BCFD-4DC3-8D87-CC9A186D9589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6C4455-85F4-462D-9FF6-F830ED7D398E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B600BF4C-8169-4086-BFE6-F066BE5F5406",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "46272D1B-1468-48C0-B37A-7D06FAC39C47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DA782B4B-486F-4197-BD5D-ABF791D57211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "558D8641-E097-4D91-9B6E-07433844BB82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0B46F5F1-38FC-4E25-8F04-CA2730561DF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C69B0A4D-9619-4BEA-A846-C4438C2660F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "ED17FE35-6B2C-41BF-A7C7-2EECBDB5A934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "78A50750-3A31-482C-B95C-019C8934850E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF6AC30-9570-4D4B-835E-CCADEB546F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB84E4E-6A0A-41C8-9DDF-3C18F526F155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2E49E5C3-D01F-4DBC-B33A-5495D3EC44F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "79C53B22-9F33-43E7-8D1F-EEB0DEF4B503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "25B60DB2-F50C-42F0-B6C9-B25C34B8F578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "DE973F9E-8387-464F-AFA0-25215B340173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "03D3F0E3-0C50-4A86-87F4-90FC82B312F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE26BEC0-B9C7-43F0-B0FB-E81870170B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0778579-A193-4C61-BB1A-6D2E733F3958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9A3716-8670-4847-A6EB-F601184D369E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E88EE3-EC00-4F1F-BAEF-4F1F893C5C5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A330DFA8-BF79-45CC-BF88-6CEA26D7BC9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "679A55F8-34B4-435A-8BCE-8F842F3FB269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "898674F9-6BF7-469F-A74E-558EAFC2CD27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "3F50E718-1CF2-4C8F-A1EA-5F769B203B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "290D66F4-D27F-4E86-AC95-05082F3C2E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "A8CD6A42-2C79-48EB-8F6C-0A7CE0C6AAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "ABBA9A61-2B05-4527-A49D-425AD5FD863B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "E893D7A8-9C39-438C-8EF2-9573EEDC884A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "0B707451-BF0E-4F79-A348-B1141ABA6EF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "810AAA9D-F4B2-4F0A-89DD-2D9378516481",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFAB3BA-BBE9-4CFB-BE6B-BDF3E7772E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F523B8-463E-4FB0-ACB6-E36AAAF85CD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA593D9-907D-4051-A3F2-0F88F01A7C79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "20D2B364-B98A-4484-A10A-86AF43774096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0B7BF076-0D43-407A-86DC-D1163922A787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA576F49-A7F5-4013-89DF-F6C91C15B547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3F52FE-FFB3-4221-8DC7-3F5680A07429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "604FEF42-ABA7-42C1-8A5F-C3AECFD68481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DC2568C1-89CB-41C1-9126-A8665614D0B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C18B5392-3FDB-49E6-89DB-7945D337FBFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9E0E7F-E93C-4DE9-8D91-5EE50BCFAC2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0BFF9D8B-343B-415D-8AF8-B07AF94CC48B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "16F5794B-BBFB-4B12-9A0B-88A0334681C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "17D0083E-8D50-4DC6-979F-685D5CB588AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "138FAD73-1D25-4F46-B9EA-599FF0EDA1AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE34DC1-F654-474E-B6A3-D81B9BF4D6CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8A4BF7AC-7D9F-40D8-A5AA-BE1EBF37CF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "643E8B9B-C3F4-4171-BF67-D9359BDCE5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "A73CBC60-1EF1-4730-9350-EB51F269695B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2721E403-A553-492F-897F-1CD1E2685139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "85B091C4-8104-4A1E-A09D-EBCD114DC829",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA2EDF9C-45AD-4980-8DEF-C7F473B22CAF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A7A83183-74B1-4041-A961-D9F382AAC7E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials."
},
{
"lang": "es",
"value": "Varias fugas de memoria en tools/cachemgr.cc en cachemgr.cgi en Squid v2.x y v3.x antes de v3.1.22, v3.2.x antes de v3.2.4 y v3.3.x antes de v3.3.0.2 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de memoria) a trav\u00e9s de (1) cabeceras Content-Length no v\u00e1lidas, (2) largas peticiones POST, o (3) credenciales de autenticaci\u00f3n manipuladas."
}
],
"id": "CVE-2012-5643",
"lastModified": "2024-11-21T01:45:01.867",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-12-20T12:02:19.840",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00052.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00075.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00025.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00032.html"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2012/12/17/4"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0505.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/52024"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/54839"
},
{
"source": "secalert@redhat.com",
"url": "http://ubuntu.com/usn/usn-1713-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2013/dsa-2631"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:129"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1027890"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2012_1.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10479.patch"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11714.patch"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=447596"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=887962"
},
{
"source": "secalert@redhat.com",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00052.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00075.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00032.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2012/12/17/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0505.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/52024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/54839"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ubuntu.com/usn/usn-1713-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2631"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:129"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027890"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2012_1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10479.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11714.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=447596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=887962"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0368"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-05-10 19:59
Modified
2024-11-21 02:52
Severity ?
Summary
mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | linux | 6 | |
| oracle | linux | 7 | |
| squid-cache | squid | * | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.10 | |
| canonical | ubuntu_linux | 16.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*",
"matchCriteriaId": "CC7A498A-A669-4C42-8134-86103C799D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*",
"matchCriteriaId": "104DA87B-DEE4-4262-AE50-8E6BC43B228B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C563F5CC-F4FB-4440-981E-EA2C003A639C",
"versionEndIncluding": "3.5.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a \"header smuggling\" issue."
},
{
"lang": "es",
"value": "mime_header.cc en Squid en versiones anteriores a 3.5.18 permite a atacantes remotos eludir restricciones destinadas al mismo origen y posiblemente llevar a cabo ataques de envenenamiento de cach\u00e9 a trav\u00e9s de una cabecera HTTP Host manipulada, tambi\u00e9n conocido como un problema \"contrabando de peticiones\"."
}
],
"id": "CVE-2016-4554",
"lastModified": "2024-11-21T02:52:28.113",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-05-10T19:59:01.307",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3625"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securitytracker.com/id/1035769"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_8.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID-2016_8.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.2/changesets/SQUID-2016_8.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.3/changesets/SQUID-2016_8.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_8.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_8.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2995-1"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2016:1138"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2016:1139"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2016:1140"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securitytracker.com/id/1035769"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_8.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID-2016_8.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.2/changesets/SQUID-2016_8.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.3/changesets/SQUID-2016_8.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_8.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_8.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2995-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2016:1138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2016:1139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2016:1140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201607-01"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-345"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-16 21:29
Modified
2024-11-21 03:59
Severity ?
Summary
This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCheck(). A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition to users of the system. Was ZDI-CAN-6088.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| zdi-disclosures@trendmicro.com | http://www.squid-cache.org/Advisories/SQUID-2018_3.txt | Vendor Advisory | |
| zdi-disclosures@trendmicro.com | https://zerodayinitiative.com/advisories/ZDI-18-309 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.squid-cache.org/Advisories/SQUID-2018_3.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://zerodayinitiative.com/advisories/ZDI-18-309 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | 3.5.27 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.27:*:*:*:*:*:*:*",
"matchCriteriaId": "D83BE9E6-CEAF-47B8-9501-68FC6AB94BB8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCheck(). A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition to users of the system. Was ZDI-CAN-6088."
},
{
"lang": "es",
"value": "Esta vulnerabilidad permite que atacantes remotos denieguen el servicio de instalaciones vulnerables de The Squid Software Foundation Squid 3.5.27-20180318. No se requiere autenticaci\u00f3n para explotar esta vulnerabilidad. Este error en concreto existe en ClientRequestContext::sslBumpAccessCheck(). Una petici\u00f3n manipulada puede desencadenar la desreferencia de un puntero NULL. Un atacante puede aprovechar esta vulnerabilidad para crear una condici\u00f3n de denegaci\u00f3n de servicio (DoS) a los usuarios del sistema. Anteriormente era ZDI-CAN-6088."
}
],
"id": "CVE-2018-1172",
"lastModified": "2024-11-21T03:59:19.947",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-16T21:29:00.280",
"references": [
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2018_3.txt"
},
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://zerodayinitiative.com/advisories/ZDI-18-309"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2018_3.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://zerodayinitiative.com/advisories/ZDI-18-309"
}
],
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-14 21:15
Modified
2025-01-09 13:51
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to perform Denial of Service when sending oversized headers in HTTP messages. In versions of Squid prior to 6.5 this can be achieved if the request_header_max_size or reply_header_max_size settings are unchanged from the default. In Squid version 6.5 and later, the default setting of these parameters is safe. Squid will emit a critical warning in cache.log if the administrator is setting these parameters to unsafe values. Squid will not at this time prevent these settings from being changed to unsafe values. Users are advised to upgrade to version 6.5. There are no known workarounds for this vulnerability. This issue is also tracked as SQUID-2024:2
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| netapp | bluexp | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D809589D-9661-408B-9A8F-3B878B10518F",
"versionEndExcluding": "6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:bluexp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC1AE8BD-EE3F-494C-9F03-D4B2B7233106",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to perform Denial of Service when sending oversized headers in HTTP messages. In versions of Squid prior to 6.5 this can be achieved if the request_header_max_size or reply_header_max_size settings are unchanged from the default. In Squid version 6.5 and later, the default setting of these parameters is safe. Squid will emit a critical warning in cache.log if the administrator is setting these parameters to unsafe values. Squid will not at this time prevent these settings from being changed to unsafe values. Users are advised to upgrade to version 6.5. There are no known workarounds for this vulnerability. This issue is also tracked as SQUID-2024:2 "
},
{
"lang": "es",
"value": "Squid es un proxy de almacenamiento en cach\u00e9 de c\u00f3digo abierto para la Web que admite HTTP, HTTPS, FTP y m\u00e1s. Debido a un error de colapso de datos en valor inseguro, Squid puede ser vulnerable a un ataque de denegaci\u00f3n de servicio contra el an\u00e1lisis de encabezados HTTP. Este problema permite que un cliente remoto o un servidor remoto realice una Denegaci\u00f3n de Servicio al enviar encabezados de gran tama\u00f1o en mensajes HTTP. En versiones de Squid anteriores a la 6.5, esto se puede lograr si las configuraciones request_header_max_size o Reply_header_max_size no se modifican con respecto a las predeterminadas. En la versi\u00f3n 6.5 y posteriores de Squid, la configuraci\u00f3n predeterminada de estos par\u00e1metros es segura. Squid emitir\u00e1 una advertencia cr\u00edtica en cache.log si el administrador configura estos par\u00e1metros en valores no seguros. Squid no impedir\u00e1 en este momento que estas configuraciones se cambien a valores inseguros. Se recomienda a los usuarios que actualicen a la versi\u00f3n 6.5. No se conocen workarounds para esta vulnerabilidad. Este problema tambi\u00e9n se rastrea como SQUID-2024:2"
}
],
"id": "CVE-2024-25617",
"lastModified": "2025-01-09T13:51:19.633",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-14T21:15:08.197",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/squid-cache/squid/commit/72a3bbd5e431597c3fdb56d752bc56b010ba3817"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-h5x6-w8mv-xfpr"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://security.netapp.com/advisory/ntap-20240322-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/squid-cache/squid/commit/72a3bbd5e431597c3fdb56d752bc56b010ba3817"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-h5x6-w8mv-xfpr"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"Vendor Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240322-0006/"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-182"
},
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-26 17:15
Modified
2024-11-21 04:33
Severity ?
Summary
An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. The resulting Response messages corrupt caches (between a client and Squid) with attacker-controlled content at arbitrary URLs. Effects are isolated to software between the attacker client and Squid. There are no effects on Squid itself, nor on any upstream servers. The issue is related to a request header containing whitespace between a header name and a colon.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.04 | |
| canonical | ubuntu_linux | 19.10 | |
| debian | debian_linux | 8.0 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC9F2659-B37B-4E7B-AE40-B91BF3CE4E88",
"versionEndIncluding": "3.5.28",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A278895E-7005-4F4B-8649-A013F60E33D4",
"versionEndIncluding": "4.8",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. The resulting Response messages corrupt caches (between a client and Squid) with attacker-controlled content at arbitrary URLs. Effects are isolated to software between the attacker client and Squid. There are no effects on Squid itself, nor on any upstream servers. The issue is related to a request header containing whitespace between a header name and a colon."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Squid versiones 2.x, 3.x y versiones 4.x hasta 4.8. Permite a atacantes pasar un trafico no autorizado de peticiones HTTP mediante el software frontend e una instancia de Squid que divide la tuber\u00eda de la petici\u00f3n HTTP de manera diferente. Los mensajes de respuesta resultantes corrompen las memorias cach\u00e9 (entre un cliente y Squid) con contenido controlado por el atacante en URL arbitrarias. Los efectos son aislados del software entre el cliente atacante y Squid. No existen efectos en Squid en s\u00ed, ni en ning\u00fan servidor ascendente. El problema est\u00e1 relacionado con un encabezado de petici\u00f3n que contiene espacios en blanco entre un nombre de encabezado y dos puntos."
}
],
"id": "CVE-2019-18678",
"lastModified": "2024-11-21T04:33:30.973",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-26T17:15:12.983",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_10.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1156323"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/pull/445"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/202003-34"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4213-1/"
},
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_10.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1156323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/pull/445"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202003-34"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4213-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2020/dsa-4682"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-27 12:15
Modified
2024-11-21 06:00
Severity ?
Summary
An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain response header over HTTP or HTTPS, there is a denial of service. This header can plausibly occur in benign network traffic.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5A199CF-E7E1-44D4-8A5A-BEA6DFEB35ED",
"versionEndExcluding": "4.15",
"versionStartIncluding": "4.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68801A75-0B13-444A-B88F-8BDD4EE953D3",
"versionEndExcluding": "5.0.6",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain response header over HTTP or HTTPS, there is a denial of service. This header can plausibly occur in benign network traffic."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Squid versiones 4.x anteriores a 4.15 y versiones 5.x anteriores a 5.0.6.\u0026#xa0;Si un servidor remoto env\u00eda un determinado encabezado de respuesta por medio de HTTP o HTTPS, ocurre una denegaci\u00f3n de servicio.\u0026#xa0;Este encabezado puede ocurrir plausiblemente en tr\u00e1fico de red benigno"
}
],
"id": "CVE-2021-28662",
"lastModified": "2024-11-21T06:00:03.360",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-27T12:15:08.263",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/14"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/11/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v6/changesets/squid-6-051824924c709bd6162a378f746fb859454c674e.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/commit/051824924c709bd6162a378f746fb859454c674e"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-jjq6-mh2h-g39h"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4924"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/11/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v6/changesets/squid-6-051824924c709bd6162a378f746fb859454c674e.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/commit/051824924c709bd6162a378f746fb859454c674e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-jjq6-mh2h-g39h"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4924"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-116"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:54
Severity ?
Summary
Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recvfrom function call that uses an incorrect length parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | 2.5.stable1 | |
| squid-cache | squid | 2.5.stable2 | |
| squid-cache | squid | 2.5.stable3 | |
| squid-cache | squid | 2.5.stable4 | |
| squid-cache | squid | 2.5.stable5 | |
| squid-cache | squid | 2.5.stable6 | |
| debian | debian_linux | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.5.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "2914D032-6969-4522-8D2F-B93D55CB4231",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.5.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "3DBDF00F-0FCC-4C6B-8541-7FBF2FF79CEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.5.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "1460A9BC-464D-47FC-9CDE-08E094E84520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.5.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "FA370C48-58E9-4A66-8CEB-01ABB90DDDF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.5.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "F7D47FF1-44FC-4798-B7DB-45B3825496AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.5.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "6AFABF40-3269-44D6-98BE-30030002BB40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CAE037F-111C-4A76-8FFE-716B74D65EF3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recvfrom function call that uses an incorrect length parameter."
}
],
"id": "CVE-2005-0211",
"lastModified": "2024-11-20T23:54:38.747",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "http://secunia.com/advisories/14076"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1013045"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/886006"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.osvdb.org/13319"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/12432"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-wccp_buffer_overflow"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-wccp_buffer_overflow.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9573"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110780531820947\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://secunia.com/advisories/14076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1013045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-667"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/886006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.osvdb.org/13319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/12432"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-wccp_buffer_overflow"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-wccp_buffer_overflow.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9573"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-02-27 05:59
Modified
2024-11-21 02:48
Severity ?
Summary
http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | 4.0.1 | |
| squid-cache | squid | 4.0.2 | |
| squid-cache | squid | 4.0.3 | |
| squid-cache | squid | 4.0.4 | |
| squid-cache | squid | 4.0.5 | |
| squid-cache | squid | 4.0.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "060FCBEA-DEAA-42FB-88C9-4B78136B172F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "74987102-8CA8-4120-B686-F18579A96A46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DA7828AA-48B6-44CD-8507-345A4F0A25BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6640F25F-CC8B-4B05-A97A-2186BD0B5ED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A037F780-6FC9-4130-908F-B5434FA0C7DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1DDEB455-F082-44E4-8CEA-019C0084BF05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response."
},
{
"lang": "es",
"value": "http.cc en Squid 4.x en versiones anteriores a 4.0.7 conf\u00eda en el c\u00f3digo de estado HTTP despu\u00e9s de un fallo de respuesta de an\u00e1lisis, lo que permite a servidores HTTP remotos provocar una denegaci\u00f3n de servicio (fallo de aserci\u00f3n y salida de demonio) a trav\u00e9s de una respuesta mal formada."
}
],
"id": "CVE-2016-2572",
"lastModified": "2024-11-21T02:48:43.820",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-02-27T05:59:06.797",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2600.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2016/02/26/2"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1035101"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_2.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-14548.patch"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2600.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2016/02/26/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_2.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-14548.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201607-01"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-28 12:15
Modified
2024-11-21 06:09
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "32AC0EE8-444B-447A-98E9-C22F82A6203C",
"versionEndExcluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68801A75-0B13-444A-B88F-8BDD4EE953D3",
"versionEndExcluding": "5.0.6",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server."
},
{
"lang": "es",
"value": "Squid versiones anteriores a 4.15 y versiones 5.x anteriores a 5.0.6, permite a servidores remotos causar una denegaci\u00f3n de servicio (afectando la disponibilidad para todos los clientes) por medio de una respuesta HTTP.\u0026#xa0;El desencadenante del problema es un encabezado que puede esperarse que se presente en el tr\u00e1fico HTTP sin ninguna intenci\u00f3n maliciosa por parte del servidor"
}
],
"id": "CVE-2021-33620",
"lastModified": "2024-11-21T06:09:12.380",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-28T12:15:07.697",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/14"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/11/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-1e05a85bd28c22c9ca5d3ac9f5e86d6269ec0a8c.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v5/changesets/squid-5-8af775ed98bfd610f9ce762fe177e01b2675588c.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-572g-rvwr-6c7f"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/11/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-1e05a85bd28c22c9ca5d3ac9f5e86d6269ec0a8c.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v5/changesets/squid-5-8af775ed98bfd610f9ce762fe177e01b2675588c.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-572g-rvwr-6c7f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-05 16:15
Modified
2024-11-21 04:24
Severity ?
Summary
The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5584C95-5CB1-4D45-8C05-633746AE2AB4",
"versionEndIncluding": "4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter."
},
{
"lang": "es",
"value": "El modulo web del archivo cachemgr.cgi de Squid hasta versi\u00f3n 4.7, presenta un problema de tipo XSS por medio del par\u00e1metro user_name o auth."
}
],
"id": "CVE-2019-13345",
"lastModified": "2024-11-21T04:24:45.567",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-05T16:15:11.747",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00067.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/109095"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:3476"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.squid-cache.org/show_bug.cgi?id=4957"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/pull/429"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00006.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X2ERPHSPUGOYVVRPQRASQBFGS2EJISFC/"
},
{
"source": "cve@mitre.org",
"url": "https://seclists.org/bugtraq/2019/Aug/42"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4059-1/"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4059-2/"
},
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2019/dsa-4507"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00067.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/109095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:3476"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.squid-cache.org/show_bug.cgi?id=4957"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/pull/429"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X2ERPHSPUGOYVVRPQRASQBFGS2EJISFC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://seclists.org/bugtraq/2019/Aug/42"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4059-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4059-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2019/dsa-4507"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-05-27 12:15
Modified
2024-11-21 06:00
Severity ?
Summary
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can easily trigger a large amount of memory consumption.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 | |
| netapp | cloud_manager | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB25C152-063D-4C60-8DA0-A0A0256B2310",
"versionEndExcluding": "4.15",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68801A75-0B13-444A-B88F-8BDD4EE953D3",
"versionEndExcluding": "5.0.6",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "197D0D80-6702-4B61-B681-AFDBA7D69067",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can easily trigger a large amount of memory consumption."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Squid versiones anteriores a 4.15 y versiones 5.x anteriores a 5.0.6.\u0026#xa0;Debido a un bug de administraci\u00f3n del b\u00fafer, permite una denegaci\u00f3n de servicio.\u0026#xa0;Cuando se resuelve una petici\u00f3n con el esquema urn:, el analizador filtra una peque\u00f1a cantidad de memoria.\u0026#xa0;Sin embargo, se presenta una metodolog\u00eda de ataque no especificada que puede desencadenar f\u00e1cilmente una gran cantidad de consumo de memoria"
}
],
"id": "CVE-2021-28651",
"lastModified": "2024-11-21T06:00:01.677",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-27T12:15:08.197",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/14"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/11/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.squid-cache.org/show_bug.cgi?id=5104"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-ch36-9jhx-phm4"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210716-0007/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4924"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2023/Oct/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/11/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.squid-cache.org/show_bug.cgi?id=5104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-ch36-9jhx-phm4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00014.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQ3U54ZCNXR44QRPW3AV2VCS6K3TKCF/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4EPIWUZDJAXADDHVOPKRBTQHPBR6H66/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210716-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4924"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-26 17:15
Modified
2024-11-21 04:23
Severity ?
Summary
An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restricted HTTP servers, e.g., an attacker can connect to HTTP servers that only listen on localhost.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.04 | |
| canonical | ubuntu_linux | 19.10 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 | |
| opensuse | leap | 15.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC9F2659-B37B-4E7B-AE40-B91BF3CE4E88",
"versionEndIncluding": "3.5.28",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A278895E-7005-4F4B-8649-A013F60E33D4",
"versionEndIncluding": "4.8",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn\u0027t go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restricted HTTP servers, e.g., an attacker can connect to HTTP servers that only listen on localhost."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Squid versiones anteriores a 4.9. Cuando se maneja una petici\u00f3n URN, es realizada una petici\u00f3n HTTP correspondiente. Esta petici\u00f3n HTTP no pasa por las comprobaciones de acceso por las que pasan las peticiones HTTP entrantes. Esto causa que se omitan todas las comprobaciones de acceso y permite el acceso a servidores HTTP restringidos, por ejemplo, un atacante puede conectar con servidores HTTP que solo escuchan en localhost."
}
],
"id": "CVE-2019-12523",
"lastModified": "2024-11-21T04:23:01.897",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-26T17:15:10.767",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_8.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1156329"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4213-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4446-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_8.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1156329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4213-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4446-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-04 23:15
Modified
2024-11-21 08:33
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64A6EFAB-804C-4B6B-B609-2F5A797EACB0",
"versionEndIncluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Squid es un proxy de almacenamiento en cach\u00e9 para la Web que admite HTTP, HTTPS, FTP y m\u00e1s. Debido a un error de sobrelectura del b\u00fafer, Squid es vulnerable a un ataque de denegaci\u00f3n de servicio contra el procesamiento de mensajes HTTP de Squid. Este error se solucion\u00f3 con la versi\u00f3n 6.5 de Squid. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"id": "CVE-2023-49285",
"lastModified": "2024-11-21T08:33:11.207",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-04T23:15:27.007",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Broken Link"
],
"url": "http://www.squid-cache.org/Versions/v5/SQUID-2023_7.patch"
},
{
"source": "security-advisories@github.com",
"tags": [
"Broken Link"
],
"url": "http://www.squid-cache.org/Versions/v6/SQUID-2023_7.patch"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/squid-cache/squid/commit/77b3fb4df0f126784d5fd4967c28ed40eb8d521b"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/squid-cache/squid/commit/deee944f9a12c9fd399ce52f3e2526bb573a9470"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-8w9r-p88v-mmx9"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/"
},
{
"source": "security-advisories@github.com",
"url": "https://security.netapp.com/advisory/ntap-20240119-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.squid-cache.org/Versions/v5/SQUID-2023_7.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.squid-cache.org/Versions/v6/SQUID-2023_7.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/squid-cache/squid/commit/77b3fb4df0f126784d5fd4967c28ed40eb8d521b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/squid-cache/squid/commit/deee944f9a12c9fd399ce52f3e2526bb573a9470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-8w9r-p88v-mmx9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20240119-0004/"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-126"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-11 18:55
Modified
2024-11-21 02:08
Severity ?
Summary
HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted "Range headers with unidentifiable byte-range values."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A8586AD-E820-4BAE-AAF9-AC7EF2316C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "802E3D2B-90B7-4725-854F-4174116BC314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7501697A-BCFD-4DC3-8D87-CC9A186D9589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6C4455-85F4-462D-9FF6-F830ED7D398E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B600BF4C-8169-4086-BFE6-F066BE5F5406",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "46272D1B-1468-48C0-B37A-7D06FAC39C47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DA782B4B-486F-4197-BD5D-ABF791D57211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "558D8641-E097-4D91-9B6E-07433844BB82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0B46F5F1-38FC-4E25-8F04-CA2730561DF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C69B0A4D-9619-4BEA-A846-C4438C2660F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "ED17FE35-6B2C-41BF-A7C7-2EECBDB5A934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "78A50750-3A31-482C-B95C-019C8934850E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF6AC30-9570-4D4B-835E-CCADEB546F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB84E4E-6A0A-41C8-9DDF-3C18F526F155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2E49E5C3-D01F-4DBC-B33A-5495D3EC44F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "79C53B22-9F33-43E7-8D1F-EEB0DEF4B503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "25B60DB2-F50C-42F0-B6C9-B25C34B8F578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "DE973F9E-8387-464F-AFA0-25215B340173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "03D3F0E3-0C50-4A86-87F4-90FC82B312F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE26BEC0-B9C7-43F0-B0FB-E81870170B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0778579-A193-4C61-BB1A-6D2E733F3958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED5DC63-6E9D-4068-95DF-AF8FD9A0A7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DE890F9-12C0-4D66-B6C1-6A5A87FAD5F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FB414FE3-3567-474B-B5A7-D3EF5DD63AB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF450F17-12A2-4E33-875A-5F3C2CA4A5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E3AB229E-2C32-410B-BFE2-62DCA734C3F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "78A6D6B0-9BC0-418E-84EE-23697A0FEC19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF7AFE1-A45A-43B7-B3C7-45C060D046BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "41914354-D5BE-4B1F-BED3-0ECA43586537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9A3716-8670-4847-A6EB-F601184D369E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E88EE3-EC00-4F1F-BAEF-4F1F893C5C5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A330DFA8-BF79-45CC-BF88-6CEA26D7BC9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "679A55F8-34B4-435A-8BCE-8F842F3FB269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "898674F9-6BF7-469F-A74E-558EAFC2CD27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "3F50E718-1CF2-4C8F-A1EA-5F769B203B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFAB3BA-BBE9-4CFB-BE6B-BDF3E7772E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F523B8-463E-4FB0-ACB6-E36AAAF85CD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA593D9-907D-4051-A3F2-0F88F01A7C79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "20D2B364-B98A-4484-A10A-86AF43774096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0B7BF076-0D43-407A-86DC-D1163922A787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA576F49-A7F5-4013-89DF-F6C91C15B547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3F52FE-FFB3-4221-8DC7-3F5680A07429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "604FEF42-ABA7-42C1-8A5F-C3AECFD68481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DC2568C1-89CB-41C1-9126-A8665614D0B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C18B5392-3FDB-49E6-89DB-7945D337FBFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9E0E7F-E93C-4DE9-8D91-5EE50BCFAC2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0BFF9D8B-343B-415D-8AF8-B07AF94CC48B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "16F5794B-BBFB-4B12-9A0B-88A0334681C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "17D0083E-8D50-4DC6-979F-685D5CB588AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "138FAD73-1D25-4F46-B9EA-599FF0EDA1AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE34DC1-F654-474E-B6A3-D81B9BF4D6CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8A4BF7AC-7D9F-40D8-A5AA-BE1EBF37CF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "643E8B9B-C3F4-4171-BF67-D9359BDCE5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "A73CBC60-1EF1-4730-9350-EB51F269695B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2721E403-A553-492F-897F-1CD1E2685139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "85B091C4-8104-4A1E-A09D-EBCD114DC829",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA2EDF9C-45AD-4980-8DEF-C7F473B22CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BE4B8448-49FA-491C-A6A2-040233D670B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "11480BB1-874C-48EB-BB03-081313310608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1B739890-99E8-434C-97D4-3739E6C31838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0C7B1871-3C85-4B88-AB42-E60BF5CDFB04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0A71DCD2-0E54-46A7-8309-CDB0736AD5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CD54BDDF-F7A8-4715-BA0E-4E7F741492FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9A2B9699-6622-4883-BA03-E3374C54871A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "78391DAF-2096-4DC4-80E4-D4D2859DCA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "9B062A06-31C1-4B23-B7BD-9F751ABD6A37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "728DD64E-C267-475A-BEA8-C139581DD7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE8F3F5-45A2-418A-9D8E-4E6DFC888BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F4845D4-40D9-431E-A63C-E949B9D9F959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF070E6-0B73-4F6D-8932-B284697FCD2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E07992B-92B4-4307-8DBD-085376C1D6DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "386550A3-A55B-4F24-9625-6A50260ADA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "810D1F9E-81E5-45F0-B62B-AB0A797FF8B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4673327A-1E50-47CC-AD83-6A3D2E687292",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6624AF2D-9EF0-4597-B8B2-20D7A309EA6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F75D13-ED59-42A9-A662-AC77DBA20903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1D2DEDED-818C-42E4-821C-954CE7406DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EEED0A2E-AA5D-4835-A7C6-499325A0EB32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BEDD0AF5-8252-4548-941B-26581393E918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3E939AD4-B8F3-4BC0-9948-3C92B88D2593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1DD85E57-9A51-42DF-8BF7-E5701BAA64AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E983C5C3-C93C-4750-8DC5-31D6206335A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DEC8D212-6E8B-45F7-B7FB-9FFA64C1DB8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F03B2A6E-1D63-42F2-BB31-18EC120B6543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3BC83C4B-7C06-40D7-9EF6-76E752E5724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1E1CC9-81A7-47D5-87AC-86703E257D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D716D8C4-2089-4E61-9487-B2085B74B5BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5332A8F5-8F97-465B-AF24-2FEF0B055006",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted \"Range headers with unidentifiable byte-range values.\""
},
{
"lang": "es",
"value": "HttpHdrRange.cc en Squid 3.x anterior a 3.3.12 y 3.4.x anterior a 3.4.6 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de una solicitud con \u0027 cabeceras de rango con valores de rango de bytes no identificables\u0027 manipuladas."
}
],
"id": "CVE-2014-3609",
"lastModified": "2024-11-21T02:08:29.780",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-11T18:55:05.150",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00025.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00029.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1147.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/60179"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/60334"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/61320"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/61412"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2014/dsa-3014"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2015/dsa-3139"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/69453"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2014_2.txt"
},
{
"source": "secalert@redhat.com",
"url": "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9201.patch"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2327-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-09/msg00029.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1147.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61412"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-3014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/69453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2014_2.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9201.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2327-1"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-07 18:59
Modified
2024-11-21 02:51
Severity ?
Summary
Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62B9F669-6217-498A-902E-22EDEEFC565E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:-:pre1:*:*:*:*:*",
"matchCriteriaId": "ED54A2B3-6D36-4016-9BF1-83FAD500103F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:-:pre2:*:*:*:*:*",
"matchCriteriaId": "C4F368E3-88A6-463C-AA18-8FA1B9E35A84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:-:pre3:*:*:*:*:*",
"matchCriteriaId": "1451771E-F456-4631-89C8-0A49F4C8F03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:-:pre4:*:*:*:*:*",
"matchCriteriaId": "FC881283-D0DF-482E-8A06-5CFCF0FA0BB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:-:pre5:*:*:*:*:*",
"matchCriteriaId": "E746946A-2D07-402B-A071-9B674F6FEA75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:-:pre6:*:*:*:*:*",
"matchCriteriaId": "6B1A697B-3777-492F-BA53-0BA7A9934C03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:-:pre7:*:*:*:*:*",
"matchCriteriaId": "1C579925-591E-4BD7-A888-B8D2B0228D34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "131C4C00-3811-42BF-A84A-EB2E5DA156B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "047EDDD6-02F5-4B53-8FCA-781962392080",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "01AD43AB-40BF-449F-A121-A8587E7AE449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "3942285D-E20C-45C5-9EF8-821F6D782CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "B3FDB45B-4D91-4427-9565-812919086E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "86C3C8B5-C2A3-4454-9F89-38A860278366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "8B37B7B4-2EAC-4C2A-9526-5C62CBA1DB8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "056EDEEE-A09C-47A2-9217-72E4B8387E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable8:*:*:*:*:*:*:*",
"matchCriteriaId": "2593CB12-03E2-4F98-9B89-C09D5EADE077",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "A44B7A4F-3070-4092-B9AF-3A1CD0897CC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable10:*:*:*:*:*:*:*",
"matchCriteriaId": "EF79D9A9-9C11-4E6D-81D1-32CA8CA95223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable11:*:*:*:*:*:*:*",
"matchCriteriaId": "042FE60B-7239-45C7-8EE3-A036AC7778F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FF5EE89A-720F-456A-BD26-FE46BBA29D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable12:*:*:*:*:*:*:*",
"matchCriteriaId": "ADF61A74-9CF9-413E-B997-4FAE5BA28939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable13:*:*:*:*:*:*:*",
"matchCriteriaId": "5605B00F-438B-45CC-A55D-E75E57BC4684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable14:*:*:*:*:*:*:*",
"matchCriteriaId": "8316B22E-B016-4F0E-9A3F-383E9B1A85A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable15:*:*:*:*:*:*:*",
"matchCriteriaId": "49A2C5CB-E2F1-4A72-9EA3-912050AFEF7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable16:*:*:*:*:*:*:*",
"matchCriteriaId": "574C7DCC-B6E5-42A0-AA44-A0BCD67D1884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable16:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4D0DAD04-02C4-4FC4-BE08-3CAA3B85EB0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable17:*:*:*:*:*:*:*",
"matchCriteriaId": "A2B1F1A5-B435-4A5C-86DF-EC3F29D94417",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable18:*:*:*:*:*:*:*",
"matchCriteriaId": "113EF7A6-3B8D-4A50-8873-FD36FCBF284C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable19:*:*:*:*:*:*:*",
"matchCriteriaId": "DC97E2DA-7378-486B-9178-3B38FF58589B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable20:*:*:*:*:*:*:*",
"matchCriteriaId": "1F178890-2F7E-43F5-8D6D-5EFCD790E758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable21:*:*:*:*:*:*:*",
"matchCriteriaId": "9FA231EB-0F06-4D13-B50D-76FC8393187A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable22:*:*:*:*:*:*:*",
"matchCriteriaId": "31AB1D33-65EE-46DF-9D29-6B2BFACE7EC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable23:*:*:*:*:*:*:*",
"matchCriteriaId": "BDA4744F-5FB2-4DF8-A7B9-A33EAB004CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable24:*:*:*:*:*:*:*",
"matchCriteriaId": "72023FB9-F081-4F0A-9E81-2AF0470EB278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable25:*:*:*:*:*:*:*",
"matchCriteriaId": "2F7D973B-9D57-4F74-89B1-A18CDA388EF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A8586AD-E820-4BAE-AAF9-AC7EF2316C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "802E3D2B-90B7-4725-854F-4174116BC314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7501697A-BCFD-4DC3-8D87-CC9A186D9589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6C4455-85F4-462D-9FF6-F830ED7D398E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B600BF4C-8169-4086-BFE6-F066BE5F5406",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "46272D1B-1468-48C0-B37A-7D06FAC39C47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DA782B4B-486F-4197-BD5D-ABF791D57211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "558D8641-E097-4D91-9B6E-07433844BB82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0B46F5F1-38FC-4E25-8F04-CA2730561DF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C69B0A4D-9619-4BEA-A846-C4438C2660F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "ED17FE35-6B2C-41BF-A7C7-2EECBDB5A934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "78A50750-3A31-482C-B95C-019C8934850E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF6AC30-9570-4D4B-835E-CCADEB546F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB84E4E-6A0A-41C8-9DDF-3C18F526F155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2E49E5C3-D01F-4DBC-B33A-5495D3EC44F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "79C53B22-9F33-43E7-8D1F-EEB0DEF4B503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "25B60DB2-F50C-42F0-B6C9-B25C34B8F578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "DE973F9E-8387-464F-AFA0-25215B340173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "03D3F0E3-0C50-4A86-87F4-90FC82B312F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE26BEC0-B9C7-43F0-B0FB-E81870170B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0778579-A193-4C61-BB1A-6D2E733F3958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED5DC63-6E9D-4068-95DF-AF8FD9A0A7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DE890F9-12C0-4D66-B6C1-6A5A87FAD5F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FB414FE3-3567-474B-B5A7-D3EF5DD63AB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF450F17-12A2-4E33-875A-5F3C2CA4A5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E3AB229E-2C32-410B-BFE2-62DCA734C3F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "78A6D6B0-9BC0-418E-84EE-23697A0FEC19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF7AFE1-A45A-43B7-B3C7-45C060D046BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "41914354-D5BE-4B1F-BED3-0ECA43586537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9A3716-8670-4847-A6EB-F601184D369E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E88EE3-EC00-4F1F-BAEF-4F1F893C5C5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A330DFA8-BF79-45CC-BF88-6CEA26D7BC9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "679A55F8-34B4-435A-8BCE-8F842F3FB269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "898674F9-6BF7-469F-A74E-558EAFC2CD27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "3F50E718-1CF2-4C8F-A1EA-5F769B203B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFAB3BA-BBE9-4CFB-BE6B-BDF3E7772E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F523B8-463E-4FB0-ACB6-E36AAAF85CD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA593D9-907D-4051-A3F2-0F88F01A7C79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "20D2B364-B98A-4484-A10A-86AF43774096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0B7BF076-0D43-407A-86DC-D1163922A787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA576F49-A7F5-4013-89DF-F6C91C15B547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3F52FE-FFB3-4221-8DC7-3F5680A07429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "604FEF42-ABA7-42C1-8A5F-C3AECFD68481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DC2568C1-89CB-41C1-9126-A8665614D0B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C18B5392-3FDB-49E6-89DB-7945D337FBFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9E0E7F-E93C-4DE9-8D91-5EE50BCFAC2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0BFF9D8B-343B-415D-8AF8-B07AF94CC48B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "16F5794B-BBFB-4B12-9A0B-88A0334681C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "17D0083E-8D50-4DC6-979F-685D5CB588AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "138FAD73-1D25-4F46-B9EA-599FF0EDA1AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE34DC1-F654-474E-B6A3-D81B9BF4D6CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8A4BF7AC-7D9F-40D8-A5AA-BE1EBF37CF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "643E8B9B-C3F4-4171-BF67-D9359BDCE5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "A73CBC60-1EF1-4730-9350-EB51F269695B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2721E403-A553-492F-897F-1CD1E2685139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "85B091C4-8104-4A1E-A09D-EBCD114DC829",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA2EDF9C-45AD-4980-8DEF-C7F473B22CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BE4B8448-49FA-491C-A6A2-040233D670B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "11480BB1-874C-48EB-BB03-081313310608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1B739890-99E8-434C-97D4-3739E6C31838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0C7B1871-3C85-4B88-AB42-E60BF5CDFB04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0A71DCD2-0E54-46A7-8309-CDB0736AD5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CD54BDDF-F7A8-4715-BA0E-4E7F741492FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9A2B9699-6622-4883-BA03-E3374C54871A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "78391DAF-2096-4DC4-80E4-D4D2859DCA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "9B062A06-31C1-4B23-B7BD-9F751ABD6A37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "DE426934-A9E2-4019-99EA-5A76EA7CDF5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "728DD64E-C267-475A-BEA8-C139581DD7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE8F3F5-45A2-418A-9D8E-4E6DFC888BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F4845D4-40D9-431E-A63C-E949B9D9F959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF070E6-0B73-4F6D-8932-B284697FCD2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E07992B-92B4-4307-8DBD-085376C1D6DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "386550A3-A55B-4F24-9625-6A50260ADA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "810D1F9E-81E5-45F0-B62B-AB0A797FF8B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4673327A-1E50-47CC-AD83-6A3D2E687292",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6624AF2D-9EF0-4597-B8B2-20D7A309EA6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F75D13-ED59-42A9-A662-AC77DBA20903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1D2DEDED-818C-42E4-821C-954CE7406DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EEED0A2E-AA5D-4835-A7C6-499325A0EB32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BEDD0AF5-8252-4548-941B-26581393E918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3E939AD4-B8F3-4BC0-9948-3C92B88D2593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "73CAD438-969B-4D2E-8A2F-9264AFAD9DE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "87259A2E-E132-45BA-8AC4-8CC50B1F659A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1DD85E57-9A51-42DF-8BF7-E5701BAA64AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E983C5C3-C93C-4750-8DC5-31D6206335A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DEC8D212-6E8B-45F7-B7FB-9FFA64C1DB8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F03B2A6E-1D63-42F2-BB31-18EC120B6543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3BC83C4B-7C06-40D7-9EF6-76E752E5724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1E1CC9-81A7-47D5-87AC-86703E257D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D716D8C4-2089-4E61-9487-B2085B74B5BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "40507A48-FD3B-4309-B017-A1644C5C3520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0211EBCA-144F-4BDD-8F0C-E5F7BDF96E7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7A52E699-6C08-4324-AD38-E8D40A02701F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "94C493CA-CBF0-4D15-8D1A-0E972E31F7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C398219E-503D-4DE5-85E8-5570536D6FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "BBF91088-0BD3-48EB-8D19-C05F156D4A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0868B12-EDF9-42D9-BB43-15F623A3310B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F710949D-F0FE-43F4-ADB3-6EB679A70280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB75144-2437-40A8-8CA3-A487B603F7DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6CED2CB3-BE78-4818-A6D7-847A1ACE74DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "705D8320-A278-483A-AE47-802044CE685E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "715634E1-F7BE-4106-BDA7-B7D147EEA800",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "21E9E155-FC6F-46E7-8BF7-65DF097409D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CF72FA7A-E35D-4000-9DDA-71E55EA3A4D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3F10F-938E-44D6-845D-B66EF9812C21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B1D82EEE-F65E-4657-B0F7-6CE33D219134",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C9E6A845-B67C-4112-8240-9F61D6AF3B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4BEDD7E3-E263-4A09-9C11-3E008E01BC28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "80E3FF16-A6CD-456C-B58A-381A75D8616C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "87D02AB2-AA26-4416-B689-02C5EEF2099C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A134E1F1-AFCC-498B-8840-5884CF858769",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F4E7D0-B6F4-476E-A011-55619E91A3B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "95588755-27E8-4DB7-B865-A784D3638FE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2CD4DDBC-4243-459A-B43D-FF8F0AE0BA3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0F90E11F-FC03-46D9-A9C4-A578196D59D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "060FCBEA-DEAA-42FB-88C9-4B78136B172F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "74987102-8CA8-4120-B686-F18579A96A46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DA7828AA-48B6-44CD-8507-345A4F0A25BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6640F25F-CC8B-4B05-A97A-2186BD0B5ED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A037F780-6FC9-4130-908F-B5434FA0C7DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1DDEB455-F082-44E4-8CEA-019C0084BF05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "49555803-288E-4B0A-B12A-890E5E0AD05F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers."
},
{
"lang": "es",
"value": "Squid 3.x en versiones anteriores a 3.5.16 y 4.x en versiones anteriores a 4.0.8 no realiza adecuadamente la comprobaci\u00f3n de l\u00edmites, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio a trav\u00e9s de una respuesta HTTP manipulada, relacionada con cabeceras Vary."
}
],
"id": "CVE-2016-3948",
"lastModified": "2024-11-21T02:51:00.477",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-07T18:59:01.607",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2600.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1035458"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_4.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14016.patch"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/3557-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2600.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035458"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_4.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14016.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/3557-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-02-15 18:30
Modified
2024-11-21 01:12
Severity ?
Summary
The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | 2.0 | |
| squid-cache | squid | 2.1 | |
| squid-cache | squid | 2.2 | |
| squid-cache | squid | 2.3 | |
| squid-cache | squid | 2.4 | |
| squid-cache | squid | 2.5 | |
| squid-cache | squid | 2.6 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0.stable1 | |
| squid-cache | squid | 3.0.stable2 | |
| squid-cache | squid | 3.0.stable3 | |
| squid-cache | squid | 3.0.stable4 | |
| squid-cache | squid | 3.0.stable5 | |
| squid-cache | squid | 3.0.stable6 | |
| squid-cache | squid | 3.0.stable7 | |
| squid-cache | squid | 3.0.stable8 | |
| squid-cache | squid | 3.0.stable9 | |
| squid-cache | squid | 3.0.stable11 | |
| squid-cache | squid | 3.0.stable12 | |
| squid-cache | squid | 3.0.stable13 | |
| squid-cache | squid | 3.0.stable14 | |
| squid-cache | squid | 3.0.stable15 | |
| squid-cache | squid | 3.0.stable16 | |
| squid-cache | squid | 3.0.stable17 | |
| squid-cache | squid | 3.0.stable18 | |
| squid-cache | squid | 3.0.stable19 | |
| squid-cache | squid | 3.0.stable20 | |
| squid-cache | squid | 3.0.stable21 | |
| squid-cache | squid | 3.0.stable22 | |
| squid-cache | squid | 3.0.stable23 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B7EB3DBC-313E-4F55-90F3-BED0918A4EFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C3DCC264-510E-43D1-9C13-99CEA54C7940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ED31C038-4142-4C2C-B540-9223C5C199FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "177060A9-6211-4B6D-96BE-48B4BD1FAFEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A7E210DD-8EE6-4182-A78E-F791FCFDEFCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50327E36-756E-434D-804D-1E44A4ABAE1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3AE100C3-0245-4305-B514-77D0572C2947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "35C30CB9-FA3A-408D-A8B0-8805E75657BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable3:*:*:*:*:*:*",
"matchCriteriaId": "A03692DD-779F-4E3C-861C-29943870A816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable4:*:*:*:*:*:*",
"matchCriteriaId": "79FF6B3C-A3CE-4AA2-80F9-44D05A6B2F08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62B9F669-6217-498A-902E-22EDEEFC565E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "047EDDD6-02F5-4B53-8FCA-781962392080",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "01AD43AB-40BF-449F-A121-A8587E7AE449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "3942285D-E20C-45C5-9EF8-821F6D782CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "B3FDB45B-4D91-4427-9565-812919086E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "86C3C8B5-C2A3-4454-9F89-38A860278366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "8B37B7B4-2EAC-4C2A-9526-5C62CBA1DB8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "056EDEEE-A09C-47A2-9217-72E4B8387E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable8:*:*:*:*:*:*:*",
"matchCriteriaId": "2593CB12-03E2-4F98-9B89-C09D5EADE077",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "A44B7A4F-3070-4092-B9AF-3A1CD0897CC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable11:*:*:*:*:*:*:*",
"matchCriteriaId": "042FE60B-7239-45C7-8EE3-A036AC7778F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable12:*:*:*:*:*:*:*",
"matchCriteriaId": "ADF61A74-9CF9-413E-B997-4FAE5BA28939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable13:*:*:*:*:*:*:*",
"matchCriteriaId": "5605B00F-438B-45CC-A55D-E75E57BC4684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable14:*:*:*:*:*:*:*",
"matchCriteriaId": "8316B22E-B016-4F0E-9A3F-383E9B1A85A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable15:*:*:*:*:*:*:*",
"matchCriteriaId": "49A2C5CB-E2F1-4A72-9EA3-912050AFEF7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable16:*:*:*:*:*:*:*",
"matchCriteriaId": "574C7DCC-B6E5-42A0-AA44-A0BCD67D1884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable17:*:*:*:*:*:*:*",
"matchCriteriaId": "A2B1F1A5-B435-4A5C-86DF-EC3F29D94417",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable18:*:*:*:*:*:*:*",
"matchCriteriaId": "113EF7A6-3B8D-4A50-8873-FD36FCBF284C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable19:*:*:*:*:*:*:*",
"matchCriteriaId": "DC97E2DA-7378-486B-9178-3B38FF58589B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable20:*:*:*:*:*:*:*",
"matchCriteriaId": "1F178890-2F7E-43F5-8D6D-5EFCD790E758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable21:*:*:*:*:*:*:*",
"matchCriteriaId": "9FA231EB-0F06-4D13-B50D-76FC8393187A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable22:*:*:*:*:*:*:*",
"matchCriteriaId": "31AB1D33-65EE-46DF-9D29-6B2BFACE7EC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable23:*:*:*:*:*:*:*",
"matchCriteriaId": "BDA4744F-5FB2-4DF8-A7B9-A33EAB004CBA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port."
},
{
"lang": "es",
"value": "La funci\u00f3n htcpHandleTstRequest en el archivo htcp.c en Squid versiones 2.x anterior a 2.6.STABLE24 y versi\u00f3n 2.7 anterior a 2.7.STABLE8, y en el archivo htcp.cc en versi\u00f3n 3.0 anterior a 3.0.STABLE24, permite que los atacantes remotos causen una denegaci\u00f3n de servicio (desreferencia de puntero NULL y bloqueo del demonio) por medio de paquetes creados hacia el puerto HTCP."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/476.html\r\n\r\n\u0027NULL Pointer Dereference\u0027",
"id": "CVE-2010-0639",
"lastModified": "2024-11-21T01:12:38.073",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-02-15T18:30:00.893",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.squid-cache.org/show_bug.cgi?id=2858"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035961.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037159.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/62297"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38812"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/38212"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1023587"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2010_2.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.7/changesets/12600.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.0/changesets/3.0-ADV-2010_2.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0371"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0603"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.squid-cache.org/show_bug.cgi?id=2858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035961.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037159.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/62297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38812"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023587"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2010_2.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.7/changesets/12600.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.0/changesets/3.0-ADV-2010_2.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0371"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0603"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect the versions of squid as shipped with Red Hat Enterprise Linux 3, 4, or 5. Those versions are not compiled with the support for HTCP protocol.",
"lastModified": "2010-02-16T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-09-16 19:14
Modified
2024-11-21 01:54
Severity ?
Summary
client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "728DD64E-C267-475A-BEA8-C139581DD7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE8F3F5-45A2-418A-9D8E-4E6DFC888BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F4845D4-40D9-431E-A63C-E949B9D9F959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF070E6-0B73-4F6D-8932-B284697FCD2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E07992B-92B4-4307-8DBD-085376C1D6DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "386550A3-A55B-4F24-9625-6A50260ADA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "810D1F9E-81E5-45F0-B62B-AB0A797FF8B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4673327A-1E50-47CC-AD83-6A3D2E687292",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6624AF2D-9EF0-4597-B8B2-20D7A309EA6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F75D13-ED59-42A9-A662-AC77DBA20903",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFAB3BA-BBE9-4CFB-BE6B-BDF3E7772E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F523B8-463E-4FB0-ACB6-E36AAAF85CD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA593D9-907D-4051-A3F2-0F88F01A7C79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "20D2B364-B98A-4484-A10A-86AF43774096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0B7BF076-0D43-407A-86DC-D1163922A787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA576F49-A7F5-4013-89DF-F6C91C15B547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3F52FE-FFB3-4221-8DC7-3F5680A07429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "604FEF42-ABA7-42C1-8A5F-C3AECFD68481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DC2568C1-89CB-41C1-9126-A8665614D0B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C18B5392-3FDB-49E6-89DB-7945D337FBFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9E0E7F-E93C-4DE9-8D91-5EE50BCFAC2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0BFF9D8B-343B-415D-8AF8-B07AF94CC48B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "16F5794B-BBFB-4B12-9A0B-88A0334681C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "17D0083E-8D50-4DC6-979F-685D5CB588AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "138FAD73-1D25-4F46-B9EA-599FF0EDA1AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE34DC1-F654-474E-B6A3-D81B9BF4D6CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8A4BF7AC-7D9F-40D8-A5AA-BE1EBF37CF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "643E8B9B-C3F4-4171-BF67-D9359BDCE5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "A73CBC60-1EF1-4730-9350-EB51F269695B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2721E403-A553-492F-897F-1CD1E2685139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "85B091C4-8104-4A1E-A09D-EBCD114DC829",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA2EDF9C-45AD-4980-8DEF-C7F473B22CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BE4B8448-49FA-491C-A6A2-040233D670B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "11480BB1-874C-48EB-BB03-081313310608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1B739890-99E8-434C-97D4-3739E6C31838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0C7B1871-3C85-4B88-AB42-E60BF5CDFB04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0A71DCD2-0E54-46A7-8309-CDB0736AD5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CD54BDDF-F7A8-4715-BA0E-4E7F741492FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9A2B9699-6622-4883-BA03-E3374C54871A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "78391DAF-2096-4DC4-80E4-D4D2859DCA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "9B062A06-31C1-4B23-B7BD-9F751ABD6A37",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header."
},
{
"lang": "es",
"value": "client_side_request.cc en Squid 3.2.x anteriores a 3.2.13 y 3.3.x anteriores a 3.3.8 permite a un atacante remoto causar una denegaci\u00f3n de servicio a trav\u00e9s de un n\u00famero de puerto manipulado en una cabecera HTTP Host."
}
],
"id": "CVE-2013-4123",
"lastModified": "2024-11-21T01:54:55.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-09-16T19:14:38.397",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00024.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54142"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/54834"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2013_3.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11826.patch"
},
{
"source": "secalert@redhat.com",
"url": "http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12591.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54142"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/54834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2013_3.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11826.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12591.patch"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-26 17:15
Modified
2024-11-21 04:33
Severity ?
Summary
An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be delivered to.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.04 | |
| canonical | ubuntu_linux | 19.10 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "466DF174-7C87-4D0E-B10D-F3F88014D9F5",
"versionEndIncluding": "2.7",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC9F2659-B37B-4E7B-AE40-B91BF3CE4E88",
"versionEndIncluding": "3.5.28",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A278895E-7005-4F4B-8649-A013F60E33D4",
"versionEndIncluding": "4.8",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable2:*:*:*:*:*:*",
"matchCriteriaId": "EFBB466C-C679-4B4B-87C2-E7853E5B3F04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable3:*:*:*:*:*:*",
"matchCriteriaId": "A03692DD-779F-4E3C-861C-29943870A816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable4:*:*:*:*:*:*",
"matchCriteriaId": "79FF6B3C-A3CE-4AA2-80F9-44D05A6B2F08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable5:*:*:*:*:*:*",
"matchCriteriaId": "3CF6E367-D33B-4B60-8C40-4618C47D53E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable6:*:*:*:*:*:*",
"matchCriteriaId": "0FA1F4FE-629C-4489-A13C-017A824C840F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable7:*:*:*:*:*:*",
"matchCriteriaId": "2479C5BF-94E1-4153-9FA3-333BC00F01D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable8:*:*:*:*:*:*",
"matchCriteriaId": "8ABFCCCC-7584-466E-97CC-6EBD3934A70E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable9:*:*:*:*:*:*",
"matchCriteriaId": "F17E49BF-FB11-4EE6-B6AC-30914F381B2F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be delivered to."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Squid versiones 2.x, 3.x y versiones 4.x hasta 4.8 cuando la configuraci\u00f3n append_domain es usada (porque los caracteres a\u00f1adidos no interact\u00faan apropiadamente con las restricciones de longitud del nombre de host). Debido a un procesamiento incorrecto del mensaje, puede redireccionar inapropiadamente el tr\u00e1fico a los or\u00edgenes a los que no debe ser enviado."
}
],
"id": "CVE-2019-18677",
"lastModified": "2024-11-21T04:33:30.820",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-26T17:15:12.923",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_9.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-e5f1813a674848dde570f7920873e1071f96e0b4.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-36492033ea4097821a4f7ff3ddcb971fbd1e8ba0.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1156328"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/pull/427"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4213-1/"
},
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_9.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-e5f1813a674848dde570f7920873e1071f96e0b4.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-36492033ea4097821a4f7ff3ddcb971fbd1e8ba0.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1156328"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/pull/427"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4213-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2020/dsa-4682"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-04 21:15
Modified
2024-11-21 04:23
Severity ?
Summary
An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| opensuse | leap | 15.1 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCB84835-9A10-4970-8A4B-6467A2BD4FCB",
"versionEndExcluding": "4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users\u0027 sessions or non-Squid processes."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Squid versiones anteriores a 4.10. Permite a un servidor FTP dise\u00f1ado desencadenar una divulgaci\u00f3n de informaci\u00f3n confidencial de la memoria de la pila, tal y como la informaci\u00f3n asociada con las sesiones de otros usuarios o procesos que no son de Squid."
}
],
"id": "CVE-2019-12528",
"lastModified": "2024-11-21T04:23:02.807",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-04T21:15:10.807",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2020_2.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-34"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4289-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2020_2.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-34"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4289-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-30 19:15
Modified
2024-11-21 05:02
Severity ?
Summary
An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a TLS connection to an attacker-controlled server for HTTPS. This occurs because unrecognized error values are mapped to NULL, but later code expects that each error value is mapped to a valid error string.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| fedoraproject | fedora | 31 | |
| netapp | cloud_manager | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3828B8E-1FF7-4707-BB24-6C7CABC37362",
"versionEndIncluding": "3.5.28",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3430B4A-4E1E-438D-9C84-4CFED6A3F023",
"versionEndExcluding": "4.12",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "137B599B-80D1-4903-8791-40F11BC3FCD9",
"versionEndExcluding": "5.0.3",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "197D0D80-6702-4B61-B681-AFDBA7D69067",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a TLS connection to an attacker-controlled server for HTTPS. This occurs because unrecognized error values are mapped to NULL, but later code expects that each error value is mapped to a valid error string."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Squid versiones anteriores a 4.12 y versiones 5.x anteriores a 5.0.3. Debido al uso de una funci\u00f3n potencialmente peligrosa, Squid y el asistente de comprobaci\u00f3n de certificados predeterminado son vulnerables a una Denegaci\u00f3n de Servicio al abrir una conexi\u00f3n TLS en un servidor controlado por el atacante por HTTPS. Esto ocurre porque los valores de error no reconocidos son asignados a NULL, pero el c\u00f3digo posterior espera que cada valor de error sea asignado a una cadena de error v\u00e1lida"
}
],
"id": "CVE-2020-14058",
"lastModified": "2024-11-21T05:02:27.447",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-30T19:15:11.130",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2020_6.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-93f5fda134a2a010b84ffedbe833d670e63ba4be.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v5/changesets/squid-5-c6d1a4f6a2cbebceebc8a3fcd8f539ceb7b7f723.patch"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3RG5FGSTCAYVIJPJHIY3MRZ7NFT6HDO7/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210312-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2020_6.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-93f5fda134a2a010b84ffedbe833d670e63ba4be.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v5/changesets/squid-5-c6d1a4f6a2cbebceebc8a3fcd8f539ceb7b7f723.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3RG5FGSTCAYVIJPJHIY3MRZ7NFT6HDO7/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210312-0001/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-20 21:15
Modified
2024-11-21 04:33
Severity ?
Summary
Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.10 | |
| canonical | ubuntu_linux | 20.04 | |
| opensuse | leap | 15.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2FFB5736-A0F8-4B03-ACAE-ED7CF02ECA9B",
"versionEndExcluding": "4.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi."
},
{
"lang": "es",
"value": "Squid versiones anteriores a 4.9, cuando determinados navegadores web son usados, maneja inapropiadamente HTML en el par\u00e1metro host (tambi\u00e9n se conoce como hostname) en el archivo cachemgr.cgi."
}
],
"id": "CVE-2019-18860",
"lastModified": "2024-11-21T04:33:44.060",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-20T21:15:16.547",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/pull/504"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/pull/505"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4356-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4732"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/pull/504"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/pull/505"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4356-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4732"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-03 08:15
Modified
2024-11-21 08:29
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 | |
| redhat | enterprise_linux_eus | 8.6 | |
| redhat | enterprise_linux_eus | 8.8 | |
| redhat | enterprise_linux_eus | 9.0 | |
| redhat | enterprise_linux_eus | 9.2 | |
| redhat | enterprise_linux_for_arm_64 | 8.0_aarch64 | |
| redhat | enterprise_linux_for_ibm_z_systems | 8.0_s390x | |
| redhat | enterprise_linux_for_power_little_endian | 8.0_ppc64le | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server_aus | 8.2 | |
| redhat | enterprise_linux_server_aus | 8.4 | |
| redhat | enterprise_linux_server_aus | 8.6 | |
| redhat | enterprise_linux_server_aus | 9.2 | |
| redhat | enterprise_linux_server_tus | 8.2 | |
| redhat | enterprise_linux_server_tus | 8.4 | |
| redhat | enterprise_linux_server_tus | 8.6 | |
| redhat | enterprise_linux_server_tus | 8.8 | |
| redhat | enterprise_linux_server_tus | 9.2 | |
| redhat | enterprise_linux_workstation | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7AD85A7-770C-4526-8AD4-D06C802692D4",
"versionEndExcluding": "6.4",
"versionStartIncluding": "3.2.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "62C31522-0A17-4025-B269-855C7F4B45C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4DDA3E5A-8754-4C48-9A27-E2415F8A6000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C74F6FA-FA6C-4648-9079-91446E45EE47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*",
"matchCriteriaId": "5A47EF78-A5B6-4B89-8B74-EEB0647C549F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*",
"matchCriteriaId": "32AF225E-94C0-4D07-900C-DD868C05F554",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*",
"matchCriteriaId": "23D471AC-7DCA-4425-AD91-E5D928753A8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F32CA554-F9D7-425B-8F1C-89678507F28C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F1CA946D-1665-4874-9D41-C7D963DD1F56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "647A34CD-AB8C-44DD-8FD7-03315633FF1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication."
},
{
"lang": "es",
"value": "Squid es vulnerable a una Denegaci\u00f3n de Servicio, donde un atacante remoto puede realizar un ataque de desbordamiento de b\u00fafer escribiendo hasta 2 MB de datos arbitrarios en la memoria acumulada cuando Squid est\u00e1 configurado para aceptar la autenticaci\u00f3n impl\u00edcita HTTP."
}
],
"id": "CVE-2023-46847",
"lastModified": "2024-11-21T08:29:25.000",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-03T08:15:08.023",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6266"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6267"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6268"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6748"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6801"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6803"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6804"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6805"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6810"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6882"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6884"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7213"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7576"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7578"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-46847"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245916"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6266"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6267"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6268"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6748"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6801"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6803"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6804"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6810"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6884"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7213"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7576"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7578"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-46847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20231130-0002/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-25 14:59
Modified
2024-11-21 02:51
Severity ?
Summary
Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62B9F669-6217-498A-902E-22EDEEFC565E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A8586AD-E820-4BAE-AAF9-AC7EF2316C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "802E3D2B-90B7-4725-854F-4174116BC314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7501697A-BCFD-4DC3-8D87-CC9A186D9589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6C4455-85F4-462D-9FF6-F830ED7D398E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B600BF4C-8169-4086-BFE6-F066BE5F5406",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "46272D1B-1468-48C0-B37A-7D06FAC39C47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DA782B4B-486F-4197-BD5D-ABF791D57211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "558D8641-E097-4D91-9B6E-07433844BB82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0B46F5F1-38FC-4E25-8F04-CA2730561DF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C69B0A4D-9619-4BEA-A846-C4438C2660F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "ED17FE35-6B2C-41BF-A7C7-2EECBDB5A934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "78A50750-3A31-482C-B95C-019C8934850E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF6AC30-9570-4D4B-835E-CCADEB546F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB84E4E-6A0A-41C8-9DDF-3C18F526F155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2E49E5C3-D01F-4DBC-B33A-5495D3EC44F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "79C53B22-9F33-43E7-8D1F-EEB0DEF4B503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "25B60DB2-F50C-42F0-B6C9-B25C34B8F578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "DE973F9E-8387-464F-AFA0-25215B340173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "03D3F0E3-0C50-4A86-87F4-90FC82B312F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE26BEC0-B9C7-43F0-B0FB-E81870170B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0778579-A193-4C61-BB1A-6D2E733F3958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED5DC63-6E9D-4068-95DF-AF8FD9A0A7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DE890F9-12C0-4D66-B6C1-6A5A87FAD5F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FB414FE3-3567-474B-B5A7-D3EF5DD63AB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF450F17-12A2-4E33-875A-5F3C2CA4A5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E3AB229E-2C32-410B-BFE2-62DCA734C3F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "78A6D6B0-9BC0-418E-84EE-23697A0FEC19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF7AFE1-A45A-43B7-B3C7-45C060D046BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "41914354-D5BE-4B1F-BED3-0ECA43586537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9A3716-8670-4847-A6EB-F601184D369E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E88EE3-EC00-4F1F-BAEF-4F1F893C5C5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A330DFA8-BF79-45CC-BF88-6CEA26D7BC9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B218819-0975-4E1F-8F6C-D666655937B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "594A05FF-E5D2-4132-BF03-44D6866D8133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B22C192-02F2-4AD4-A305-BADCC09E8075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "679A55F8-34B4-435A-8BCE-8F842F3FB269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "898674F9-6BF7-469F-A74E-558EAFC2CD27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "3F50E718-1CF2-4C8F-A1EA-5F769B203B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "290D66F4-D27F-4E86-AC95-05082F3C2E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "A8CD6A42-2C79-48EB-8F6C-0A7CE0C6AAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "ABBA9A61-2B05-4527-A49D-425AD5FD863B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "E893D7A8-9C39-438C-8EF2-9573EEDC884A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "0B707451-BF0E-4F79-A348-B1141ABA6EF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "810AAA9D-F4B2-4F0A-89DD-2D9378516481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "516F3F77-3AEA-489D-A36F-C502B4D9BF01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFAB3BA-BBE9-4CFB-BE6B-BDF3E7772E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F523B8-463E-4FB0-ACB6-E36AAAF85CD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA593D9-907D-4051-A3F2-0F88F01A7C79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "20D2B364-B98A-4484-A10A-86AF43774096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0B7BF076-0D43-407A-86DC-D1163922A787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA576F49-A7F5-4013-89DF-F6C91C15B547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3F52FE-FFB3-4221-8DC7-3F5680A07429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "604FEF42-ABA7-42C1-8A5F-C3AECFD68481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DC2568C1-89CB-41C1-9126-A8665614D0B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C18B5392-3FDB-49E6-89DB-7945D337FBFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9E0E7F-E93C-4DE9-8D91-5EE50BCFAC2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0BFF9D8B-343B-415D-8AF8-B07AF94CC48B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "16F5794B-BBFB-4B12-9A0B-88A0334681C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "17D0083E-8D50-4DC6-979F-685D5CB588AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "138FAD73-1D25-4F46-B9EA-599FF0EDA1AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE34DC1-F654-474E-B6A3-D81B9BF4D6CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8A4BF7AC-7D9F-40D8-A5AA-BE1EBF37CF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "643E8B9B-C3F4-4171-BF67-D9359BDCE5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "A73CBC60-1EF1-4730-9350-EB51F269695B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2721E403-A553-492F-897F-1CD1E2685139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "85B091C4-8104-4A1E-A09D-EBCD114DC829",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA2EDF9C-45AD-4980-8DEF-C7F473B22CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BE4B8448-49FA-491C-A6A2-040233D670B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "11480BB1-874C-48EB-BB03-081313310608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1B739890-99E8-434C-97D4-3739E6C31838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0C7B1871-3C85-4B88-AB42-E60BF5CDFB04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0A71DCD2-0E54-46A7-8309-CDB0736AD5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CD54BDDF-F7A8-4715-BA0E-4E7F741492FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9A2B9699-6622-4883-BA03-E3374C54871A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "78391DAF-2096-4DC4-80E4-D4D2859DCA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "9B062A06-31C1-4B23-B7BD-9F751ABD6A37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "DE426934-A9E2-4019-99EA-5A76EA7CDF5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "728DD64E-C267-475A-BEA8-C139581DD7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A7A83183-74B1-4041-A961-D9F382AAC7E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE8F3F5-45A2-418A-9D8E-4E6DFC888BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F4845D4-40D9-431E-A63C-E949B9D9F959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF070E6-0B73-4F6D-8932-B284697FCD2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E07992B-92B4-4307-8DBD-085376C1D6DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "386550A3-A55B-4F24-9625-6A50260ADA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "810D1F9E-81E5-45F0-B62B-AB0A797FF8B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4673327A-1E50-47CC-AD83-6A3D2E687292",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6624AF2D-9EF0-4597-B8B2-20D7A309EA6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F75D13-ED59-42A9-A662-AC77DBA20903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1D2DEDED-818C-42E4-821C-954CE7406DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EEED0A2E-AA5D-4835-A7C6-499325A0EB32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BEDD0AF5-8252-4548-941B-26581393E918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3E939AD4-B8F3-4BC0-9948-3C92B88D2593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "73CAD438-969B-4D2E-8A2F-9264AFAD9DE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "87259A2E-E132-45BA-8AC4-8CC50B1F659A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "76245991-1D91-4475-87E1-FBB77A1B3CDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1DD85E57-9A51-42DF-8BF7-E5701BAA64AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E983C5C3-C93C-4750-8DC5-31D6206335A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DEC8D212-6E8B-45F7-B7FB-9FFA64C1DB8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F03B2A6E-1D63-42F2-BB31-18EC120B6543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3BC83C4B-7C06-40D7-9EF6-76E752E5724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1E1CC9-81A7-47D5-87AC-86703E257D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D716D8C4-2089-4E61-9487-B2085B74B5BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BBC5AAD-34E1-48A5-972A-A09D66EFE825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "79E26DC8-1030-4F3F-96B9-6BF159D86FCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "40507A48-FD3B-4309-B017-A1644C5C3520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0211EBCA-144F-4BDD-8F0C-E5F7BDF96E7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7A52E699-6C08-4324-AD38-E8D40A02701F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "94C493CA-CBF0-4D15-8D1A-0E972E31F7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C398219E-503D-4DE5-85E8-5570536D6FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "BBF91088-0BD3-48EB-8D19-C05F156D4A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "3441D193-DA62-4AC1-8E50-3AEEF8C659F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0868B12-EDF9-42D9-BB43-15F623A3310B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F710949D-F0FE-43F4-ADB3-6EB679A70280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB75144-2437-40A8-8CA3-A487B603F7DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6CED2CB3-BE78-4818-A6D7-847A1ACE74DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "705D8320-A278-483A-AE47-802044CE685E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "715634E1-F7BE-4106-BDA7-B7D147EEA800",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "21E9E155-FC6F-46E7-8BF7-65DF097409D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CF72FA7A-E35D-4000-9DDA-71E55EA3A4D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3F10F-938E-44D6-845D-B66EF9812C21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B1D82EEE-F65E-4657-B0F7-6CE33D219134",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C9E6A845-B67C-4112-8240-9F61D6AF3B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4BEDD7E3-E263-4A09-9C11-3E008E01BC28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "80E3FF16-A6CD-456C-B58A-381A75D8616C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "87D02AB2-AA26-4416-B689-02C5EEF2099C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A134E1F1-AFCC-498B-8840-5884CF858769",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F4E7D0-B6F4-476E-A011-55619E91A3B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "95588755-27E8-4DB7-B865-A784D3638FE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2CD4DDBC-4243-459A-B43D-FF8F0AE0BA3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0F90E11F-FC03-46D9-A9C4-A578196D59D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "EDC9BEE2-D7E4-4192-963C-E9F2364FC8CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "060FCBEA-DEAA-42FB-88C9-4B78136B172F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "74987102-8CA8-4120-B686-F18579A96A46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DA7828AA-48B6-44CD-8507-345A4F0A25BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6640F25F-CC8B-4B05-A97A-2186BD0B5ED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A037F780-6FC9-4130-908F-B5434FA0C7DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1DDEB455-F082-44E4-8CEA-019C0084BF05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "49555803-288E-4B0A-B12A-890E5E0AD05F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEE374C-365E-49DE-A9F9-6083044C774D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*",
"matchCriteriaId": "CC7A498A-A669-4C42-8134-86103C799D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*",
"matchCriteriaId": "104DA87B-DEE4-4262-AE50-8E6BC43B228B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization."
},
{
"lang": "es",
"value": "Squid 3.x en versiones anteriores a 3.5.17 y 4.x en versiones anteriores a 4.0.9 permite a atacantes remotos obtener informaci\u00f3n sensible sobre la estructura de pila a trav\u00e9s de respuestas Edge Side Includes (ESI) manipuladas, relacionado con el uso incorrecto de assert y optimizaci\u00f3n del compilador."
}
],
"id": "CVE-2016-4053",
"lastModified": "2024-11-21T02:51:14.910",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-25T14:59:04.533",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3625"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/6"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/9"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/86788"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1035647"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_6.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2995-1"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2016:1138"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2016:1139"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2016:1140"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/86788"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1035647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_6.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2995-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2016:1138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2016:1139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2016:1140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201607-01"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-02-27 05:59
Modified
2024-11-21 02:48
Severity ?
Summary
http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62B9F669-6217-498A-902E-22EDEEFC565E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:-:pre1:*:*:*:*:*",
"matchCriteriaId": "ED54A2B3-6D36-4016-9BF1-83FAD500103F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:-:pre2:*:*:*:*:*",
"matchCriteriaId": "C4F368E3-88A6-463C-AA18-8FA1B9E35A84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:-:pre3:*:*:*:*:*",
"matchCriteriaId": "1451771E-F456-4631-89C8-0A49F4C8F03B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:-:pre4:*:*:*:*:*",
"matchCriteriaId": "FC881283-D0DF-482E-8A06-5CFCF0FA0BB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:-:pre5:*:*:*:*:*",
"matchCriteriaId": "E746946A-2D07-402B-A071-9B674F6FEA75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:-:pre6:*:*:*:*:*",
"matchCriteriaId": "6B1A697B-3777-492F-BA53-0BA7A9934C03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:-:pre7:*:*:*:*:*",
"matchCriteriaId": "1C579925-591E-4BD7-A888-B8D2B0228D34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "131C4C00-3811-42BF-A84A-EB2E5DA156B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "047EDDD6-02F5-4B53-8FCA-781962392080",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "01AD43AB-40BF-449F-A121-A8587E7AE449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "3942285D-E20C-45C5-9EF8-821F6D782CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "B3FDB45B-4D91-4427-9565-812919086E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "86C3C8B5-C2A3-4454-9F89-38A860278366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "8B37B7B4-2EAC-4C2A-9526-5C62CBA1DB8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "056EDEEE-A09C-47A2-9217-72E4B8387E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable8:*:*:*:*:*:*:*",
"matchCriteriaId": "2593CB12-03E2-4F98-9B89-C09D5EADE077",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "A44B7A4F-3070-4092-B9AF-3A1CD0897CC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable10:*:*:*:*:*:*:*",
"matchCriteriaId": "EF79D9A9-9C11-4E6D-81D1-32CA8CA95223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable11:*:*:*:*:*:*:*",
"matchCriteriaId": "042FE60B-7239-45C7-8EE3-A036AC7778F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FF5EE89A-720F-456A-BD26-FE46BBA29D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable12:*:*:*:*:*:*:*",
"matchCriteriaId": "ADF61A74-9CF9-413E-B997-4FAE5BA28939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable13:*:*:*:*:*:*:*",
"matchCriteriaId": "5605B00F-438B-45CC-A55D-E75E57BC4684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable14:*:*:*:*:*:*:*",
"matchCriteriaId": "8316B22E-B016-4F0E-9A3F-383E9B1A85A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable15:*:*:*:*:*:*:*",
"matchCriteriaId": "49A2C5CB-E2F1-4A72-9EA3-912050AFEF7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable16:*:*:*:*:*:*:*",
"matchCriteriaId": "574C7DCC-B6E5-42A0-AA44-A0BCD67D1884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable16:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4D0DAD04-02C4-4FC4-BE08-3CAA3B85EB0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable17:*:*:*:*:*:*:*",
"matchCriteriaId": "A2B1F1A5-B435-4A5C-86DF-EC3F29D94417",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable18:*:*:*:*:*:*:*",
"matchCriteriaId": "113EF7A6-3B8D-4A50-8873-FD36FCBF284C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable19:*:*:*:*:*:*:*",
"matchCriteriaId": "DC97E2DA-7378-486B-9178-3B38FF58589B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable20:*:*:*:*:*:*:*",
"matchCriteriaId": "1F178890-2F7E-43F5-8D6D-5EFCD790E758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable21:*:*:*:*:*:*:*",
"matchCriteriaId": "9FA231EB-0F06-4D13-B50D-76FC8393187A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable22:*:*:*:*:*:*:*",
"matchCriteriaId": "31AB1D33-65EE-46DF-9D29-6B2BFACE7EC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable23:*:*:*:*:*:*:*",
"matchCriteriaId": "BDA4744F-5FB2-4DF8-A7B9-A33EAB004CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable24:*:*:*:*:*:*:*",
"matchCriteriaId": "72023FB9-F081-4F0A-9E81-2AF0470EB278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable25:*:*:*:*:*:*:*",
"matchCriteriaId": "2F7D973B-9D57-4F74-89B1-A18CDA388EF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A8586AD-E820-4BAE-AAF9-AC7EF2316C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "802E3D2B-90B7-4725-854F-4174116BC314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7501697A-BCFD-4DC3-8D87-CC9A186D9589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6C4455-85F4-462D-9FF6-F830ED7D398E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B600BF4C-8169-4086-BFE6-F066BE5F5406",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "46272D1B-1468-48C0-B37A-7D06FAC39C47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DA782B4B-486F-4197-BD5D-ABF791D57211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "558D8641-E097-4D91-9B6E-07433844BB82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0B46F5F1-38FC-4E25-8F04-CA2730561DF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C69B0A4D-9619-4BEA-A846-C4438C2660F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "ED17FE35-6B2C-41BF-A7C7-2EECBDB5A934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "78A50750-3A31-482C-B95C-019C8934850E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF6AC30-9570-4D4B-835E-CCADEB546F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB84E4E-6A0A-41C8-9DDF-3C18F526F155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2E49E5C3-D01F-4DBC-B33A-5495D3EC44F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "79C53B22-9F33-43E7-8D1F-EEB0DEF4B503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "25B60DB2-F50C-42F0-B6C9-B25C34B8F578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "DE973F9E-8387-464F-AFA0-25215B340173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "03D3F0E3-0C50-4A86-87F4-90FC82B312F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE26BEC0-B9C7-43F0-B0FB-E81870170B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0778579-A193-4C61-BB1A-6D2E733F3958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED5DC63-6E9D-4068-95DF-AF8FD9A0A7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DE890F9-12C0-4D66-B6C1-6A5A87FAD5F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FB414FE3-3567-474B-B5A7-D3EF5DD63AB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF450F17-12A2-4E33-875A-5F3C2CA4A5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E3AB229E-2C32-410B-BFE2-62DCA734C3F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "78A6D6B0-9BC0-418E-84EE-23697A0FEC19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF7AFE1-A45A-43B7-B3C7-45C060D046BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "41914354-D5BE-4B1F-BED3-0ECA43586537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9A3716-8670-4847-A6EB-F601184D369E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E88EE3-EC00-4F1F-BAEF-4F1F893C5C5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A330DFA8-BF79-45CC-BF88-6CEA26D7BC9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "679A55F8-34B4-435A-8BCE-8F842F3FB269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "898674F9-6BF7-469F-A74E-558EAFC2CD27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "3F50E718-1CF2-4C8F-A1EA-5F769B203B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFAB3BA-BBE9-4CFB-BE6B-BDF3E7772E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F523B8-463E-4FB0-ACB6-E36AAAF85CD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA593D9-907D-4051-A3F2-0F88F01A7C79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "20D2B364-B98A-4484-A10A-86AF43774096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0B7BF076-0D43-407A-86DC-D1163922A787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA576F49-A7F5-4013-89DF-F6C91C15B547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3F52FE-FFB3-4221-8DC7-3F5680A07429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "604FEF42-ABA7-42C1-8A5F-C3AECFD68481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DC2568C1-89CB-41C1-9126-A8665614D0B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C18B5392-3FDB-49E6-89DB-7945D337FBFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9E0E7F-E93C-4DE9-8D91-5EE50BCFAC2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0BFF9D8B-343B-415D-8AF8-B07AF94CC48B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "16F5794B-BBFB-4B12-9A0B-88A0334681C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "17D0083E-8D50-4DC6-979F-685D5CB588AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "138FAD73-1D25-4F46-B9EA-599FF0EDA1AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE34DC1-F654-474E-B6A3-D81B9BF4D6CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8A4BF7AC-7D9F-40D8-A5AA-BE1EBF37CF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "643E8B9B-C3F4-4171-BF67-D9359BDCE5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "A73CBC60-1EF1-4730-9350-EB51F269695B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2721E403-A553-492F-897F-1CD1E2685139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "85B091C4-8104-4A1E-A09D-EBCD114DC829",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA2EDF9C-45AD-4980-8DEF-C7F473B22CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BE4B8448-49FA-491C-A6A2-040233D670B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "11480BB1-874C-48EB-BB03-081313310608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1B739890-99E8-434C-97D4-3739E6C31838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0C7B1871-3C85-4B88-AB42-E60BF5CDFB04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0A71DCD2-0E54-46A7-8309-CDB0736AD5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CD54BDDF-F7A8-4715-BA0E-4E7F741492FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9A2B9699-6622-4883-BA03-E3374C54871A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "78391DAF-2096-4DC4-80E4-D4D2859DCA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "9B062A06-31C1-4B23-B7BD-9F751ABD6A37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "DE426934-A9E2-4019-99EA-5A76EA7CDF5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "728DD64E-C267-475A-BEA8-C139581DD7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE8F3F5-45A2-418A-9D8E-4E6DFC888BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F4845D4-40D9-431E-A63C-E949B9D9F959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF070E6-0B73-4F6D-8932-B284697FCD2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E07992B-92B4-4307-8DBD-085376C1D6DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "386550A3-A55B-4F24-9625-6A50260ADA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "810D1F9E-81E5-45F0-B62B-AB0A797FF8B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4673327A-1E50-47CC-AD83-6A3D2E687292",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6624AF2D-9EF0-4597-B8B2-20D7A309EA6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F75D13-ED59-42A9-A662-AC77DBA20903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1D2DEDED-818C-42E4-821C-954CE7406DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EEED0A2E-AA5D-4835-A7C6-499325A0EB32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BEDD0AF5-8252-4548-941B-26581393E918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3E939AD4-B8F3-4BC0-9948-3C92B88D2593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "73CAD438-969B-4D2E-8A2F-9264AFAD9DE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "87259A2E-E132-45BA-8AC4-8CC50B1F659A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1DD85E57-9A51-42DF-8BF7-E5701BAA64AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E983C5C3-C93C-4750-8DC5-31D6206335A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DEC8D212-6E8B-45F7-B7FB-9FFA64C1DB8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F03B2A6E-1D63-42F2-BB31-18EC120B6543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3BC83C4B-7C06-40D7-9EF6-76E752E5724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1E1CC9-81A7-47D5-87AC-86703E257D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D716D8C4-2089-4E61-9487-B2085B74B5BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "40507A48-FD3B-4309-B017-A1644C5C3520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0211EBCA-144F-4BDD-8F0C-E5F7BDF96E7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7A52E699-6C08-4324-AD38-E8D40A02701F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "94C493CA-CBF0-4D15-8D1A-0E972E31F7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C398219E-503D-4DE5-85E8-5570536D6FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "BBF91088-0BD3-48EB-8D19-C05F156D4A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0868B12-EDF9-42D9-BB43-15F623A3310B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F710949D-F0FE-43F4-ADB3-6EB679A70280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB75144-2437-40A8-8CA3-A487B603F7DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6CED2CB3-BE78-4818-A6D7-847A1ACE74DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "705D8320-A278-483A-AE47-802044CE685E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "060FCBEA-DEAA-42FB-88C9-4B78136B172F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "74987102-8CA8-4120-B686-F18579A96A46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DA7828AA-48B6-44CD-8507-345A4F0A25BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6640F25F-CC8B-4B05-A97A-2186BD0B5ED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A037F780-6FC9-4130-908F-B5434FA0C7DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1DDEB455-F082-44E4-8CEA-019C0084BF05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response."
},
{
"lang": "es",
"value": "http.cc en Squid 3.x en versiones anteriores a 3.5.15 y 4.x en versiones anteriores a 4.0.7 procede con el almacenamiento de ciertos datos despu\u00e9s de un fallo de respuesta de an\u00e1lisis, lo que permite a servidores HTTP remotos provocar una denegaci\u00f3n de servicio (fallo de aserci\u00f3n y salida de demonio) a trav\u00e9s de una respuesta mal formada."
}
],
"id": "CVE-2016-2571",
"lastModified": "2024-11-21T02:48:43.643",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-02-27T05:59:05.797",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2600.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3522"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2016/02/26/2"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1035101"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_2.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13990.patch"
},
{
"source": "cve@mitre.org",
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-14548.patch"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-2921-1"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/3557-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2600.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2016/02/26/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_2.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13990.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-14548.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2921-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/3557-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-06 18:15
Modified
2024-11-21 08:29
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4205423B-C18E-4565-867C-BF885D21DF03",
"versionEndExcluding": "6.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid\u0027s Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests."
},
{
"lang": "es",
"value": "Squid es un proxy de almacenamiento en cach\u00e9 para la Web que admite HTTP, HTTPS, FTP y m\u00e1s. Debido a un bug de desreferencia de NULL pointer, Squid es vulnerable a un ataque de Denegaci\u00f3n de Servicio contra la puerta de enlace Gopher de Squid. El protocolo Gopher siempre est\u00e1 disponible y habilitado en Squid antes de Squid 6.0.1. Es posible recibir respuestas que desencadenen este error desde cualquier servidor Gopher, incluso aquellos sin intenciones maliciosas. La compatibilidad con Gopher se elimin\u00f3 en la versi\u00f3n 6.0.1 de Squid. Se recomienda a los usuarios que actualicen. Los usuarios que no puedan actualizar deben rechazar todas las solicitudes de URL de Gopher."
}
],
"id": "CVE-2023-46728",
"lastModified": "2024-11-21T08:29:10.403",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-06T18:15:08.637",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/squid-cache/squid/commit/6ea12e8fb590ac6959e9356a81aa3370576568c3"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-cg5h-v6vc-w33f"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/"
},
{
"source": "security-advisories@github.com",
"url": "https://security.netapp.com/advisory/ntap-20231214-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/squid-cache/squid/commit/6ea12e8fb590ac6959e9356a81aa3370576568c3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-cg5h-v6vc-w33f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20231214-0006/"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-03 08:15
Modified
2024-11-21 08:29
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| redhat | enterprise_linux | 9.0 | |
| redhat | enterprise_linux_eus | 9.2 | |
| redhat | enterprise_linux_server_aus | 9.2 | |
| redhat | enterprise_linux_server_tus | 9.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C0AA52A-5ECA-40E8-A911-CA0946A01660",
"versionEndExcluding": "6.4",
"versionStartIncluding": "5.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C74F6FA-FA6C-4648-9079-91446E45EE47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F32CA554-F9D7-425B-8F1C-89678507F28C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "647A34CD-AB8C-44DD-8FD7-03315633FF1B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input."
},
{
"lang": "es",
"value": "Squid es vulnerable a la Denegaci\u00f3n de Servicio, donde un atacante remoto puede realizar DoS enviando URL ftp:// en mensajes de solicitud HTTP o construyendo URL ftp:// a partir de una entrada nativa FTP."
}
],
"id": "CVE-2023-46848",
"lastModified": "2024-11-21T08:29:25.190",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-03T08:15:08.117",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6266"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6268"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6748"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-46848"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245919"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-2g3c-pg7q-g59w"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6266"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6268"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2023:6748"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-46848"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245919"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-2g3c-pg7q-g59w"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20231214-0005/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-681"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-681"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-15 19:15
Modified
2024-11-21 04:23
Severity ?
Summary
An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while processing.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.10 | |
| canonical | ubuntu_linux | 20.04 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| opensuse | leap | 15.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC9F2659-B37B-4E7B-AE40-B91BF3CE4E88",
"versionEndIncluding": "3.5.28",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61861774-A71F-48CB-B6B2-0489C57E4E66",
"versionEndIncluding": "4.7",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "306640BC-6B06-4BEE-BB6E-B7B3A4613DDC",
"versionEndIncluding": "5.0.1",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it\u0027s off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can\u0027t affect adjacent memory blocks, and thus just leads to a crash while processing."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Squid versiones hasta 4.7. Cuando Squid analiza ESI, mantiene los elementos de ESI en ESIContext. ESIContext contiene un b\u00fafer para contener una pila de ESIElements. Cuando se analiza un nuevo ESIElement, es agregado por medio de la funci\u00f3n addStackElement. addStackElement presenta una comprobaci\u00f3n para el n\u00famero de elementos en este b\u00fafer, pero est\u00e1 desactivado por 1, conllevando a un Desbordamiento de la Pila de 1 elemento. El desbordamiento se encuentra dentro de la misma estructura, por lo que no puede afectar a los bloques de memoria adyacentes y, por lo tanto, solo conlleva a un bloqueo mientras se procesa."
}
],
"id": "CVE-2019-12521",
"lastModified": "2024-11-21T04:23:01.553",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-15T19:15:12.393",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/04/23/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12521.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202005-05"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210205-0006/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4356-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/04/23/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12521.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202005-05"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210205-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4356-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-193"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-15 19:15
Modified
2024-11-21 04:23
Severity ?
Summary
An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This makes it trivial for an attacker who has compromised the child process to escalate their privileges back to root.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5584C95-5CB1-4D45-8C05-633746AE2AB4",
"versionEndIncluding": "4.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This makes it trivial for an attacker who has compromised the child process to escalate their privileges back to root."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Squid versiones hasta 4.7. Cuando Squid se ejecuta como root, genera sus procesos hijos como un usuario menor, por defecto el usuario nobody. Esto se realiza por medio de la llamada de leave_suid. leave_suid deja el UID Guardado como 0. Esto hace que sea trivial para un atacante que ha comprometido el proceso hijo escalar sus privilegios de nuevo a root."
}
],
"id": "CVE-2019-12522",
"lastModified": "2024-11-21T04:23:01.737",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-15T19:15:12.473",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12522.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210205-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12522.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210205-0006/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-10-12 21:00
Modified
2024-11-21 01:17
Severity ?
Summary
dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not enabled, accesses an invalid socket during an IPv4 TCP DNS query, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors that trigger an IPv4 DNS response with the TC bit set.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | 3.1.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E3AB229E-2C32-410B-BFE2-62DCA734C3F3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not enabled, accesses an invalid socket during an IPv4 TCP DNS query, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors that trigger an IPv4 DNS response with the TC bit set."
},
{
"lang": "es",
"value": "dns_internal.cc en Squid 3.1.6, cuando la resoluci\u00f3n DNS IPv6 no est\u00e1 habilitada, accede a un socket inv\u00e1lido durante una petici\u00f3n DNS TCP IPv4, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (por falta de confirmaci\u00f3n y salida del demonio) mediante vectores que disparan una respuesta DNS IPv4 con el bit TC configurado."
}
],
"id": "CVE-2010-2951",
"lastModified": "2024-11-21T01:17:43.283",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-10-12T21:00:01.710",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://bazaar.launchpad.net/~squid/squid/3.1/revision/10072"
},
{
"source": "secalert@redhat.com",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=334263"
},
{
"source": "secalert@redhat.com",
"url": "http://bugs.squid-cache.org/show_bug.cgi?id=3009"
},
{
"source": "secalert@redhat.com",
"url": "http://bugs.squid-cache.org/show_bug.cgi?id=3021"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://marc.info/?l=squid-users\u0026m=128263555724981\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2010/08/24/6"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2010/08/24/7"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2010/08/25/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2010/08/25/6"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10072.patch"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=626927"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bazaar.launchpad.net/~squid/squid/3.1/revision/10072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=334263"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.squid-cache.org/show_bug.cgi?id=3009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.squid-cache.org/show_bug.cgi?id=3021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://marc.info/?l=squid-users\u0026m=128263555724981\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/08/24/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/08/24/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2010/08/25/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/08/25/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10072.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=626927"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-07 18:59
Modified
2024-11-21 02:51
Severity ?
Summary
Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 packet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | 4.0.1 | |
| squid-cache | squid | 4.0.2 | |
| squid-cache | squid | 4.0.3 | |
| squid-cache | squid | 4.0.4 | |
| squid-cache | squid | 4.0.5 | |
| squid-cache | squid | 4.0.6 | |
| squid-cache | squid | 4.0.7 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.10 | |
| canonical | ubuntu_linux | 16.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADA9BDAD-E02B-497D-8793-BE99D3C5623F",
"versionEndIncluding": "3.5.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "060FCBEA-DEAA-42FB-88C9-4B78136B172F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "74987102-8CA8-4120-B686-F18579A96A46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DA7828AA-48B6-44CD-8507-345A4F0A25BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6640F25F-CC8B-4B05-A97A-2186BD0B5ED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A037F780-6FC9-4130-908F-B5434FA0C7DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1DDEB455-F082-44E4-8CEA-019C0084BF05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "49555803-288E-4B0A-B12A-890E5E0AD05F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 packet."
},
{
"lang": "es",
"value": "Desbordamiento de buffer basado en memoria din\u00e1mica en la funci\u00f3n Icmp6::Recv en icmp/Icmp6.cc en la utilidad pinger en Squid en versiones anteriores a 3.5.16 y 4.x en versiones anteriores a 4.0.8 permite a servidores remotos provocar una denegaci\u00f3n de servicio (degradaci\u00f3n de rendimiento o fallos de transici\u00f3n) o escribir informaci\u00f3n sensible en archivos de registro a trav\u00e9s de un paquete ICMPv6."
}
],
"id": "CVE-2016-3947",
"lastModified": "2024-11-21T02:51:00.303",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-07T18:59:00.137",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1035457"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_3.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10495.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11839.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12694.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13232.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14015.patch"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-2995-1"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_3.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10495.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11839.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12694.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13232.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14015.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2995-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201607-01"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-19 05:15
Modified
2024-11-21 05:17
Severity ?
Summary
An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 32 | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 | |
| netapp | cloud_manager | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B208B84-A890-4495-B7EC-AD1023E9522D",
"versionEndExcluding": "4.14",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91D0229E-67AA-43EA-9178-5EF50D38F700",
"versionEndExcluding": "5.0.5",
"versionStartIncluding": "5.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*",
"matchCriteriaId": "197D0D80-6702-4B61-B681-AFDBA7D69067",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Squid versiones hasta 4.13 y versiones 5.x hasta 5.0.4.\u0026#xa0;Debido a una comprobaci\u00f3n inapropiada de la entrada, permite a un cliente confiable llevar a cabo un Trafico No Autorizado de Peticiones HTTP y acceder a servicios que de otro modo estar\u00edan prohibidos por los controles de seguridad.\u0026#xa0;Esto ocurre para determinados ajustes de configuraci\u00f3n de uri_whitespace"
}
],
"id": "CVE-2020-25097",
"lastModified": "2024-11-21T05:17:19.900",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-19T05:15:12.480",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_11.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v5/changesets/SQUID-2020_11.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-jvf6-h9gj-pmj6"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJMDRVV677AJL4BZAOLCT5LMFCGBZTC2/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FBXFWKIGXPERDVQXG556LLPUOCMQGERC/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3RYBDMJCPYGOSURWDR3WJTE474UFT77/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202105-14"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210727-0010/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4873"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_11.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v5/changesets/SQUID-2020_11.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-jvf6-h9gj-pmj6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DJMDRVV677AJL4BZAOLCT5LMFCGBZTC2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FBXFWKIGXPERDVQXG556LLPUOCMQGERC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3RYBDMJCPYGOSURWDR3WJTE474UFT77/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202105-14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210727-0010/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4873"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-444"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-05-10 19:59
Modified
2024-11-21 02:52
Severity ?
Summary
client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62B9F669-6217-498A-902E-22EDEEFC565E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A8586AD-E820-4BAE-AAF9-AC7EF2316C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "802E3D2B-90B7-4725-854F-4174116BC314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7501697A-BCFD-4DC3-8D87-CC9A186D9589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6C4455-85F4-462D-9FF6-F830ED7D398E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B600BF4C-8169-4086-BFE6-F066BE5F5406",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "46272D1B-1468-48C0-B37A-7D06FAC39C47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DA782B4B-486F-4197-BD5D-ABF791D57211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "558D8641-E097-4D91-9B6E-07433844BB82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0B46F5F1-38FC-4E25-8F04-CA2730561DF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C69B0A4D-9619-4BEA-A846-C4438C2660F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "ED17FE35-6B2C-41BF-A7C7-2EECBDB5A934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "78A50750-3A31-482C-B95C-019C8934850E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF6AC30-9570-4D4B-835E-CCADEB546F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB84E4E-6A0A-41C8-9DDF-3C18F526F155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2E49E5C3-D01F-4DBC-B33A-5495D3EC44F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "79C53B22-9F33-43E7-8D1F-EEB0DEF4B503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "25B60DB2-F50C-42F0-B6C9-B25C34B8F578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "DE973F9E-8387-464F-AFA0-25215B340173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "03D3F0E3-0C50-4A86-87F4-90FC82B312F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE26BEC0-B9C7-43F0-B0FB-E81870170B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0778579-A193-4C61-BB1A-6D2E733F3958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED5DC63-6E9D-4068-95DF-AF8FD9A0A7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DE890F9-12C0-4D66-B6C1-6A5A87FAD5F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FB414FE3-3567-474B-B5A7-D3EF5DD63AB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF450F17-12A2-4E33-875A-5F3C2CA4A5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E3AB229E-2C32-410B-BFE2-62DCA734C3F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "78A6D6B0-9BC0-418E-84EE-23697A0FEC19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF7AFE1-A45A-43B7-B3C7-45C060D046BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "41914354-D5BE-4B1F-BED3-0ECA43586537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9A3716-8670-4847-A6EB-F601184D369E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E88EE3-EC00-4F1F-BAEF-4F1F893C5C5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A330DFA8-BF79-45CC-BF88-6CEA26D7BC9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B218819-0975-4E1F-8F6C-D666655937B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "594A05FF-E5D2-4132-BF03-44D6866D8133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B22C192-02F2-4AD4-A305-BADCC09E8075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "679A55F8-34B4-435A-8BCE-8F842F3FB269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "898674F9-6BF7-469F-A74E-558EAFC2CD27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "3F50E718-1CF2-4C8F-A1EA-5F769B203B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "290D66F4-D27F-4E86-AC95-05082F3C2E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "A8CD6A42-2C79-48EB-8F6C-0A7CE0C6AAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "ABBA9A61-2B05-4527-A49D-425AD5FD863B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "E893D7A8-9C39-438C-8EF2-9573EEDC884A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "0B707451-BF0E-4F79-A348-B1141ABA6EF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "810AAA9D-F4B2-4F0A-89DD-2D9378516481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "516F3F77-3AEA-489D-A36F-C502B4D9BF01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFAB3BA-BBE9-4CFB-BE6B-BDF3E7772E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F523B8-463E-4FB0-ACB6-E36AAAF85CD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA593D9-907D-4051-A3F2-0F88F01A7C79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "20D2B364-B98A-4484-A10A-86AF43774096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0B7BF076-0D43-407A-86DC-D1163922A787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA576F49-A7F5-4013-89DF-F6C91C15B547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3F52FE-FFB3-4221-8DC7-3F5680A07429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "604FEF42-ABA7-42C1-8A5F-C3AECFD68481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DC2568C1-89CB-41C1-9126-A8665614D0B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C18B5392-3FDB-49E6-89DB-7945D337FBFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9E0E7F-E93C-4DE9-8D91-5EE50BCFAC2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0BFF9D8B-343B-415D-8AF8-B07AF94CC48B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "16F5794B-BBFB-4B12-9A0B-88A0334681C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "17D0083E-8D50-4DC6-979F-685D5CB588AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "138FAD73-1D25-4F46-B9EA-599FF0EDA1AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE34DC1-F654-474E-B6A3-D81B9BF4D6CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8A4BF7AC-7D9F-40D8-A5AA-BE1EBF37CF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "643E8B9B-C3F4-4171-BF67-D9359BDCE5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "A73CBC60-1EF1-4730-9350-EB51F269695B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2721E403-A553-492F-897F-1CD1E2685139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "85B091C4-8104-4A1E-A09D-EBCD114DC829",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA2EDF9C-45AD-4980-8DEF-C7F473B22CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BE4B8448-49FA-491C-A6A2-040233D670B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "11480BB1-874C-48EB-BB03-081313310608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1B739890-99E8-434C-97D4-3739E6C31838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0C7B1871-3C85-4B88-AB42-E60BF5CDFB04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0A71DCD2-0E54-46A7-8309-CDB0736AD5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CD54BDDF-F7A8-4715-BA0E-4E7F741492FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9A2B9699-6622-4883-BA03-E3374C54871A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "78391DAF-2096-4DC4-80E4-D4D2859DCA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "9B062A06-31C1-4B23-B7BD-9F751ABD6A37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "DE426934-A9E2-4019-99EA-5A76EA7CDF5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "728DD64E-C267-475A-BEA8-C139581DD7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A7A83183-74B1-4041-A961-D9F382AAC7E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE8F3F5-45A2-418A-9D8E-4E6DFC888BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F4845D4-40D9-431E-A63C-E949B9D9F959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF070E6-0B73-4F6D-8932-B284697FCD2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E07992B-92B4-4307-8DBD-085376C1D6DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "386550A3-A55B-4F24-9625-6A50260ADA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "810D1F9E-81E5-45F0-B62B-AB0A797FF8B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4673327A-1E50-47CC-AD83-6A3D2E687292",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6624AF2D-9EF0-4597-B8B2-20D7A309EA6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F75D13-ED59-42A9-A662-AC77DBA20903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1D2DEDED-818C-42E4-821C-954CE7406DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EEED0A2E-AA5D-4835-A7C6-499325A0EB32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BEDD0AF5-8252-4548-941B-26581393E918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3E939AD4-B8F3-4BC0-9948-3C92B88D2593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "73CAD438-969B-4D2E-8A2F-9264AFAD9DE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "87259A2E-E132-45BA-8AC4-8CC50B1F659A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "76245991-1D91-4475-87E1-FBB77A1B3CDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1DD85E57-9A51-42DF-8BF7-E5701BAA64AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E983C5C3-C93C-4750-8DC5-31D6206335A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DEC8D212-6E8B-45F7-B7FB-9FFA64C1DB8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F03B2A6E-1D63-42F2-BB31-18EC120B6543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3BC83C4B-7C06-40D7-9EF6-76E752E5724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1E1CC9-81A7-47D5-87AC-86703E257D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D716D8C4-2089-4E61-9487-B2085B74B5BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BBC5AAD-34E1-48A5-972A-A09D66EFE825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "79E26DC8-1030-4F3F-96B9-6BF159D86FCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "40507A48-FD3B-4309-B017-A1644C5C3520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0211EBCA-144F-4BDD-8F0C-E5F7BDF96E7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7A52E699-6C08-4324-AD38-E8D40A02701F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "94C493CA-CBF0-4D15-8D1A-0E972E31F7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C398219E-503D-4DE5-85E8-5570536D6FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "BBF91088-0BD3-48EB-8D19-C05F156D4A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "3441D193-DA62-4AC1-8E50-3AEEF8C659F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0868B12-EDF9-42D9-BB43-15F623A3310B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F710949D-F0FE-43F4-ADB3-6EB679A70280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB75144-2437-40A8-8CA3-A487B603F7DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6CED2CB3-BE78-4818-A6D7-847A1ACE74DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "705D8320-A278-483A-AE47-802044CE685E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "715634E1-F7BE-4106-BDA7-B7D147EEA800",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "21E9E155-FC6F-46E7-8BF7-65DF097409D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CF72FA7A-E35D-4000-9DDA-71E55EA3A4D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3F10F-938E-44D6-845D-B66EF9812C21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B1D82EEE-F65E-4657-B0F7-6CE33D219134",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C9E6A845-B67C-4112-8240-9F61D6AF3B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4BEDD7E3-E263-4A09-9C11-3E008E01BC28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "80E3FF16-A6CD-456C-B58A-381A75D8616C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "87D02AB2-AA26-4416-B689-02C5EEF2099C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A134E1F1-AFCC-498B-8840-5884CF858769",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F4E7D0-B6F4-476E-A011-55619E91A3B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "95588755-27E8-4DB7-B865-A784D3638FE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2CD4DDBC-4243-459A-B43D-FF8F0AE0BA3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0F90E11F-FC03-46D9-A9C4-A578196D59D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "EDC9BEE2-D7E4-4192-963C-E9F2364FC8CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.17:*:*:*:*:*:*:*",
"matchCriteriaId": "CA0BDDAD-2912-480F-8911-8FF94E1A7415",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "060FCBEA-DEAA-42FB-88C9-4B78136B172F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "74987102-8CA8-4120-B686-F18579A96A46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DA7828AA-48B6-44CD-8507-345A4F0A25BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6640F25F-CC8B-4B05-A97A-2186BD0B5ED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A037F780-6FC9-4130-908F-B5434FA0C7DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1DDEB455-F082-44E4-8CEA-019C0084BF05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "49555803-288E-4B0A-B12A-890E5E0AD05F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEE374C-365E-49DE-A9F9-6083044C774D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1B6B2A8E-DD81-43CD-9F5B-E8F87498E513",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*",
"matchCriteriaId": "CC7A498A-A669-4C42-8134-86103C799D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*",
"matchCriteriaId": "104DA87B-DEE4-4262-AE50-8E6BC43B228B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses."
},
{
"lang": "es",
"value": "client_side_request.cc en Squid 3.x en versiones anteriores a 3.5.18 y 4.x en versiones anteriores a 4.0.10 permite a servidores remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de respuestas Edge Side Includes (ESI) manipuladas."
}
],
"id": "CVE-2016-4555",
"lastModified": "2024-11-21T02:52:28.303",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-05-10T19:59:02.323",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "http://bugs.squid-cache.org/show_bug.cgi?id=4455"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3625"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/06/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/06/5"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securitytracker.com/id/1035770"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_9.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_9.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_9.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2995-1"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2016:1139"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2016:1140"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "http://bugs.squid-cache.org/show_bug.cgi?id=4455"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/06/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/06/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securitytracker.com/id/1035770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_9.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_9.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_9.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2995-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2016:1139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2016:1140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201607-01"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-30 18:15
Modified
2024-11-21 05:04
Severity ?
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an uncommon shell whitespace character prefix to the length field-value.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| fedoraproject | fedora | 31 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "357FB8EB-55D7-40D8-918A-F8F2C1B6182A",
"versionEndIncluding": "2.6",
"versionStartIncluding": "2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3828B8E-1FF7-4707-BB24-6C7CABC37362",
"versionEndIncluding": "3.5.28",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3430B4A-4E1E-438D-9C84-4CFED6A3F023",
"versionEndExcluding": "4.12",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "137B599B-80D1-4903-8791-40F11BC3FCD9",
"versionEndExcluding": "5.0.3",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "35C30CB9-FA3A-408D-A8B0-8805E75657BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable2:*:*:*:*:*:*",
"matchCriteriaId": "EFBB466C-C679-4B4B-87C2-E7853E5B3F04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable3:*:*:*:*:*:*",
"matchCriteriaId": "A03692DD-779F-4E3C-861C-29943870A816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable4:*:*:*:*:*:*",
"matchCriteriaId": "79FF6B3C-A3CE-4AA2-80F9-44D05A6B2F08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable5:*:*:*:*:*:*",
"matchCriteriaId": "3CF6E367-D33B-4B60-8C40-4618C47D53E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable6:*:*:*:*:*:*",
"matchCriteriaId": "0FA1F4FE-629C-4489-A13C-017A824C840F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable7:*:*:*:*:*:*",
"matchCriteriaId": "2479C5BF-94E1-4153-9FA3-333BC00F01D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable8:*:*:*:*:*:*",
"matchCriteriaId": "8ABFCCCC-7584-466E-97CC-6EBD3934A70E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable9:*:*:*:*:*:*",
"matchCriteriaId": "F17E49BF-FB11-4EE6-B6AC-30914F381B2F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing \"+\\ \"-\" or an uncommon shell whitespace character prefix to the length field-value."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en el archivo http/ContentLengthInterpreter.cc en Squid versiones anteriores a 4.12 y versiones 5.x anteriores a 5.0.3. Un ataque de Trafico No Autorizado de Peticiones y Envenenamiento puede tener \u00e9xito contra la memoria cach\u00e9 HTTP. El cliente env\u00eda una petici\u00f3n HTTP con un encabezado Content-Length que contiene \"+\\\"-\" o un prefijo del car\u00e1cter espacio en blanco de shell poco com\u00fan en el valor de campo de longitud"
}
],
"id": "CVE-2020-15049",
"lastModified": "2024-11-21T05:04:41.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-30T18:15:12.367",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-ea12a34d338b962707d5078d6d1fc7c6eb119a22.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v5/changesets/squid-5-485c9a7bb1bba88754e07ad0094647ea57a6eb8d.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-qf3v-rc95-96j5"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3RG5FGSTCAYVIJPJHIY3MRZ7NFT6HDO7/"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20210312-0001/"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/4551-1/"
},
{
"source": "cve@mitre.org",
"url": "https://www.debian.org/security/2020/dsa-4732"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-ea12a34d338b962707d5078d6d1fc7c6eb119a22.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v5/changesets/squid-5-485c9a7bb1bba88754e07ad0094647ea57a6eb8d.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-qf3v-rc95-96j5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3RG5FGSTCAYVIJPJHIY3MRZ7NFT6HDO7/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20210312-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/4551-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.debian.org/security/2020/dsa-4732"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-444"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-07-28 17:30
Modified
2024-11-21 01:05
Severity ?
Summary
Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce "buffer limits and related bound checks," which allows remote attackers to cause a denial of service via (1) an incomplete request or (2) a request with a large header size, related to (a) HttpMsg.cc and (b) client_side.cc.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.0 | |
| squid-cache | squid | 3.1 | |
| squid-cache | squid | 3.1.0.1 | |
| squid-cache | squid | 3.1.0.2 | |
| squid-cache | squid | 3.1.0.3 | |
| squid-cache | squid | 3.1.0.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:pre1:*:*:*:*:*",
"matchCriteriaId": "CF9C0078-D06B-4174-AF2C-599638E5B29D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:pre2:*:*:*:*:*",
"matchCriteriaId": "F1DD47BA-EA59-4DCC-BFF3-2DF0BC332CBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:pre3:*:*:*:*:*",
"matchCriteriaId": "2BC1746D-BE02-4D04-B31D-95589EBD4C93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:pre4:*:*:*:*:*",
"matchCriteriaId": "62C35710-215C-4B80-9304-665451F3C0AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:pre5:*:*:*:*:*",
"matchCriteriaId": "76A7416C-64B2-4F52-93FD-9C504B7D4F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:pre6:*:*:*:*:*",
"matchCriteriaId": "17D51261-2071-4E8F-AD75-2ECCBE7F7C04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:pre7:*:*:*:*:*",
"matchCriteriaId": "ACD9E084-007E-4C6A-8D30-2DC9B355D7B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:stable1:*:*:*:*:*",
"matchCriteriaId": "95912E0D-FACF-459B-94FB-334FDBCC292B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:stable10:*:*:*:*:*",
"matchCriteriaId": "2C455506-7FBF-4F0E-92E7-F074B74C10D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:stable11:*:*:*:*:*",
"matchCriteriaId": "67288E3E-88BF-44CE-84EF-1BF98E8C38CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:stable12:*:*:*:*:*",
"matchCriteriaId": "B428BDA9-8C83-4DE3-9391-17AFD5D750BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:stable13:*:*:*:*:*",
"matchCriteriaId": "DC57EAB8-BFEF-4FE2-8ADB-D196EAE3E51D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:stable14:*:*:*:*:*",
"matchCriteriaId": "935F2BDE-7F76-4E13-8318-37CE97B7948F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:stable15:*:*:*:*:*",
"matchCriteriaId": "354599A2-5FCF-4F5A-85AE-00505D32B9BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:stable2:*:*:*:*:*",
"matchCriteriaId": "1F1BC7B9-9CD1-42E9-84BB-BEE3668BAAA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:stable3:*:*:*:*:*",
"matchCriteriaId": "88E3716B-863A-40D4-A7D9-F2A288B87394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:stable4:*:*:*:*:*",
"matchCriteriaId": "02FB3C5B-95F1-4839-8F68-649AFA2FEB1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:stable5:*:*:*:*:*",
"matchCriteriaId": "631CBA69-B2A1-4522-A330-6A87CCBC682C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:stable6:*:*:*:*:*",
"matchCriteriaId": "0FE7885D-D1EB-4543-B342-80BC645EE8EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:stable7:*:*:*:*:*",
"matchCriteriaId": "B7C4AE0E-9608-4D24-8EA3-0F33A5D95A5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:stable8:*:*:*:*:*",
"matchCriteriaId": "628344A8-42AE-4AD7-89A2-66711490AB30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:stable9:*:*:*:*:*",
"matchCriteriaId": "3260A290-9F63-4E5C-BEF2-015E9491AD18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:rc1:stable11:*:*:*:*:*",
"matchCriteriaId": "4F830353-C4E4-4DAF-B7ED-1B0BAE9F3253",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "131C4C00-3811-42BF-A84A-EB2E5DA156B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A8586AD-E820-4BAE-AAF9-AC7EF2316C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "802E3D2B-90B7-4725-854F-4174116BC314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7501697A-BCFD-4DC3-8D87-CC9A186D9589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6C4455-85F4-462D-9FF6-F830ED7D398E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B600BF4C-8169-4086-BFE6-F066BE5F5406",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce \"buffer limits and related bound checks,\" which allows remote attackers to cause a denial of service via (1) an incomplete request or (2) a request with a large header size, related to (a) HttpMsg.cc and (b) client_side.cc."
},
{
"lang": "es",
"value": "Squid desde v3.0 hasta v3.0.STABLE16 desde v3.1 hasta v3.1.0.11 no cumple adecuadamente con \"los limites de b\u00fafer y comprobaciones vinculadas,\" lo que permite a atacantes remotos producir una denegaci\u00f3n de servicio a trav\u00e9s de (1) una petici\u00f3n incompleta o (2) una petici\u00f3n con un tama\u00f1o largo de cabecera, relacionado con (a) HttpMsg.cc y (b) client_side.cc."
}
],
"id": "CVE-2009-2621",
"lastModified": "2024-11-21T01:05:18.980",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-07-28T17:30:01.077",
"references": [
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/36007"
},
{
"source": "cret@cert.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:161"
},
{
"source": "cret@cert.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:178"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/35812"
},
{
"source": "cret@cert.org",
"url": "http://www.securitytracker.com/id?1022607"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2009_2.txt"
},
{
"source": "cret@cert.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/b9654.patch"
},
{
"source": "cret@cert.org",
"url": "http://www.vupen.com/english/advisories/2009/2013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/36007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35812"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2009_2.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/b9654.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/2013"
}
],
"sourceIdentifier": "cret@cert.org",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect the versions of squid as shipped with Red Hat Enterprise Linux 3, 4, or 5.",
"lastModified": "2009-08-06T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-10-18 09:15
Modified
2024-11-21 06:26
Severity ?
Summary
An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem allows a remote server to obtain security trust well improperly. This indication of trust may be passed along to clients, allowing access to unsafe or hijacked services.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| fedoraproject | fedora | 35 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D24F4FC-780E-44DE-B19B-9F63819DE09D",
"versionEndExcluding": "5.2",
"versionStartIncluding": "5.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem allows a remote server to obtain security trust well improperly. This indication of trust may be passed along to clients, allowing access to unsafe or hijacked services."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Squid versiones 5.0.6 hasta 5.1.x anteriores a 5.2. Cuando se comprueba un certificado de servidor de origen o de pares, Squid puede clasificar incorrectamente determinados certificados como confiable. Este problema permite que un servidor remoto obtenga la confianza de seguridad de forma inapropiada. Esta indicaci\u00f3n confiable puede ser transmitida a clientes, permitiendo el acceso a servicios no seguros o secuestrados"
}
],
"id": "CVE-2021-41611",
"lastModified": "2024-11-21T06:26:31.043",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-18T09:15:08.823",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/23/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v6/changesets/squid-6-43d6b5c81b88ec2256b430c69a872a1e4f324e4a.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-47m4-g3mv-9q5r"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CWQ2WKDWTSO47S3F6XJJ6HGG2ULWEAE4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/23/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v6/changesets/squid-6-43d6b5c81b88ec2256b430c69a872a1e4f324e4a.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-47m4-g3mv-9q5r"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CWQ2WKDWTSO47S3F6XJJ6HGG2ULWEAE4/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-09-30 22:55
Modified
2024-11-21 01:50
Severity ?
Summary
The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x before 3.2.9 and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a "," character in an Accept-Language header.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | 3.2.0.1 | |
| squid-cache | squid | 3.2.0.2 | |
| squid-cache | squid | 3.2.0.3 | |
| squid-cache | squid | 3.2.0.4 | |
| squid-cache | squid | 3.2.0.5 | |
| squid-cache | squid | 3.2.0.6 | |
| squid-cache | squid | 3.2.0.7 | |
| squid-cache | squid | 3.2.0.8 | |
| squid-cache | squid | 3.2.0.9 | |
| squid-cache | squid | 3.2.0.10 | |
| squid-cache | squid | 3.2.0.11 | |
| squid-cache | squid | 3.2.0.12 | |
| squid-cache | squid | 3.2.0.13 | |
| squid-cache | squid | 3.2.0.14 | |
| squid-cache | squid | 3.2.0.15 | |
| squid-cache | squid | 3.2.0.16 | |
| squid-cache | squid | 3.2.0.17 | |
| squid-cache | squid | 3.2.0.18 | |
| squid-cache | squid | 3.2.0.19 | |
| squid-cache | squid | 3.2.1 | |
| squid-cache | squid | 3.2.2 | |
| squid-cache | squid | 3.2.3 | |
| squid-cache | squid | 3.2.4 | |
| squid-cache | squid | 3.2.5 | |
| squid-cache | squid | 3.2.6 | |
| squid-cache | squid | 3.2.7 | |
| squid-cache | squid | 3.2.8 | |
| squid-cache | squid | 3.3.0 | |
| squid-cache | squid | 3.3.0.2 | |
| squid-cache | squid | 3.3.0.3 | |
| squid-cache | squid | 3.3.1 | |
| squid-cache | squid | 3.3.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFAB3BA-BBE9-4CFB-BE6B-BDF3E7772E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F523B8-463E-4FB0-ACB6-E36AAAF85CD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA593D9-907D-4051-A3F2-0F88F01A7C79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "20D2B364-B98A-4484-A10A-86AF43774096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0B7BF076-0D43-407A-86DC-D1163922A787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA576F49-A7F5-4013-89DF-F6C91C15B547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3F52FE-FFB3-4221-8DC7-3F5680A07429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "604FEF42-ABA7-42C1-8A5F-C3AECFD68481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DC2568C1-89CB-41C1-9126-A8665614D0B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C18B5392-3FDB-49E6-89DB-7945D337FBFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9E0E7F-E93C-4DE9-8D91-5EE50BCFAC2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0BFF9D8B-343B-415D-8AF8-B07AF94CC48B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "16F5794B-BBFB-4B12-9A0B-88A0334681C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "17D0083E-8D50-4DC6-979F-685D5CB588AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "138FAD73-1D25-4F46-B9EA-599FF0EDA1AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE34DC1-F654-474E-B6A3-D81B9BF4D6CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8A4BF7AC-7D9F-40D8-A5AA-BE1EBF37CF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "643E8B9B-C3F4-4171-BF67-D9359BDCE5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "A73CBC60-1EF1-4730-9350-EB51F269695B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2721E403-A553-492F-897F-1CD1E2685139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "85B091C4-8104-4A1E-A09D-EBCD114DC829",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA2EDF9C-45AD-4980-8DEF-C7F473B22CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BE4B8448-49FA-491C-A6A2-040233D670B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "11480BB1-874C-48EB-BB03-081313310608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1B739890-99E8-434C-97D4-3739E6C31838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0C7B1871-3C85-4B88-AB42-E60BF5CDFB04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0A71DCD2-0E54-46A7-8309-CDB0736AD5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "728DD64E-C267-475A-BEA8-C139581DD7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE8F3F5-45A2-418A-9D8E-4E6DFC888BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F4845D4-40D9-431E-A63C-E949B9D9F959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF070E6-0B73-4F6D-8932-B284697FCD2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E07992B-92B4-4307-8DBD-085376C1D6DD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x before 3.2.9 and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a \",\" character in an Accept-Language header."
},
{
"lang": "es",
"value": "La funci\u00f3n strHdrAcptLangGetItem en errorpage.cc de Squid 3.2.x (anteriores a 3.2.9) y 3.3.x (anteriores a 3.3.3) permite a un atacante remoto causar una denegaci\u00f3n de servicio (bucle infinito y consumo de CPU) a trav\u00e9s de un caracter \",\" en la cabecera Accept-Language."
}
],
"id": "CVE-2013-1839",
"lastModified": "2024-11-21T01:50:29.613",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-09-30T22:55:04.633",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-03/0025.html"
},
{
"source": "secalert@redhat.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-03/0069.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52588"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/03/11/7"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/58316"
},
{
"source": "secalert@redhat.com",
"url": "http://www.squid-cache.org/Advisories/SQUID-2013_1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-03/0025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-03/0069.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52588"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/03/11/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/58316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/Advisories/SQUID-2013_1.txt"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-09-28 20:59
Modified
2024-11-21 02:32
Severity ?
Summary
Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | fedora | 22 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| squid-cache | squid | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D573DBDF-0CB4-438C-B0B0-11DFD3D8DF7A",
"versionEndIncluding": "3.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request."
},
{
"lang": "es",
"value": "Vulnerabilidad en Squid en versiones anteriores a 3.5.6, no maneja adecuadamente las respuestas de pares del m\u00e9todo CONNECT cuando se configura con cache_peer, lo que permite a atacantes remotos eludir las restricciones previstas y obtener acceso a un proxy backend a trav\u00e9s de una solicitud CONNECT."
}
],
"id": "CVE-2015-5400",
"lastModified": "2024-11-21T02:32:56.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-09-28T20:59:03.280",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183598.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2015/dsa-3327"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/07/06/8"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/07/09/12"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/07/10/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/17/14"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/75553"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1032873"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2015_2.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10494.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13225.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13856.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183598.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2015/dsa-3327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/07/06/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/07/09/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/07/10/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2015/07/17/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/75553"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032873"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2015_2.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10494.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13225.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13856.patch"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-15 17:15
Modified
2024-11-21 04:23
Severity ?
Summary
Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 29 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.04 | |
| canonical | ubuntu_linux | 19.10 | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 15.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61861774-A71F-48CB-B6B2-0489C57E4E66",
"versionEndIncluding": "4.7",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it."
},
{
"lang": "es",
"value": "Debido a una terminaci\u00f3n de cadena incorrecta, el archivo cachemgr.cgi de Squid versiones 4.0 hasta 4.7 puede acceder a la memoria no asignada. En sistemas con protecciones de acceso a memoria, esto puede causar que el proceso CGI finalice inesperadamente, resultando en una denegaci\u00f3n de servicio para todos los clientes que lo usan."
}
],
"id": "CVE-2019-12854",
"lastModified": "2024-11-21T04:23:43.380",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-15T17:15:12.753",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_1.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-2981a957716c61ff7e21eee1d7d6eb5a237e466d.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://bugs.squid-cache.org/show_bug.cgi?id=4937"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/42"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4213-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4507"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-2981a957716c61ff7e21eee1d7d6eb5a237e466d.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bugs.squid-cache.org/show_bug.cgi?id=4937"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/42"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4213-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4507"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-14 18:15
Modified
2024-11-21 08:36
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to perform Denial of Service attack by sending a large X-Forwarded-For header when the follow_x_forwarded_for feature is configured. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| squid-cache | squid | 2.6 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 | |
| squid-cache | squid | 2.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1137E216-6CAB-4EFD-9678-AF3BD48B1FA5",
"versionEndIncluding": "5.9",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0CBB040-FF79-4CD5-B749-A50ADAD82571",
"versionEndIncluding": "6.5",
"versionStartIncluding": "6.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3AE100C3-0245-4305-B514-77D0572C2947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:-:*:*:*:*:*:*",
"matchCriteriaId": "A4E50120-7298-4BC5-AC36-708EFCCFA1F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable1:*:*:*:*:*:*",
"matchCriteriaId": "01930746-6E15-445F-BD30-C4E83FA9AE25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable2:*:*:*:*:*:*",
"matchCriteriaId": "EFBB466C-C679-4B4B-87C2-E7853E5B3F04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable3:*:*:*:*:*:*",
"matchCriteriaId": "A03692DD-779F-4E3C-861C-29943870A816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable4:*:*:*:*:*:*",
"matchCriteriaId": "79FF6B3C-A3CE-4AA2-80F9-44D05A6B2F08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable5:*:*:*:*:*:*",
"matchCriteriaId": "3CF6E367-D33B-4B60-8C40-4618C47D53E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable6:*:*:*:*:*:*",
"matchCriteriaId": "0FA1F4FE-629C-4489-A13C-017A824C840F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable7:*:*:*:*:*:*",
"matchCriteriaId": "2479C5BF-94E1-4153-9FA3-333BC00F01D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable8:*:*:*:*:*:*",
"matchCriteriaId": "8ABFCCCC-7584-466E-97CC-6EBD3934A70E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:2.7:stable9:*:*:*:*:*:*",
"matchCriteriaId": "F17E49BF-FB11-4EE6-B6AC-30914F381B2F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to perform Denial of Service attack by sending a large X-Forwarded-For header when the follow_x_forwarded_for feature is configured. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid\u0027s patch archives."
},
{
"lang": "es",
"value": "Squid es un proxy de almacenamiento en cach\u00e9 para la Web. Debido a un error de recursi\u00f3n no controlada en las versiones 2.6 a 2.7.STABLE9, versiones 3.1 a 5.9 y versiones 6.0.1 a 6.5, Squid puede ser vulnerable a un ataque de denegaci\u00f3n de servicio contra el an\u00e1lisis de solicitudes HTTP. Este problema permite que un cliente remoto realice un ataque de denegaci\u00f3n de servicio enviando un encabezado X-Forwarded-For grande cuando la funci\u00f3n follow_x_forwarded_for est\u00e1 configurada. Este error se solucion\u00f3 con la versi\u00f3n 6.6 de Squid. Adem\u00e1s, los parches que solucionan este problema para las versiones estables se pueden encontrar en los archivos de parches de Squid."
}
],
"id": "CVE-2023-50269",
"lastModified": "2024-11-21T08:36:47.383",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-14T18:15:45.070",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Broken Link"
],
"url": "http://www.squid-cache.org/Versions/v5/SQUID-2023_10.patch"
},
{
"source": "security-advisories@github.com",
"tags": [
"Broken Link"
],
"url": "http://www.squid-cache.org/Versions/v6/SQUID-2023_10.patch"
},
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-wgq4-4cfg-c4x3"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/"
},
{
"source": "security-advisories@github.com",
"url": "https://security.netapp.com/advisory/ntap-20240119-0005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.squid-cache.org/Versions/v5/SQUID-2023_10.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.squid-cache.org/Versions/v6/SQUID-2023_10.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-wgq4-4cfg-c4x3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20240119-0005/"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-674"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-04 20:15
Modified
2024-11-21 05:38
Severity ?
Summary
An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.10 | |
| opensuse | leap | 15.1 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCB84835-9A10-4970-8A4B-6467A2BD4FCB",
"versionEndExcluding": "4.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Squid versiones anteriores a 4.10. Debido a una comprobaci\u00f3n de entrada incorrecta, puede interpretar las peticiones HTTP dise\u00f1adas de manera no prevista para acceder a recursos del servidor prohibidos por parte de los filtros de seguridad anteriores."
}
],
"id": "CVE-2020-8449",
"lastModified": "2024-11-21T05:38:52.760",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-04T20:15:14.697",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2020_1.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-34"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210304-0002/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4289-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2020_1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-8e657e835965c3a011375feaa0359921c5b3e2dd.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-d8e4715992d0e530871519549add5519cbac0598.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G6W2IQ7QV2OGREFFUBNVZIDD3RJBDE4R/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSU6SPANL27AGK5PCGBJOKG4LUWA555J/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202003-34"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210304-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4289-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-09-06 15:55
Modified
2024-11-21 01:29
Severity ?
Summary
Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "047EDDD6-02F5-4B53-8FCA-781962392080",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "01AD43AB-40BF-449F-A121-A8587E7AE449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "3942285D-E20C-45C5-9EF8-821F6D782CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "B3FDB45B-4D91-4427-9565-812919086E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "86C3C8B5-C2A3-4454-9F89-38A860278366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "8B37B7B4-2EAC-4C2A-9526-5C62CBA1DB8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "056EDEEE-A09C-47A2-9217-72E4B8387E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable8:*:*:*:*:*:*:*",
"matchCriteriaId": "2593CB12-03E2-4F98-9B89-C09D5EADE077",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "A44B7A4F-3070-4092-B9AF-3A1CD0897CC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable10:*:*:*:*:*:*:*",
"matchCriteriaId": "EF79D9A9-9C11-4E6D-81D1-32CA8CA95223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable11:*:*:*:*:*:*:*",
"matchCriteriaId": "042FE60B-7239-45C7-8EE3-A036AC7778F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FF5EE89A-720F-456A-BD26-FE46BBA29D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable12:*:*:*:*:*:*:*",
"matchCriteriaId": "ADF61A74-9CF9-413E-B997-4FAE5BA28939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable13:*:*:*:*:*:*:*",
"matchCriteriaId": "5605B00F-438B-45CC-A55D-E75E57BC4684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable14:*:*:*:*:*:*:*",
"matchCriteriaId": "8316B22E-B016-4F0E-9A3F-383E9B1A85A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable15:*:*:*:*:*:*:*",
"matchCriteriaId": "49A2C5CB-E2F1-4A72-9EA3-912050AFEF7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable16:*:*:*:*:*:*:*",
"matchCriteriaId": "574C7DCC-B6E5-42A0-AA44-A0BCD67D1884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable16:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4D0DAD04-02C4-4FC4-BE08-3CAA3B85EB0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable17:*:*:*:*:*:*:*",
"matchCriteriaId": "A2B1F1A5-B435-4A5C-86DF-EC3F29D94417",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable18:*:*:*:*:*:*:*",
"matchCriteriaId": "113EF7A6-3B8D-4A50-8873-FD36FCBF284C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable19:*:*:*:*:*:*:*",
"matchCriteriaId": "DC97E2DA-7378-486B-9178-3B38FF58589B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable20:*:*:*:*:*:*:*",
"matchCriteriaId": "1F178890-2F7E-43F5-8D6D-5EFCD790E758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable21:*:*:*:*:*:*:*",
"matchCriteriaId": "9FA231EB-0F06-4D13-B50D-76FC8393187A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable22:*:*:*:*:*:*:*",
"matchCriteriaId": "31AB1D33-65EE-46DF-9D29-6B2BFACE7EC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable23:*:*:*:*:*:*:*",
"matchCriteriaId": "BDA4744F-5FB2-4DF8-A7B9-A33EAB004CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable24:*:*:*:*:*:*:*",
"matchCriteriaId": "72023FB9-F081-4F0A-9E81-2AF0470EB278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable25:*:*:*:*:*:*:*",
"matchCriteriaId": "2F7D973B-9D57-4F74-89B1-A18CDA388EF4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A8586AD-E820-4BAE-AAF9-AC7EF2316C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "802E3D2B-90B7-4725-854F-4174116BC314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7501697A-BCFD-4DC3-8D87-CC9A186D9589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6C4455-85F4-462D-9FF6-F830ED7D398E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B600BF4C-8169-4086-BFE6-F066BE5F5406",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "46272D1B-1468-48C0-B37A-7D06FAC39C47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DA782B4B-486F-4197-BD5D-ABF791D57211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "558D8641-E097-4D91-9B6E-07433844BB82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0B46F5F1-38FC-4E25-8F04-CA2730561DF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C69B0A4D-9619-4BEA-A846-C4438C2660F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "ED17FE35-6B2C-41BF-A7C7-2EECBDB5A934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "78A50750-3A31-482C-B95C-019C8934850E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF6AC30-9570-4D4B-835E-CCADEB546F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB84E4E-6A0A-41C8-9DDF-3C18F526F155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2E49E5C3-D01F-4DBC-B33A-5495D3EC44F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "79C53B22-9F33-43E7-8D1F-EEB0DEF4B503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "25B60DB2-F50C-42F0-B6C9-B25C34B8F578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "DE973F9E-8387-464F-AFA0-25215B340173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "03D3F0E3-0C50-4A86-87F4-90FC82B312F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE26BEC0-B9C7-43F0-B0FB-E81870170B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0778579-A193-4C61-BB1A-6D2E733F3958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED5DC63-6E9D-4068-95DF-AF8FD9A0A7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DE890F9-12C0-4D66-B6C1-6A5A87FAD5F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FB414FE3-3567-474B-B5A7-D3EF5DD63AB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF450F17-12A2-4E33-875A-5F3C2CA4A5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E3AB229E-2C32-410B-BFE2-62DCA734C3F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "78A6D6B0-9BC0-418E-84EE-23697A0FEC19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF7AFE1-A45A-43B7-B3C7-45C060D046BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "41914354-D5BE-4B1F-BED3-0ECA43586537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9A3716-8670-4847-A6EB-F601184D369E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E88EE3-EC00-4F1F-BAEF-4F1F893C5C5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A330DFA8-BF79-45CC-BF88-6CEA26D7BC9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "679A55F8-34B4-435A-8BCE-8F842F3FB269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "898674F9-6BF7-469F-A74E-558EAFC2CD27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFAB3BA-BBE9-4CFB-BE6B-BDF3E7772E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F523B8-463E-4FB0-ACB6-E36AAAF85CD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA593D9-907D-4051-A3F2-0F88F01A7C79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "20D2B364-B98A-4484-A10A-86AF43774096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0B7BF076-0D43-407A-86DC-D1163922A787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA576F49-A7F5-4013-89DF-F6C91C15B547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3F52FE-FFB3-4221-8DC7-3F5680A07429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "604FEF42-ABA7-42C1-8A5F-C3AECFD68481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DC2568C1-89CB-41C1-9126-A8665614D0B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C18B5392-3FDB-49E6-89DB-7945D337FBFB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en la v3.0 anterior a v3.0.STABLE26, v3.1 anterior a v3.1.15, y v3.2 anterior a v3.2.0.11 permite a servidores remotos Gopher provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y reinicio del demonio) o posiblemente tener un impacto no especificado a trav\u00e9s de una respuesta demasiado larga. NOTA: Este problema existe debido a una regresi\u00f3n de CVE-2005-0094."
}
],
"id": "CVE-2011-3205",
"lastModified": "2024-11-21T01:29:58.557",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-09-06T15:55:08.383",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065534.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00012.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00013.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/08/29/2"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/08/30/4"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/08/30/8"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45805"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/45906"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/45920"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/45965"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/46029"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1025981"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2011/dsa-2304"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:150"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/74847"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1293.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/49356"
},
{
"source": "secalert@redhat.com",
"url": "http://www.squid-cache.org/Advisories/SQUID-2011_3.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.HEAD/changesets/12710.patch"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9193.patch"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10363.patch"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11294.patch"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=734583"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065534.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/08/29/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/08/30/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/08/30/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/45906"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/45920"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/45965"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/46029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1025981"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2304"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:150"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/74847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1293.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/49356"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/Advisories/SQUID-2011_3.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v2/2.HEAD/changesets/12710.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.0/changesets/squid-3.0-9193.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10363.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11294.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=734583"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-15 20:15
Modified
2024-11-21 04:23
Severity ?
Summary
An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won't overflow.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.10 | |
| canonical | ubuntu_linux | 20.04 | |
| opensuse | leap | 15.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC9F2659-B37B-4E7B-AE40-B91BF3CE4E88",
"versionEndIncluding": "3.5.28",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FDF78DA3-A197-41B0-B5CB-E89457D37375",
"versionEndIncluding": "4.10",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "306640BC-6B06-4BEE-BB6E-B7B3A4613DDC",
"versionEndIncluding": "5.0.1",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it\u0027s being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won\u0027t overflow."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Squid versiones hasta 4.7. Cuando se maneja la etiqueta esi:when cuando ESI est\u00e1 habilitado, Squid llama a la funci\u00f3n ESIExpression::Evaluate. Esta funci\u00f3n usa un b\u00fafer de pila fijado para contener la expresi\u00f3n mientras se est\u00e1 evaluando. Cuando de procesa la expresi\u00f3n, podr\u00eda evaluar la parte superior de la pila o agregar un nuevo miembro en la pila. Cuando se agrega un nuevo miembro, no se realiza ninguna comprobaci\u00f3n para asegurar que la pila no se desborde."
}
],
"id": "CVE-2019-12519",
"lastModified": "2024-11-21T04:23:01.190",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-15T20:15:13.473",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/04/23/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12519.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202005-05"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210205-0006/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4356-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/04/23/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12519.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202005-05"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210205-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4356-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-23 15:15
Modified
2024-11-21 04:58
Severity ?
Summary
An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| opensuse | leap | 15.1 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.10 | |
| canonical | ubuntu_linux | 20.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC9F2659-B37B-4E7B-AE40-B91BF3CE4E88",
"versionEndIncluding": "3.5.28",
"versionStartIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AEA4C698-1DD0-4229-A80A-2437D56AA38D",
"versionEndExcluding": "4.11",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "665C9300-5D66-4653-84CB-F3C3500F9BBF",
"versionEndExcluding": "5.0.2",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials)."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Squid versiones anteriores a 5.0.2. Un atacante remoto puede reproducir un nonce Digest Autenticaci\u00f3n rastreado para conseguir acceso a recursos que de otra manera est\u00e1n restringidos. Esto ocurre porque el atacante puede desbordar el contador de referencia nonce (un entero corto). Una ejecuci\u00f3n de c\u00f3digo remota puede presentarse si las credenciales de token agrupadas son liberadas (en lugar de reproducirse como credenciales validas)."
}
],
"id": "CVE-2020-11945",
"lastModified": "2024-11-21T04:58:57.450",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-23T15:15:14.233",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://master.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/04/23/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1170313"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/commit/eeebf0f37a72a2de08348e85ae34b02c34e9a811"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/pull/585"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4FWQRYZJPHAZBLXJ56FPCHJN5X2FP3VA/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4MWXEZAJSOGRJSS2JCJK4WBSND4IV46/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RV2VZWFJNO3B56IVN56HHKJASG5DYUIX/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202005-05"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210304-0004/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4356-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://master.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/04/23/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1170313"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/commit/eeebf0f37a72a2de08348e85ae34b02c34e9a811"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/pull/585"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4FWQRYZJPHAZBLXJ56FPCHJN5X2FP3VA/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4MWXEZAJSOGRJSS2JCJK4WBSND4IV46/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RV2VZWFJNO3B56IVN56HHKJASG5DYUIX/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202005-05"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210304-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4356-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-01-27 17:59
Modified
2024-11-21 02:43
Severity ?
Summary
Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9A3716-8670-4847-A6EB-F601184D369E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E88EE3-EC00-4F1F-BAEF-4F1F893C5C5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A330DFA8-BF79-45CC-BF88-6CEA26D7BC9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "898674F9-6BF7-469F-A74E-558EAFC2CD27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "3F50E718-1CF2-4C8F-A1EA-5F769B203B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "290D66F4-D27F-4E86-AC95-05082F3C2E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "A8CD6A42-2C79-48EB-8F6C-0A7CE0C6AAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "ABBA9A61-2B05-4527-A49D-425AD5FD863B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "E893D7A8-9C39-438C-8EF2-9573EEDC884A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "0B707451-BF0E-4F79-A348-B1141ABA6EF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "810AAA9D-F4B2-4F0A-89DD-2D9378516481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "516F3F77-3AEA-489D-A36F-C502B4D9BF01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "FE91484C-3E8A-449C-A95D-DFA088D8D1B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA593D9-907D-4051-A3F2-0F88F01A7C79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "20D2B364-B98A-4484-A10A-86AF43774096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0B7BF076-0D43-407A-86DC-D1163922A787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA576F49-A7F5-4013-89DF-F6C91C15B547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3F52FE-FFB3-4221-8DC7-3F5680A07429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "604FEF42-ABA7-42C1-8A5F-C3AECFD68481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DC2568C1-89CB-41C1-9126-A8665614D0B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C18B5392-3FDB-49E6-89DB-7945D337FBFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9E0E7F-E93C-4DE9-8D91-5EE50BCFAC2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0BFF9D8B-343B-415D-8AF8-B07AF94CC48B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "16F5794B-BBFB-4B12-9A0B-88A0334681C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "17D0083E-8D50-4DC6-979F-685D5CB588AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "138FAD73-1D25-4F46-B9EA-599FF0EDA1AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE34DC1-F654-474E-B6A3-D81B9BF4D6CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8A4BF7AC-7D9F-40D8-A5AA-BE1EBF37CF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "643E8B9B-C3F4-4171-BF67-D9359BDCE5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "A73CBC60-1EF1-4730-9350-EB51F269695B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2721E403-A553-492F-897F-1CD1E2685139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "85B091C4-8104-4A1E-A09D-EBCD114DC829",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA2EDF9C-45AD-4980-8DEF-C7F473B22CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BE4B8448-49FA-491C-A6A2-040233D670B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "11480BB1-874C-48EB-BB03-081313310608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1B739890-99E8-434C-97D4-3739E6C31838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0C7B1871-3C85-4B88-AB42-E60BF5CDFB04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0A71DCD2-0E54-46A7-8309-CDB0736AD5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CD54BDDF-F7A8-4715-BA0E-4E7F741492FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9A2B9699-6622-4883-BA03-E3374C54871A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "78391DAF-2096-4DC4-80E4-D4D2859DCA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "9B062A06-31C1-4B23-B7BD-9F751ABD6A37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "DE426934-A9E2-4019-99EA-5A76EA7CDF5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B421E821-CB87-4B65-AD64-102C3628DBF9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A7A83183-74B1-4041-A961-D9F382AAC7E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE8F3F5-45A2-418A-9D8E-4E6DFC888BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F4845D4-40D9-431E-A63C-E949B9D9F959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF070E6-0B73-4F6D-8932-B284697FCD2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E07992B-92B4-4307-8DBD-085376C1D6DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "386550A3-A55B-4F24-9625-6A50260ADA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "810D1F9E-81E5-45F0-B62B-AB0A797FF8B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4673327A-1E50-47CC-AD83-6A3D2E687292",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6624AF2D-9EF0-4597-B8B2-20D7A309EA6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F75D13-ED59-42A9-A662-AC77DBA20903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1D2DEDED-818C-42E4-821C-954CE7406DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EEED0A2E-AA5D-4835-A7C6-499325A0EB32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BEDD0AF5-8252-4548-941B-26581393E918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3E939AD4-B8F3-4BC0-9948-3C92B88D2593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "73CAD438-969B-4D2E-8A2F-9264AFAD9DE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "87259A2E-E132-45BA-8AC4-8CC50B1F659A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "76245991-1D91-4475-87E1-FBB77A1B3CDF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1DD85E57-9A51-42DF-8BF7-E5701BAA64AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E983C5C3-C93C-4750-8DC5-31D6206335A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DEC8D212-6E8B-45F7-B7FB-9FFA64C1DB8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7DA3A67C-A764-4D7B-B795-7E6B05879E21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F03B2A6E-1D63-42F2-BB31-18EC120B6543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3BC83C4B-7C06-40D7-9EF6-76E752E5724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1E1CC9-81A7-47D5-87AC-86703E257D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D716D8C4-2089-4E61-9487-B2085B74B5BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5332A8F5-8F97-465B-AF24-2FEF0B055006",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6567D19B-DF18-4C52-984A-591524A83AD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "06832CD3-C761-4941-AFAB-822477C568F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "40507A48-FD3B-4309-B017-A1644C5C3520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0211EBCA-144F-4BDD-8F0C-E5F7BDF96E7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7A52E699-6C08-4324-AD38-E8D40A02701F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "94C493CA-CBF0-4D15-8D1A-0E972E31F7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C398219E-503D-4DE5-85E8-5570536D6FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "BBF91088-0BD3-48EB-8D19-C05F156D4A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "3441D193-DA62-4AC1-8E50-3AEEF8C659F3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0868B12-EDF9-42D9-BB43-15F623A3310B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F710949D-F0FE-43F4-ADB3-6EB679A70280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB75144-2437-40A8-8CA3-A487B603F7DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6CED2CB3-BE78-4818-A6D7-847A1ACE74DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "705D8320-A278-483A-AE47-802044CE685E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "715634E1-F7BE-4106-BDA7-B7D147EEA800",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "21E9E155-FC6F-46E7-8BF7-65DF097409D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CF72FA7A-E35D-4000-9DDA-71E55EA3A4D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3F10F-938E-44D6-845D-B66EF9812C21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B1D82EEE-F65E-4657-B0F7-6CE33D219134",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C9E6A845-B67C-4112-8240-9F61D6AF3B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4BEDD7E3-E263-4A09-9C11-3E008E01BC28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "80E3FF16-A6CD-456C-B58A-381A75D8616C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "87D02AB2-AA26-4416-B689-02C5EEF2099C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A134E1F1-AFCC-498B-8840-5884CF858769",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F4E7D0-B6F4-476E-A011-55619E91A3B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "95588755-27E8-4DB7-B865-A784D3638FE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2CD4DDBC-4243-459A-B43D-FF8F0AE0BA3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0F90E11F-FC03-46D9-A9C4-A578196D59D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "EDC9BEE2-D7E4-4192-963C-E9F2364FC8CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.17:*:*:*:*:*:*:*",
"matchCriteriaId": "CA0BDDAD-2912-480F-8911-8FF94E1A7415",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.18:*:*:*:*:*:*:*",
"matchCriteriaId": "275C4ED9-0C69-4CFD-9C1D-D734731DD940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.19:*:*:*:*:*:*:*",
"matchCriteriaId": "647A80E8-9AA4-41B4-B2F2-9D07D839DFEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.20:*:*:*:*:*:*:*",
"matchCriteriaId": "CC3EDC70-9DE3-454E-A90D-7D4A4C082517",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.21:*:*:*:*:*:*:*",
"matchCriteriaId": "8E397BA5-4FA4-402F-BFCC-9077ED93C438",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.22:*:*:*:*:*:*:*",
"matchCriteriaId": "4649C5C3-7371-4B92-9E06-73AE4CF39685",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "060FCBEA-DEAA-42FB-88C9-4B78136B172F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "74987102-8CA8-4120-B686-F18579A96A46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DA7828AA-48B6-44CD-8507-345A4F0A25BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6640F25F-CC8B-4B05-A97A-2186BD0B5ED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A037F780-6FC9-4130-908F-B5434FA0C7DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1DDEB455-F082-44E4-8CEA-019C0084BF05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "49555803-288E-4B0A-B12A-890E5E0AD05F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEE374C-365E-49DE-A9F9-6083044C774D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1B6B2A8E-DD81-43CD-9F5B-E8F87498E513",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "179ACC3B-D8C8-4CE2-964F-CBF29BBB066A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "252E5ABE-5113-4987-931E-16B69C4CE424",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "9285C454-7F60-4AEA-A134-124C1E0745FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "2F753944-8EC0-4CE5-98E5-71798F9EC663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BD3131-D4F3-4B29-9408-754B6190DAEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "3F00481A-5E3B-45A1-A2A5-56E63F91C834",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "217AB656-D70C-4009-8797-C58002FDB6C0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information."
},
{
"lang": "es",
"value": "Procesamiento incorrecto de respuestas a peticiones condicionales If-None-Modified HTTP en Squid HTTP Proxy 3.1.10 hasta la versi\u00f3n 3.1.23, 3.2.0.3 hasta la versi\u00f3n 3.5.22 y 4.0.1 hasta la versi\u00f3n 4.0.16 conduce a que datos Cookie de un cliente espec\u00edfico sean filtrados a otros clientes. Peticiones de ataque pueden ser f\u00e1cilmente manipuladas por un cliente para probar una memoria cach\u00e9 para esta informaci\u00f3n."
}
],
"id": "CVE-2016-10002",
"lastModified": "2024-11-21T02:43:04.293",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-01-27T17:59:00.133",
"references": [
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0182.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0183.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3745"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/18/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94953"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037513"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_11.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0182.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0183.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3745"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/18/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94953"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037513"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_11.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-11-17 19:55
Modified
2024-11-21 01:31
Severity ?
Summary
The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "890BD4A7-0680-4BEF-ABA3-FE02FBB05B07",
"versionEndIncluding": "3.1.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62B9F669-6217-498A-902E-22EDEEFC565E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:pre1:*:*:*:*:*",
"matchCriteriaId": "CF9C0078-D06B-4174-AF2C-599638E5B29D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:pre2:*:*:*:*:*",
"matchCriteriaId": "F1DD47BA-EA59-4DCC-BFF3-2DF0BC332CBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:pre3:*:*:*:*:*",
"matchCriteriaId": "2BC1746D-BE02-4D04-B31D-95589EBD4C93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:pre4:*:*:*:*:*",
"matchCriteriaId": "62C35710-215C-4B80-9304-665451F3C0AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:pre5:*:*:*:*:*",
"matchCriteriaId": "76A7416C-64B2-4F52-93FD-9C504B7D4F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:pre6:*:*:*:*:*",
"matchCriteriaId": "17D51261-2071-4E8F-AD75-2ECCBE7F7C04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:pre7:*:*:*:*:*",
"matchCriteriaId": "ACD9E084-007E-4C6A-8D30-2DC9B355D7B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:stable1:*:*:*:*:*",
"matchCriteriaId": "95912E0D-FACF-459B-94FB-334FDBCC292B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:stable10:*:*:*:*:*",
"matchCriteriaId": "2C455506-7FBF-4F0E-92E7-F074B74C10D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:stable11:*:*:*:*:*",
"matchCriteriaId": "67288E3E-88BF-44CE-84EF-1BF98E8C38CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:stable12:*:*:*:*:*",
"matchCriteriaId": "B428BDA9-8C83-4DE3-9391-17AFD5D750BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:stable13:*:*:*:*:*",
"matchCriteriaId": "DC57EAB8-BFEF-4FE2-8ADB-D196EAE3E51D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:stable14:*:*:*:*:*",
"matchCriteriaId": "935F2BDE-7F76-4E13-8318-37CE97B7948F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:stable15:*:*:*:*:*",
"matchCriteriaId": "354599A2-5FCF-4F5A-85AE-00505D32B9BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:stable2:*:*:*:*:*",
"matchCriteriaId": "1F1BC7B9-9CD1-42E9-84BB-BEE3668BAAA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:stable3:*:*:*:*:*",
"matchCriteriaId": "88E3716B-863A-40D4-A7D9-F2A288B87394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:stable4:*:*:*:*:*",
"matchCriteriaId": "02FB3C5B-95F1-4839-8F68-649AFA2FEB1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:stable5:*:*:*:*:*",
"matchCriteriaId": "631CBA69-B2A1-4522-A330-6A87CCBC682C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:stable6:*:*:*:*:*",
"matchCriteriaId": "0FE7885D-D1EB-4543-B342-80BC645EE8EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:stable7:*:*:*:*:*",
"matchCriteriaId": "B7C4AE0E-9608-4D24-8EA3-0F33A5D95A5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:stable8:*:*:*:*:*",
"matchCriteriaId": "628344A8-42AE-4AD7-89A2-66711490AB30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:stable9:*:*:*:*:*",
"matchCriteriaId": "3260A290-9F63-4E5C-BEF2-015E9491AD18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:rc1:stable11:*:*:*:*:*",
"matchCriteriaId": "4F830353-C4E4-4DAF-B7ED-1B0BAE9F3253",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "131C4C00-3811-42BF-A84A-EB2E5DA156B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "047EDDD6-02F5-4B53-8FCA-781962392080",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable2:*:*:*:*:*:*:*",
"matchCriteriaId": "01AD43AB-40BF-449F-A121-A8587E7AE449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable3:*:*:*:*:*:*:*",
"matchCriteriaId": "3942285D-E20C-45C5-9EF8-821F6D782CB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable4:*:*:*:*:*:*:*",
"matchCriteriaId": "B3FDB45B-4D91-4427-9565-812919086E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable5:*:*:*:*:*:*:*",
"matchCriteriaId": "86C3C8B5-C2A3-4454-9F89-38A860278366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable6:*:*:*:*:*:*:*",
"matchCriteriaId": "8B37B7B4-2EAC-4C2A-9526-5C62CBA1DB8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable7:*:*:*:*:*:*:*",
"matchCriteriaId": "056EDEEE-A09C-47A2-9217-72E4B8387E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable8:*:*:*:*:*:*:*",
"matchCriteriaId": "2593CB12-03E2-4F98-9B89-C09D5EADE077",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable9:*:*:*:*:*:*:*",
"matchCriteriaId": "A44B7A4F-3070-4092-B9AF-3A1CD0897CC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable10:*:*:*:*:*:*:*",
"matchCriteriaId": "EF79D9A9-9C11-4E6D-81D1-32CA8CA95223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable11:*:*:*:*:*:*:*",
"matchCriteriaId": "042FE60B-7239-45C7-8EE3-A036AC7778F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable11:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FF5EE89A-720F-456A-BD26-FE46BBA29D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable12:*:*:*:*:*:*:*",
"matchCriteriaId": "ADF61A74-9CF9-413E-B997-4FAE5BA28939",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable13:*:*:*:*:*:*:*",
"matchCriteriaId": "5605B00F-438B-45CC-A55D-E75E57BC4684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable14:*:*:*:*:*:*:*",
"matchCriteriaId": "8316B22E-B016-4F0E-9A3F-383E9B1A85A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable15:*:*:*:*:*:*:*",
"matchCriteriaId": "49A2C5CB-E2F1-4A72-9EA3-912050AFEF7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable16:*:*:*:*:*:*:*",
"matchCriteriaId": "574C7DCC-B6E5-42A0-AA44-A0BCD67D1884",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable16:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4D0DAD04-02C4-4FC4-BE08-3CAA3B85EB0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable17:*:*:*:*:*:*:*",
"matchCriteriaId": "A2B1F1A5-B435-4A5C-86DF-EC3F29D94417",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable18:*:*:*:*:*:*:*",
"matchCriteriaId": "113EF7A6-3B8D-4A50-8873-FD36FCBF284C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable19:*:*:*:*:*:*:*",
"matchCriteriaId": "DC97E2DA-7378-486B-9178-3B38FF58589B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable20:*:*:*:*:*:*:*",
"matchCriteriaId": "1F178890-2F7E-43F5-8D6D-5EFCD790E758",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable21:*:*:*:*:*:*:*",
"matchCriteriaId": "9FA231EB-0F06-4D13-B50D-76FC8393187A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable22:*:*:*:*:*:*:*",
"matchCriteriaId": "31AB1D33-65EE-46DF-9D29-6B2BFACE7EC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable23:*:*:*:*:*:*:*",
"matchCriteriaId": "BDA4744F-5FB2-4DF8-A7B9-A33EAB004CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable24:*:*:*:*:*:*:*",
"matchCriteriaId": "72023FB9-F081-4F0A-9E81-2AF0470EB278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0.stable25:*:*:*:*:*:*:*",
"matchCriteriaId": "2F7D973B-9D57-4F74-89B1-A18CDA388EF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A8586AD-E820-4BAE-AAF9-AC7EF2316C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "802E3D2B-90B7-4725-854F-4174116BC314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7501697A-BCFD-4DC3-8D87-CC9A186D9589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6C4455-85F4-462D-9FF6-F830ED7D398E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B600BF4C-8169-4086-BFE6-F066BE5F5406",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "46272D1B-1468-48C0-B37A-7D06FAC39C47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DA782B4B-486F-4197-BD5D-ABF791D57211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "558D8641-E097-4D91-9B6E-07433844BB82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0B46F5F1-38FC-4E25-8F04-CA2730561DF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C69B0A4D-9619-4BEA-A846-C4438C2660F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "ED17FE35-6B2C-41BF-A7C7-2EECBDB5A934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "78A50750-3A31-482C-B95C-019C8934850E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF6AC30-9570-4D4B-835E-CCADEB546F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB84E4E-6A0A-41C8-9DDF-3C18F526F155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2E49E5C3-D01F-4DBC-B33A-5495D3EC44F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "79C53B22-9F33-43E7-8D1F-EEB0DEF4B503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "25B60DB2-F50C-42F0-B6C9-B25C34B8F578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "DE973F9E-8387-464F-AFA0-25215B340173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "03D3F0E3-0C50-4A86-87F4-90FC82B312F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE26BEC0-B9C7-43F0-B0FB-E81870170B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0778579-A193-4C61-BB1A-6D2E733F3958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED5DC63-6E9D-4068-95DF-AF8FD9A0A7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DE890F9-12C0-4D66-B6C1-6A5A87FAD5F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FB414FE3-3567-474B-B5A7-D3EF5DD63AB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF450F17-12A2-4E33-875A-5F3C2CA4A5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E3AB229E-2C32-410B-BFE2-62DCA734C3F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "78A6D6B0-9BC0-418E-84EE-23697A0FEC19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF7AFE1-A45A-43B7-B3C7-45C060D046BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "41914354-D5BE-4B1F-BED3-0ECA43586537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9A3716-8670-4847-A6EB-F601184D369E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E88EE3-EC00-4F1F-BAEF-4F1F893C5C5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A330DFA8-BF79-45CC-BF88-6CEA26D7BC9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "679A55F8-34B4-435A-8BCE-8F842F3FB269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "898674F9-6BF7-469F-A74E-558EAFC2CD27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record."
},
{
"lang": "es",
"value": "La funci\u00f3n idnsGrokReply en Squid anterior a v3.1.16 no adecuada de memoria libre, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (daemon abortar) a trav\u00e9s de una respuesta DNS que contiene un registro CNAME que hace referencia a otro registro CNAME y este contiene un registro vac\u00edo."
}
],
"id": "CVE-2011-4096",
"lastModified": "2024-11-21T01:31:50.260",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-11-17T19:55:01.453",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.squid-cache.org/show_bug.cgi?id=3237#c12"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46609"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/47459"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:193"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/10/31/5"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/11/01/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1791.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1026265"
},
{
"source": "secalert@redhat.com",
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID_3_1_16.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.squid-cache.org/show_bug.cgi?id=3237#c12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46609"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/47459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:193"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/10/31/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/11/01/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1791.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1026265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID_3_1_16.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-05-10 19:59
Modified
2024-11-21 02:52
Severity ?
Summary
Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62B9F669-6217-498A-902E-22EDEEFC565E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A8586AD-E820-4BAE-AAF9-AC7EF2316C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "802E3D2B-90B7-4725-854F-4174116BC314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7501697A-BCFD-4DC3-8D87-CC9A186D9589",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6C4455-85F4-462D-9FF6-F830ED7D398E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B600BF4C-8169-4086-BFE6-F066BE5F5406",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "46272D1B-1468-48C0-B37A-7D06FAC39C47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DA782B4B-486F-4197-BD5D-ABF791D57211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "558D8641-E097-4D91-9B6E-07433844BB82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0B46F5F1-38FC-4E25-8F04-CA2730561DF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C69B0A4D-9619-4BEA-A846-C4438C2660F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "ED17FE35-6B2C-41BF-A7C7-2EECBDB5A934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "78A50750-3A31-482C-B95C-019C8934850E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF6AC30-9570-4D4B-835E-CCADEB546F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB84E4E-6A0A-41C8-9DDF-3C18F526F155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2E49E5C3-D01F-4DBC-B33A-5495D3EC44F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "79C53B22-9F33-43E7-8D1F-EEB0DEF4B503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "25B60DB2-F50C-42F0-B6C9-B25C34B8F578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "DE973F9E-8387-464F-AFA0-25215B340173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "03D3F0E3-0C50-4A86-87F4-90FC82B312F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE26BEC0-B9C7-43F0-B0FB-E81870170B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0778579-A193-4C61-BB1A-6D2E733F3958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9ED5DC63-6E9D-4068-95DF-AF8FD9A0A7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8DE890F9-12C0-4D66-B6C1-6A5A87FAD5F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FB414FE3-3567-474B-B5A7-D3EF5DD63AB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF450F17-12A2-4E33-875A-5F3C2CA4A5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E3AB229E-2C32-410B-BFE2-62DCA734C3F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "78A6D6B0-9BC0-418E-84EE-23697A0FEC19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF7AFE1-A45A-43B7-B3C7-45C060D046BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "41914354-D5BE-4B1F-BED3-0ECA43586537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9A3716-8670-4847-A6EB-F601184D369E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E88EE3-EC00-4F1F-BAEF-4F1F893C5C5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A330DFA8-BF79-45CC-BF88-6CEA26D7BC9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B218819-0975-4E1F-8F6C-D666655937B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "594A05FF-E5D2-4132-BF03-44D6866D8133",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B22C192-02F2-4AD4-A305-BADCC09E8075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "679A55F8-34B4-435A-8BCE-8F842F3FB269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "898674F9-6BF7-469F-A74E-558EAFC2CD27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "3F50E718-1CF2-4C8F-A1EA-5F769B203B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "290D66F4-D27F-4E86-AC95-05082F3C2E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "A8CD6A42-2C79-48EB-8F6C-0A7CE0C6AAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "ABBA9A61-2B05-4527-A49D-425AD5FD863B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "E893D7A8-9C39-438C-8EF2-9573EEDC884A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "0B707451-BF0E-4F79-A348-B1141ABA6EF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "810AAA9D-F4B2-4F0A-89DD-2D9378516481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "516F3F77-3AEA-489D-A36F-C502B4D9BF01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFAB3BA-BBE9-4CFB-BE6B-BDF3E7772E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F523B8-463E-4FB0-ACB6-E36AAAF85CD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA593D9-907D-4051-A3F2-0F88F01A7C79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "20D2B364-B98A-4484-A10A-86AF43774096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0B7BF076-0D43-407A-86DC-D1163922A787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AA576F49-A7F5-4013-89DF-F6C91C15B547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3F52FE-FFB3-4221-8DC7-3F5680A07429",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "604FEF42-ABA7-42C1-8A5F-C3AECFD68481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DC2568C1-89CB-41C1-9126-A8665614D0B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C18B5392-3FDB-49E6-89DB-7945D337FBFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9E0E7F-E93C-4DE9-8D91-5EE50BCFAC2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "0BFF9D8B-343B-415D-8AF8-B07AF94CC48B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "16F5794B-BBFB-4B12-9A0B-88A0334681C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "17D0083E-8D50-4DC6-979F-685D5CB588AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "138FAD73-1D25-4F46-B9EA-599FF0EDA1AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "2CE34DC1-F654-474E-B6A3-D81B9BF4D6CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8A4BF7AC-7D9F-40D8-A5AA-BE1EBF37CF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "643E8B9B-C3F4-4171-BF67-D9359BDCE5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "A73CBC60-1EF1-4730-9350-EB51F269695B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2721E403-A553-492F-897F-1CD1E2685139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "85B091C4-8104-4A1E-A09D-EBCD114DC829",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA2EDF9C-45AD-4980-8DEF-C7F473B22CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BE4B8448-49FA-491C-A6A2-040233D670B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "11480BB1-874C-48EB-BB03-081313310608",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1B739890-99E8-434C-97D4-3739E6C31838",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0C7B1871-3C85-4B88-AB42-E60BF5CDFB04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0A71DCD2-0E54-46A7-8309-CDB0736AD5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CD54BDDF-F7A8-4715-BA0E-4E7F741492FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9A2B9699-6622-4883-BA03-E3374C54871A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "78391DAF-2096-4DC4-80E4-D4D2859DCA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "9B062A06-31C1-4B23-B7BD-9F751ABD6A37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "DE426934-A9E2-4019-99EA-5A76EA7CDF5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "728DD64E-C267-475A-BEA8-C139581DD7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A7A83183-74B1-4041-A961-D9F382AAC7E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4CE8F3F5-45A2-418A-9D8E-4E6DFC888BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F4845D4-40D9-431E-A63C-E949B9D9F959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF070E6-0B73-4F6D-8932-B284697FCD2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E07992B-92B4-4307-8DBD-085376C1D6DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "386550A3-A55B-4F24-9625-6A50260ADA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "810D1F9E-81E5-45F0-B62B-AB0A797FF8B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4673327A-1E50-47CC-AD83-6A3D2E687292",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6624AF2D-9EF0-4597-B8B2-20D7A309EA6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E9F75D13-ED59-42A9-A662-AC77DBA20903",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1D2DEDED-818C-42E4-821C-954CE7406DA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EEED0A2E-AA5D-4835-A7C6-499325A0EB32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BEDD0AF5-8252-4548-941B-26581393E918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3E939AD4-B8F3-4BC0-9948-3C92B88D2593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "73CAD438-969B-4D2E-8A2F-9264AFAD9DE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "87259A2E-E132-45BA-8AC4-8CC50B1F659A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "76245991-1D91-4475-87E1-FBB77A1B3CDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1DD85E57-9A51-42DF-8BF7-E5701BAA64AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E983C5C3-C93C-4750-8DC5-31D6206335A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DEC8D212-6E8B-45F7-B7FB-9FFA64C1DB8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F03B2A6E-1D63-42F2-BB31-18EC120B6543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3BC83C4B-7C06-40D7-9EF6-76E752E5724B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5C1E1CC9-81A7-47D5-87AC-86703E257D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D716D8C4-2089-4E61-9487-B2085B74B5BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BBC5AAD-34E1-48A5-972A-A09D66EFE825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "79E26DC8-1030-4F3F-96B9-6BF159D86FCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "40507A48-FD3B-4309-B017-A1644C5C3520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0211EBCA-144F-4BDD-8F0C-E5F7BDF96E7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7A52E699-6C08-4324-AD38-E8D40A02701F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "94C493CA-CBF0-4D15-8D1A-0E972E31F7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C398219E-503D-4DE5-85E8-5570536D6FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "BBF91088-0BD3-48EB-8D19-C05F156D4A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "3441D193-DA62-4AC1-8E50-3AEEF8C659F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0868B12-EDF9-42D9-BB43-15F623A3310B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F710949D-F0FE-43F4-ADB3-6EB679A70280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB75144-2437-40A8-8CA3-A487B603F7DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6CED2CB3-BE78-4818-A6D7-847A1ACE74DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "705D8320-A278-483A-AE47-802044CE685E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "715634E1-F7BE-4106-BDA7-B7D147EEA800",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "21E9E155-FC6F-46E7-8BF7-65DF097409D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CF72FA7A-E35D-4000-9DDA-71E55EA3A4D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "26A3F10F-938E-44D6-845D-B66EF9812C21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B1D82EEE-F65E-4657-B0F7-6CE33D219134",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "C9E6A845-B67C-4112-8240-9F61D6AF3B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4BEDD7E3-E263-4A09-9C11-3E008E01BC28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "80E3FF16-A6CD-456C-B58A-381A75D8616C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "87D02AB2-AA26-4416-B689-02C5EEF2099C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A134E1F1-AFCC-498B-8840-5884CF858769",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F4E7D0-B6F4-476E-A011-55619E91A3B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "95588755-27E8-4DB7-B865-A784D3638FE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2CD4DDBC-4243-459A-B43D-FF8F0AE0BA3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "0F90E11F-FC03-46D9-A9C4-A578196D59D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "EDC9BEE2-D7E4-4192-963C-E9F2364FC8CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:3.5.17:*:*:*:*:*:*:*",
"matchCriteriaId": "CA0BDDAD-2912-480F-8911-8FF94E1A7415",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "060FCBEA-DEAA-42FB-88C9-4B78136B172F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "74987102-8CA8-4120-B686-F18579A96A46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DA7828AA-48B6-44CD-8507-345A4F0A25BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6640F25F-CC8B-4B05-A97A-2186BD0B5ED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A037F780-6FC9-4130-908F-B5434FA0C7DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1DDEB455-F082-44E4-8CEA-019C0084BF05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "49555803-288E-4B0A-B12A-890E5E0AD05F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEE374C-365E-49DE-A9F9-6083044C774D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1B6B2A8E-DD81-43CD-9F5B-E8F87498E513",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*",
"matchCriteriaId": "CC7A498A-A669-4C42-8134-86103C799D13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*",
"matchCriteriaId": "104DA87B-DEE4-4262-AE50-8E6BC43B228B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response."
},
{
"lang": "es",
"value": "Vulnerabilidad de liberaci\u00f3n doble de memoria en Esi.cc en Squid 3.x en versiones anteriores a 3.5.18 y 4.x en versiones anteriores a 4.0.10 permite a servidores remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de una respuesta Edge Side Includes (ESI) manipulada."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/415.html\"\u003eCWE-415: Double Free\u003c/a\u003e",
"id": "CVE-2016-4556",
"lastModified": "2024-11-21T02:52:28.533",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-05-10T19:59:03.387",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3625"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/06/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/06/5"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securitytracker.com/id/1035770"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_9.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_9.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_9.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2995-1"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2016:1138"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2016:1139"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2016:1140"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/06/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/06/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securitytracker.com/id/1035770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_9.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_9.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_9.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2995-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2016:1138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2016:1139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2016:1140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201607-01"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-04 23:15
Modified
2024-11-21 08:33
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64A6EFAB-804C-4B6B-B609-2F5A797EACB0",
"versionEndIncluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Squid es un proxy de almacenamiento en cach\u00e9 para la Web que admite HTTP, HTTPS, FTP y m\u00e1s. Debido a un error de verificaci\u00f3n incorrecta del valor de retorno de la funci\u00f3n, Squid es vulnerable a un ataque de denegaci\u00f3n de servicio contra su gesti\u00f3n de procesos auxiliares. Este error se solucion\u00f3 con la versi\u00f3n 6.5 de Squid. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"id": "CVE-2023-49286",
"lastModified": "2024-11-21T08:33:11.347",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-04T23:15:27.243",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Broken Link"
],
"url": "http://www.squid-cache.org/Versions/v6/SQUID-2023_8.patch"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/squid-cache/squid/commit/6014c6648a2a54a4ecb7f952ea1163e0798f9264"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-xggx-9329-3c27"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/"
},
{
"source": "security-advisories@github.com",
"url": "https://security.netapp.com/advisory/ntap-20240119-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.squid-cache.org/Versions/v6/SQUID-2023_8.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/squid-cache/squid/commit/6014c6648a2a54a4ecb7f952ea1163e0798f9264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-xggx-9329-3c27"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20240119-0004/"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-253"
},
{
"lang": "en",
"value": "CWE-617"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-617"
},
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-05-10 19:59
Modified
2024-11-21 02:52
Severity ?
Summary
client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.10 | |
| canonical | ubuntu_linux | 16.04 | |
| squid-cache | squid | * | |
| squid-cache | squid | 4.0.1 | |
| squid-cache | squid | 4.0.2 | |
| squid-cache | squid | 4.0.3 | |
| squid-cache | squid | 4.0.4 | |
| squid-cache | squid | 4.0.5 | |
| squid-cache | squid | 4.0.6 | |
| squid-cache | squid | 4.0.7 | |
| squid-cache | squid | 4.0.8 | |
| squid-cache | squid | 4.0.9 | |
| oracle | linux | 7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C563F5CC-F4FB-4440-981E-EA2C003A639C",
"versionEndIncluding": "3.5.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "060FCBEA-DEAA-42FB-88C9-4B78136B172F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "74987102-8CA8-4120-B686-F18579A96A46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DA7828AA-48B6-44CD-8507-345A4F0A25BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6640F25F-CC8B-4B05-A97A-2186BD0B5ED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A037F780-6FC9-4130-908F-B5434FA0C7DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1DDEB455-F082-44E4-8CEA-019C0084BF05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "49555803-288E-4B0A-B12A-890E5E0AD05F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EBEE374C-365E-49DE-A9F9-6083044C774D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:4.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1B6B2A8E-DD81-43CD-9F5B-E8F87498E513",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*",
"matchCriteriaId": "104DA87B-DEE4-4262-AE50-8E6BC43B228B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request."
},
{
"lang": "es",
"value": "client_side.cc en Squid en versiones anteriores a 3.5.18 y 4.x en versiones anteriores a 4.0.10 no ignora correctamente la cabecera Host cuando se proporciona una URI absoluta, lo que permite a atacantes remotos llevar a cabo ataques de envenenamiento de cach\u00e9 a trav\u00e9s de una petici\u00f3n HTTP."
}
],
"id": "CVE-2016-4553",
"lastModified": "2024-11-21T02:52:27.950",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-05-10T19:59:00.137",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://bugs.squid-cache.org/show_bug.cgi?id=4501"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2016/dsa-3625"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securitytracker.com/id/1035768"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_7.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14039.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2995-1"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2016:1139"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2016:1140"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201607-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://bugs.squid-cache.org/show_bug.cgi?id=4501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00069.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securitytracker.com/id/1035768"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2016_7.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14039.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2995-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2016:1139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2016:1140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201607-01"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-345"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-09 11:29
Modified
2024-11-21 03:57
Severity ?
Summary
Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.squid-cache.org/Advisories/SQUID-2018_4.txt | Mitigation, Vendor Advisory | |
| cve@mitre.org | http://www.squid-cache.org/Versions/v5/changesets/squid-5-6feeb15ff312f3e145763adf8d234ed6a0b3f11d.patch | Patch, Vendor Advisory | |
| cve@mitre.org | https://github.com/squid-cache/squid/pull/306 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.squid-cache.org/Advisories/SQUID-2018_4.txt | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.squid-cache.org/Versions/v5/changesets/squid-5-6feeb15ff312f3e145763adf8d234ed6a0b3f11d.patch | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/squid-cache/squid/pull/306 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA0D3B55-6D37-49A2-93E4-9E227195CBE8",
"versionEndExcluding": "4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors."
},
{
"lang": "es",
"value": "Squid en versiones anteriores a la 4.4 tiene Cross-Site Scripting (XSS) mediante un certificado X.509 manipulado durante la generaci\u00f3n de la p\u00e1gina de error HTTP(S) para los errores de certificado."
}
],
"id": "CVE-2018-19131",
"lastModified": "2024-11-21T03:57:23.373",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-09T11:29:03.877",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2018_4.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v5/changesets/squid-5-6feeb15ff312f3e145763adf8d234ed6a0b3f11d.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/pull/306"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Advisories/SQUID-2018_4.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v5/changesets/squid-5-6feeb15ff312f3e145763adf8d234ed6a0b3f11d.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/pull/306"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-11 19:15
Modified
2024-11-21 04:23
Severity ?
Summary
An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token's value starts with a quote and ends with one. If so, it performs a memcpy of its length minus 2. Squid never checks whether the value is just a single quote (which would satisfy its requirements), leading to a memcpy of its length minus 1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| squid-cache | squid | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| opensuse | leap | 15.0 | |
| opensuse | leap | 15.1 | |
| fedoraproject | fedora | 29 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C22F49A6-5B88-473B-8E37-BF77C57D85EB",
"versionEndIncluding": "3.5.28",
"versionStartIncluding": "3.3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61861774-A71F-48CB-B6B2-0489C57E4E66",
"versionEndIncluding": "4.7",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
"matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token\u0027s value starts with a quote and ends with one. If so, it performs a memcpy of its length minus 2. Squid never checks whether the value is just a single quote (which would satisfy its requirements), leading to a memcpy of its length minus 1."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Squid versiones 3.3.9 hasta 3.5.28 y versiones 4.x hasta 4.7. Cuando Squid est\u00e1 configurado para utilizar la autenticaci\u00f3n impl\u00edcita, analiza el encabezado Proxy-Authorization. Busca ciertos tokens como domain, uri y qop. Squid comprueba si el valor de este token comienza con una comilla y termina con uno. Si es as\u00ed, realiza un memcpy de su longitud menos 2. Squid nunca comprueba si el valor es s\u00f3lo una sola comilla (lo que satisfar\u00eda sus requisitos), lo que conlleva a un memcpy de su longitud menos 1."
}
],
"id": "CVE-2019-12525",
"lastModified": "2024-11-21T04:23:02.257",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-11T19:15:13.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/commits/v4"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00018.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/42"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4065-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4065-2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4507"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/commits/v4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Aug/42"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4065-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4065-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4507"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-12-25 19:15
Modified
2024-11-21 07:23
Severity ?
Summary
A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a client. This is fixed in 5.7.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_2.patch | Patch, Third Party Advisory | |
| cve@mitre.org | http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_2.patch | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/squid-cache/squid/security/advisories/GHSA-394c-rr7q-6g78 | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.openwall.com/lists/oss-security/2022/09/23/2 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_2.patch | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_2.patch | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/squid-cache/squid/security/advisories/GHSA-394c-rr7q-6g78 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2022/09/23/2 | Mailing List, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88C8B57A-A610-45EE-ABDF-E6D96B2687E3",
"versionEndExcluding": "5.7",
"versionStartIncluding": "2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a client. This is fixed in 5.7."
},
{
"lang": "es",
"value": "Se descubri\u00f3 una lectura excesiva del b\u00fafer en libntlmauth en Squid 2.5 a 5.6. Debido a una protecci\u00f3n incorrecta contra el desbordamiento de enteros, los asistentes de autenticaci\u00f3n SSPI y SMB son vulnerables a la lectura de ubicaciones de memoria no deseadas. En algunas configuraciones, las credenciales en texto sin cifrar de estas ubicaciones se env\u00edan a un cliente. Esto se solucion\u00f3 en 5.7."
}
],
"id": "CVE-2022-41318",
"lastModified": "2024-11-21T07:23:02.240",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-25T19:15:10.820",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_2.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_2.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-394c-rr7q-6g78"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2022/09/23/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_2.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_2.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-394c-rr7q-6g78"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2022/09/23/2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}