Product:

Squid

(Squid\-Cache)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 100
Date Id Summary Products Score Patch Annotated
2020-02-04 CVE-2020-8450 An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy. Ubuntu_linux, Debian_linux, Fedora, Leap, Squid 7.3
2020-02-04 CVE-2019-12528 An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes. Ubuntu_linux, Debian_linux, Fedora, Leap, Squid 7.5
2020-04-23 CVE-2020-11945 An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials). Ubuntu_linux, Debian_linux, Fedora, Leap, Squid 9.8
2020-06-30 CVE-2020-15049 An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an uncommon shell whitespace character prefix to the length field-value. Fedora, Squid 8.8
2020-06-30 CVE-2020-14058 An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a TLS connection to an attacker-controlled server for HTTPS. This occurs because unrecognized error values are mapped to NULL, but later code expects that each error value is mapped to a valid error string. Fedora, Cloud_manager, Squid 7.5
2020-08-24 CVE-2020-24606 Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF. Ubuntu_linux, Debian_linux, Fedora, Leap, Squid 7.5
2020-09-02 CVE-2020-15810 An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content from an arbitrary source. When configured for relaxed header parsing (the default), Squid relays headers containing whitespace characters to... Ubuntu_linux, Debian_linux, Fedora, Leap, Squid 6.5
2021-03-09 CVE-2021-28116 Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody. Debian_linux, Fedora, Squid 5.3
2021-03-19 CVE-2020-25097 An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings. Debian_linux, Fedora, Cloud_manager, Squid 8.6
2021-05-27 CVE-2021-28651 An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can easily trigger a large amount of memory consumption. Debian_linux, Fedora, Cloud_manager, Squid 7.5