Debian Squid vulnerabilities

CVE-2023-46848 [HIGH] CVE-2023-46848: squid - Squid is vulnerable to Denial of Service, where a remote attacker can perform D... Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input. Scope: local bookworm: resolved (fixed in 5.7-2+deb12u1) bullseye: resolved forky: resolved (fixed in 6.5-1) sid: resolved (fixed in 6.5-1) trixie: resolved (fixed in 6.5-1)

CVE-2023-46847 [HIGH] CVE-2023-46847: squid - Squid is vulnerable to a Denial of Service, where a remote attacker can perform... Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication. Scope: local bookworm: resolved (fixed in 5.7-2+deb12u1) bullseye: resolved (fixed in 4.13-10+deb11u3) forky: resolved (fixed in 6.5-1) sid: resolved

CVE-2022-41318 [HIGH] CVE-2022-41318: squid - A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due t... A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a client. This is fixed in 5.7. Scope: local bookworm: resolved (fixed in 5

CVE-2022-41317 [MEDIUM] CVE-2022-41317: squid - An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to ... An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7. Scope: local bookworm: resolved (fixed in 5.7-1) bullseye: resolved (fixed in 4.13-10+deb11u2)

CVE-2021-41611 [HIGH] CVE-2021-41611: squid - An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating... An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem allows a remote server to obtain security trust well improperly. This indication of trust may be passed along to clients, allowing access to unsafe or hijacked services. Scop

CVE-2021-28651 [HIGH] CVE-2021-28651: squid - An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buff... An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can easily trigger a large amount of memory consumption. Scope: local bookworm: resolved (fix

CVE-2021-31806 [MEDIUM] CVE-2021-31806: squid - An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memo... An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing. Scope: local bookworm: resolved (fixed in 4.13-10) bullseye: resolved (fixed in 4.13-10) forky: resolved (fixed in 4.13-10) sid: resolved (fixed in 4

CVE-2021-28662 [MEDIUM] CVE-2021-28662: squid - An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remo... An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain response header over HTTP or HTTPS, there is a denial of service. This header can plausibly occur in benign network traffic. Scope: local bookworm: resolved (fixed in 4.13-10) bullseye: resolved (fixed in 4.13-10) forky: resolved (fixed in 4.13-10) sid: resolved

CVE-2021-31807 [MEDIUM] CVE-2021-31807: squid - An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer ov... An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent. Scope: local bookworm: resolved (fixed in 4.13-10) bullseye: reso

CVE-2021-31808 [MEDIUM] CVE-2021-31808: squid - An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an inp... An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy). A client sends an HTTP Range request to trigger this. Scope: local bookworm: resolved (fixed in 4.13-10) bullseye: resolved (fixed in 4.13-10) forky: resolved (fixed in 4.13-10) sid:

CVE-2021-33620 [MEDIUM] CVE-2021-33620: squid - Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial o... Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server. Scope: local bookworm: resolved (fixed in 4.13-10) bullseye: resolved (fixed in 4.13-10) forky:

CVE-2021-46784 [MEDIUM] CVE-2021-46784: squid - In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improp... In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses. Scope: local bookworm: resolved (fixed in 5.6-1) bullseye: resolved (fixed in 4.13-10+deb11u1) forky: resolved (fixed in 5.6-1) sid: resolved (fixed in 5.6-1) trixie: resolved (fixed in 5.6-

CVE-2021-28652 [MEDIUM] CVE-2021-28652: squid - An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorr... An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unspecified short query string. This attack is limited to clients with Cache Manager API acc

CVE-2021-28116 [LOW] CVE-2021-28116: squid - Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows informa... Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody. Scope: local bookworm: resolved (fixed in 5.2-1) bullseye: resolved (fixed in 4.13-10+deb11u1) forky: resolved (fixed in 5.2-1) sid: resolved

CVE-2020-11945 [CRITICAL] CVE-2020-11945: squid - An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sn... An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as val

CVE-2020-15049 [CRITICAL] CVE-2020-15049: squid - An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12... An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an uncommon shell whitespace character prefix to the length field-value. Scope: local bookworm: resolv

CVE-2020-24606 [HIGH] CVE-2020-24606: squid - Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial o... Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF. Scope: local

CVE-2020-8449 [HIGH] CVE-2020-8449: squid - An issue was discovered in Squid before 4.10. Due to incorrect input validation,... An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters. Scope: local bookworm: resolved (fixed in 4.10-1) bullseye: resolved (fixed in 4.10-1) forky: resolved (fixed in 4.10-1) sid: resolved (fixed in 4.10-1) trixie: resol

CVE-2020-8450 [HIGH] CVE-2020-8450: squid - An issue was discovered in Squid before 4.10. Due to incorrect buffer management... An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy. Scope: local bookworm: resolved (fixed in 4.10-1) bullseye: resolved (fixed in 4.10-1) forky: resolved (fixed in 4.10-1) sid: resolved (fixed in 4.10-1) trixie: resolved (fixed in 4.10-1)

CVE-2020-25097 [HIGH] CVE-2020-25097: squid - An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to impr... An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings. Scope: local bookworm: resolved (fixed in 4.13-8) bullseye: resolved (fixed i