Debian Squid vulnerabilities

CVE-2016-2572 [HIGH] CVE-2016-2572: squid - http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a respons... http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2016-4052 [HIGH] CVE-2016-4052: squid - Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before ... Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2016-4555 [HIGH] CVE-2016-4555: squid - client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows r... client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2016-2390 [MEDIUM] CVE-2016-2390: squid - The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4... The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintext HTTP message. Scope: local bookworm: resolved (fixed in 4.1-1) bullseye: resolved (fixed

CVE-2015-5400 [MEDIUM] CVE-2015-5400: squid - Squid before 3.5.6 does not properly handle CONNECT method peer responses when c... Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request. Scope: local bookworm: resolved (fixed in 4.1-1) bullseye: resolved (fixed in 4.1-1) forky: resolved (fixed in 4.1-1) sid: resolved (fixed in 4

CVE-2015-3455 [LOW] CVE-2015-3455: squid - Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x b... Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate. Scope: local bookworm: resolved (fixed in 4.1-1) bullseye: resolved (fi

CVE-2015-0881 [MEDIUM] CVE-2015-0881: squid - CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to in... CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response. Scope: local bookworm: resolved (fixed in 4.1-1) bullseye: resolved (fixed in 4.1-1) forky: resolved (fixed in 4.1-1) sid: resolved (fixed in 4.1-1) trixie: resolved (fixed in 4.1-1)

CVE-2014-7141 [MEDIUM] CVE-2014-7141: squid - The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive... The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet. Scope: local bookworm: resolved (fixed in 4.1-1) bullseye: resolved (fixed in 4.1-1) forky: resolved (fixed in 4.1-1) sid: resolved (fixed in 4.1-1) trixie: resol

CVE-2014-7142 [MEDIUM] CVE-2014-7142: squid - The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive... The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size. Scope: local bookworm: resolved (fixed in 4.1-1) bullseye: resolved (fixed in 4.1-1) forky: resolved (fixed in 4.1-1) sid: resolved (fixed in 4.1-1) trixie: resolved (fixed in 4.1-1)

CVE-2014-3609 [MEDIUM] CVE-2014-3609: squid - HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote ... HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted "Range headers with unidentifiable byte-range values." Scope: local bookworm: resolved (fixed in 2.7.STABLE9-5) bullseye: resolved (fixed in 2.7.STABLE9-5) forky: resolved (fixed in 2.7.STABLE9-5) sid: resolved (fixe

CVE-2014-6270 [MEDIUM] CVE-2014-6270: squid - Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and ... Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 4.1-1) bullseye: resolved (fixed in 4

CVE-2014-9749 [MEDIUM] CVE-2014-9749: squid - Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication... Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay vulnerability." Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2014-0128 [MEDIUM] CVE-2014-0128: squid - Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows r... Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2013-0189 [MEDIUM] CVE-2013-0189: squid - cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other version... cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect order of arguments or incorrect comparison. Scope: local bookworm: resolved (fixed in 2.7.STA

CVE-2013-4123 [MEDIUM] CVE-2013-4123: squid - client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allow... client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2013-4115 [HIGH] CVE-2013-4115: squid - Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 thro... Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server termination) via a long name in a DNS lookup request. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2012-5643 [MEDIUM] CVE-2012-5643: squid - Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x ... Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials. Scope: local bookworm: resolved (fixed in 2.7.STAB

CVE-2011-3205 [MEDIUM] CVE-2011-3205: squid - Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply pa... Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a C

CVE-2010-0308 [MEDIUM] CVE-2010-0308: squid - lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 a... lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header. Scope: local bookworm: resolved (fixed in 2.7.STABLE8-1) bullseye: resolved (fixed in 2.7.STABLE8-1) forky: resolved (fixed in 2.7.STABLE8-1) sid: resolved (fixed i

CVE-2010-0639 [MEDIUM] CVE-2010-0639: squid - The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and... The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port. Scope: local bookworm: resolved (fixed in 2.7.STABLE8-1) bullseye: resolved (fixed in 2.7.