cbcvebase.

Squid-Cache Squid vulnerabilities

109 known vulnerabilities affecting squid-cache/squid.

Total CVEs
109
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
CRITICAL7HIGH51MEDIUM49LOW2

Vulnerabilities

Page 2 of 6
CVE-2021-33620P3MEDIUMCVSS 6.5fixed in 4.15≥ 5.0, < 5.0.62021-05-28
CVE-2021-33620 [MEDIUM] CWE-20 CVE-2021-33620: Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server.
nvd
CVE-2024-23638P3MEDIUMCVSS 6.5≥ 5.0, ≤ 5.9≥ 6.0, < 6.6+1 more2024-01-24
CVE-2024-23638 [MEDIUM] CWE-825 CVE-2024-23638: Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to versio Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client Manager reports. Squid older than 5.0.5 have not been tes
nvd
CVE-2019-12524P2CRITICALCVSS 9.8≤ 4.72020-04-15
CVE-2019-12524 [CRITICAL] CWE-306 CVE-2019-12524: An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its ru An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be denied. Squid by default comes with rules to block access to the Cache Manager, which serves detailed server information meant for the maintainer. This rule is implemented via url_regex. The handler for url_regex
nvd
CVE-2016-4051P3HIGHCVSS 8.8v2.0v2.1+146 more2016-04-25
CVE-2016-4051 [HIGH] CWE-119 CVE-2016-4051: Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow re Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data.
nvd
CVE-2016-4555P3HIGHCVSS 7.5v3.0v3.1+140 more2016-05-10
CVE-2016-4555 [HIGH] CWE-20 CVE-2016-4555: client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cau client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses.
nvd
CVE-2021-28662P3MEDIUMCVSS 6.5≥ 4.0.1, < 4.15≥ 5.0, < 5.0.62021-05-27
CVE-2021-28662 [MEDIUM] CWE-116 CVE-2021-28662: An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a ce An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain response header over HTTP or HTTPS, there is a denial of service. This header can plausibly occur in benign network traffic.
nvd
CVE-2019-12523P3CRITICALCVSS 9.1≥ 3.0, ≤ 3.5.28≥ 4.0, ≤ 4.82019-11-26
CVE-2019-12523 [CRITICAL] CVE-2019-12523: An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP reque An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restricted HTTP servers, e.g., an attacker can connect to HTTP servers that only lis
nvd
CVE-2014-7141P3MEDIUMCVSS 6.4v3.1.1v3.1.2+78 more2014-11-26
CVE-2014-7141 [MEDIUM] CWE-19 CVE-2014-7141: The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or caus The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet.
nvd
CVE-2013-4115P3HIGHCVSS 7.5v3.2.0.2v3.2.0.3+15 more2013-08-09
CVE-2013-4115 [HIGH] CWE-119 CVE-2013-4115: Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 t Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server termination) via a long name in a DNS lookup request.
nvd
CVE-2019-13345P3MEDIUMCVSS 6.1≤ 4.72019-07-05
CVE-2019-13345 [MEDIUM] CWE-79 CVE-2019-13345: The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter. The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter.
nvd
CVE-2020-25097P3HIGHCVSS 8.6≥ 2.0, < 4.14≥ 5.0.1, < 5.0.52021-03-19
CVE-2020-25097 [HIGH] CWE-20 CVE-2020-25097: An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validatio An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings.
nvd
CVE-2016-4052P3HIGHCVSS 8.1v3.0v3.1+138 more2016-04-25
CVE-2016-4052 [HIGH] CWE-119 CVE-2016-4052: Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote H Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses.
nvd
CVE-2019-12519P3CRITICALCVSS 9.8≥ 3.0, ≤ 3.5.28≥ 4.0, ≤ 4.10+1 more2020-04-15
CVE-2019-12519 [CRITICAL] CWE-787 CVE-2019-12519: An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Sq An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When addin
nvd
CVE-2020-15049P3HIGHCVSS 8.8≥ 2.0, ≤ 2.6≥ 3.1, ≤ 3.5.28+3 more2020-06-30
CVE-2020-15049 [HIGH] CWE-444 CVE-2020-15049: An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0. An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an uncommon shell whitespace character prefix to the length field-value.
nvd
CVE-2015-5400P3MEDIUMCVSS 6.8≤ 3.5.22015-09-28
CVE-2015-5400 [MEDIUM] CWE-264 CVE-2015-5400: Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.
nvd
CVE-2016-2569P3HIGHCVSS 7.5v3.0v3.0.stable1+131 more2016-02-27
CVE-2016-2569 [HIGH] CWE-20 CVE-2016-2569: Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.
nvd
CVE-2026-33526P3HIGHCVSS 7.5fixed in 7.52026-03-26
CVE-2026-33526 [HIGH] CWE-416 CVE-2026-33526: Squid is a caching proxy for the Web. Prior to version 7.5, due to heap Use-After-Free, Squid is vul Squid is a caching proxy for the Web. Prior to version 7.5, due to heap Use-After-Free, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial of Service attack against the Squid service using ICP protocol. This attack is limited to Squid deployments that ex
nvd
CVE-2016-3948P3HIGHCVSS 7.5v3.0v3.0.stable1+146 more2016-04-07
CVE-2016-3948 [HIGH] CWE-119 CVE-2016-3948: Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers.
nvd
CVE-2016-3947P3HIGHCVSS 8.2≤ 3.5.15v4.0.1+6 more2016-04-07
CVE-2016-3947 [HIGH] CWE-119 CVE-2016-3947: Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squ Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 packet.
nvd
CVE-2014-6270P3MEDIUMCVSS 6.8v2.4.stable1v2.4.stable2+168 more2014-09-12
CVE-2014-6270 [MEDIUM] CWE-119 CVE-2014-6270: Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP po Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow.
nvd
Squid-Cache Squid vulnerabilities | cvebase