Squid-Cache Squid vulnerabilities
109 known vulnerabilities affecting squid-cache/squid.
Total CVEs
109
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
CRITICAL7HIGH51MEDIUM49LOW2
Vulnerabilities
Page 4 of 6
CVE-2011-3205P3MEDIUMCVSS 6.8v3.0.stable1v3.0.stable2+67 more2011-09-06
CVE-2011-3205 [MEDIUM] CVE-2011-3205: Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 be
Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists becau
nvd
CVE-2023-46728P3HIGHCVSS 7.5fixed in 6.0.12023-11-06
CVE-2023-46728 [HIGH] CWE-476 CVE-2023-46728: Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer de
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher
nvd
CVE-2023-5824P3HIGHCVSS 7.5fixed in 6.42023-11-03
CVE-2023-5824 [HIGH] CWE-755 CVE-2023-5824: A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied be
A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk cache, resulting in a denial of service.
nvd
CVE-2023-46724P3HIGHCVSS 7.5≥ 3.3.0.1, < 6.4v>= 3.3.0.1, < 6.42023-11-01
CVE-2023-46724 [HIGH] CWE-125 CVE-2023-46724: Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid ve
Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by init
nvd
CVE-2013-1839P3HIGHCVSS 7.8v3.2.0.1v3.2.0.2+30 more2013-09-30
CVE-2013-1839 [HIGH] CWE-20 CVE-2013-1839: The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x before 3.2.9 and 3.3.x before 3.3.
The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x before 3.2.9 and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a "," character in an Accept-Language header.
nvd
CVE-2016-2570P3HIGHCVSS 7.5v3.0v3.0.stable1+131 more2016-02-27
CVE-2016-2570 [HIGH] CWE-20 CVE-2016-2570: The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check b
The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.
nvd
CVE-2020-15811P3MEDIUMCVSS 6.5fixed in 4.13≥ 5.0, < 5.0.42020-09-02
CVE-2020-15811 [MEDIUM] CWE-697 CVE-2020-15811: An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation,
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content
nvd
CVE-2021-28651P3HIGHCVSS 7.5≥ 2.0, < 4.15≥ 5.0, < 5.0.62021-05-27
CVE-2021-28651 [HIGH] CWE-401 CVE-2021-28651: An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, i
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can easily trigger a large amount of memory consumption.
nvd
CVE-2020-24606P3HIGHCVSS 7.5≥ 3.0, < 4.13≥ 5.0.1, < 5.0.42020-08-24
CVE-2020-24606 [HIGH] CWE-667 CVE-2020-24606: Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consumi
Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles
nvd
CVE-2016-10003P3HIGHCVSS 7.5≥ 3.5.0.1, < 3.5.23≥ 4.0.1, < 4.0.172017-01-27
CVE-2016-10003 [HIGH] CWE-697 CVE-2016-10003: Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 throu
Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients.
nvd
CVE-2016-2572P3HIGHCVSS 7.5v4.0.1v4.0.2+4 more2016-02-27
CVE-2016-2572 [HIGH] CWE-20 CVE-2016-2572: http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, w
http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.
nvd
CVE-2020-15810P3MEDIUMCVSS 6.5fixed in 4.13≥ 5.0, < 5.0.42020-09-02
CVE-2020-15810 [MEDIUM] CWE-444 CVE-2020-15810: An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation,
An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the proxy cache and any downstream caches with content fr
nvd
CVE-2019-18678P3MEDIUMCVSS 5.3≥ 3.0, ≤ 3.5.28≥ 4.0, ≤ 4.82019-11-26
CVE-2019-18678 [MEDIUM] CWE-444 CVE-2019-18678: An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP reques
An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. The resulting Response messages corrupt caches (between a client and Squid) with attacker-controlled content at arbitrary URLs. Effects are isolated to
nvd
CVE-2014-7142P3MEDIUMCVSS 6.4v3.1.1v3.1.2+78 more2014-11-26
CVE-2014-7142 [MEDIUM] CWE-20 CVE-2014-7142: The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or caus
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.
nvd
CVE-2019-12529P3MEDIUMCVSS 5.9≥ 2.0, < 2.7≥ 3.0, ≤ 3.5.28+2 more2019-07-11
CVE-2019-12529 [MEDIUM] CWE-125 CVE-2019-12529: An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. W
An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checking its table. The length is then used to start decodin
nvd
CVE-2016-2571P3HIGHCVSS 7.5v3.0v3.0.stable1+131 more2016-02-27
CVE-2016-2571 [HIGH] CWE-20 CVE-2016-2571: http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data af
http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.
nvd
CVE-2021-28116P3MEDIUMCVSS 5.3≤ 4.14≥ 5.0, ≤ 5.0.52021-03-09
CVE-2021-28116 [MEDIUM] CWE-125 CVE-2021-28116: Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure beca
Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody.
nvd
CVE-2014-0128P3MEDIUMCVSS 5.0v3.1v3.1.0.1+84 more2014-04-14
CVE-2014-0128 [MEDIUM] CWE-20 CVE-2014-0128: Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to c
Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management.
nvd
CVE-2018-1172P3MEDIUMCVSS 5.9v3.5.272018-05-16
CVE-2018-1172 [MEDIUM] CWE-476 CVE-2018-1172: This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid
This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCheck(). A crafted request can trigger the dereference of a null pointer. An attac
nvd
CVE-2026-33515P3MEDIUMCVSS 6.5fixed in 7.52026-03-26
CVE-2026-33515 [MEDIUM] CWE-125 CVE-2026-33515: Squid is a caching proxy for the Web. Prior to version 7.5, due to improper input validation, Squid
Squid is a caching proxy for the Web. Prior to version 7.5, due to improper input validation, Squid is vulnerable to out of bounds read when handling ICP traffic. This problem allows a remote attacker to receive small amounts of memory potentially containing sensitive information when responding with errors to invalid ICP requests. This attack is lim
nvd