cbcvebase.

Squid-Cache Squid vulnerabilities

109 known vulnerabilities affecting squid-cache/squid.

Total CVEs
109
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
CRITICAL7HIGH51MEDIUM49LOW2

Vulnerabilities

Page 5 of 6
CVE-2020-14058P3HIGHCVSS 7.5≥ 3.1, ≤ 3.5.28≥ 4.0, < 4.12+1 more2020-06-30
CVE-2020-14058 [HIGH] CVE-2020-14058: An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dange An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a TLS connection to an attacker-controlled server for HTTPS. This occurs because unrecognized error values are mapped to NULL, but later code e
nvd
CVE-2011-4096P3MEDIUMCVSS 5.0≤ 3.1.15v3.0+59 more2011-11-17
CVE-2011-4096 [MEDIUM] CWE-399 CVE-2011-4096: The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record.
nvd
CVE-2010-0639P3MEDIUMCVSS 5.0v2.0v2.1+29 more2010-02-15
CVE-2010-0639 [MEDIUM] CVE-2010-0639: The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STAB The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port.
nvd
CVE-2024-37894P3MEDIUMCVSS 6.3≥ 3.0, < 6.10v>= 3.0, <= 3.5.28+3 more2024-06-25
CVE-2024-37894 [MEDIUM] CWE-787 CVE-2024-37894: Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack.
nvd
CVE-2021-31808P3MEDIUMCVSS 6.5fixed in 4.15≥ 5.0, < 5.0.62021-05-27
CVE-2021-31808 [MEDIUM] CWE-190 CVE-2021-31808: An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, i An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy). A client sends an HTTP Range request to trigger this.
nvd
CVE-2009-2621P4MEDIUMCVSS 5.0v3.0v3.1+4 more2009-07-28
CVE-2009-2621 [MEDIUM] CWE-119 CVE-2009-2621: Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce "buffer limits and Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce "buffer limits and related bound checks," which allows remote attackers to cause a denial of service via (1) an incomplete request or (2) a request with a large header size, related to (a) HttpMsg.cc and (b) client_side.cc.
nvd
CVE-2013-0189P3MEDIUMCVSS 5.0v3.1v3.1.0.1+57 more2013-02-08
CVE-2013-0189 [MEDIUM] CVE-2013-0189: cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote att cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect order of arguments or incorrect comparison.
nvd
CVE-2016-2390P4MEDIUMCVSS 5.9≤ 3.5.13v4.0.4+1 more2016-04-19
CVE-2016-2390 [MEDIUM] CWE-20 CVE-2016-2390: The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 do The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintext HTTP message.
nvd
CVE-2009-2855P4MEDIUMCVSS 5.0v2.72009-08-18
CVE-2009-2855 [MEDIUM] CWE-20 CVE-2009-2855: The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function.
nvd
CVE-2012-2213P3MEDIUMCVSS 5.0v3.1.92012-04-28
CVE-2012-2213 [MEDIUM] CWE-264 CVE-2012-2213: Squid 3.1.9 allows remote attackers to bypass the access configuration for the CONNECT method by pro Squid 3.1.9 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher is unable to provide a squid.conf file for a vulnerable system, and the observed behavior is consistent with a squid.conf fi
nvd
CVE-2012-5643P4MEDIUMCVSS 5.0v2.0v2.1+88 more2012-12-20
CVE-2012-5643 [MEDIUM] CWE-20 CVE-2012-5643: Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials.
nvd
CVE-2010-2951P4MEDIUMCVSS 5.0v3.1.62010-10-12
CVE-2010-2951 [MEDIUM] CVE-2010-2951: dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not enabled, accesses an invalid socket dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not enabled, accesses an invalid socket during an IPv4 TCP DNS query, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors that trigger an IPv4 DNS response with the TC bit set.
nvd
CVE-2023-46846P3MEDIUMCVSS 5.3≥ 2.6, < 6.42023-11-03
CVE-2023-46846 [MEDIUM] CWE-444 CVE-2023-46846: SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote a SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.
nvd
CVE-2022-41317P3MEDIUMCVSS 6.5≥ 4.9, ≤ 4.17≥ 5.0.6, < 5.72022-12-25
CVE-2022-41317 [MEDIUM] CWE-697 CVE-2022-41317: An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handlin An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7.
nvd
CVE-2021-46784P3MEDIUMCVSS 6.5≥ 3.0, ≤ 3.5.28≥ 4.0, ≤ 4.17+1 more2022-07-17
CVE-2021-46784 [MEDIUM] CWE-617 CVE-2021-46784: In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses.
nvd
CVE-2019-18677P4MEDIUMCVSS 6.1≥ 2.0, ≤ 2.7≥ 3.0, ≤ 3.5.28+2 more2019-11-26
CVE-2019-18677 [MEDIUM] CWE-352 CVE-2019-18677: An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (bec An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be delivered to.
nvd
CVE-2019-12521P4MEDIUMCVSS 5.9≥ 3.0, ≤ 3.5.28≥ 4.0, ≤ 4.7+1 more2020-04-15
CVE-2019-12521 [MEDIUM] CWE-193 CVE-2019-12521: An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements i An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Hea
nvd
CVE-2020-14059P4MEDIUMCVSS 6.5≥ 5.0, < 5.0.32020-06-30
CVE-2020-14059 [MEDIUM] CWE-662 CVE-2020-14059: An issue was discovered in Squid 5.x before 5.0.3. Due to an Incorrect Synchronization, a Denial of An issue was discovered in Squid 5.x before 5.0.3. Due to an Incorrect Synchronization, a Denial of Service can occur when processing objects in an SMP cache because of an Ipc::Mem::PageStack::pop ABA problem during access to the memory page/slot management list.
nvd
CVE-2018-19132P4MEDIUMCVSS 5.9fixed in 4.42018-11-09
CVE-2018-19132 [MEDIUM] CWE-772 CVE-2018-19132: Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet. Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet.
nvd
CVE-2019-18860P4MEDIUMCVSS 6.1fixed in 4.92020-03-20
CVE-2019-18860 [MEDIUM] CWE-74 CVE-2019-18860: Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) par Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.
nvd
Squid-Cache Squid vulnerabilities | cvebase