rpm package

opensuse/squid&distro=openSUSE Leap 15.5

pkg:rpm/opensuse/squid&distro=openSUSE%20Leap%2015.5

Vulnerabilities (12)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2024-37894	—	< 5.7-150400.3.32.1	5.7-150400.3.32.1	Jun 25, 2024	Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack.
CVE-2024-25111	—	< 5.7-150400.3.26.1	5.7-150400.3.26.1	Mar 6, 2024	Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending
CVE-2024-25617	—	< 5.7-150400.3.26.1	5.7-150400.3.26.1	Feb 14, 2024	Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to p
CVE-2024-23638	—	< 5.7-150400.3.23.1	5.7-150400.3.23.1	Jan 23, 2024	Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pag
CVE-2023-50269	—	< 5.7-150400.3.23.1	5.7-150400.3.23.1	Dec 14, 2023	Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remo
CVE-2023-49285	—	< 5.7-150400.3.20.1	5.7-150400.3.20.1	Dec 4, 2023	Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no kno
CVE-2023-49286	—	< 5.7-150400.3.20.1	5.7-150400.3.20.1	Dec 4, 2023	Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to
CVE-2023-46728	—	< 5.7-150400.3.15.1	5.7-150400.3.15.1	Nov 6, 2023	Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. R
CVE-2023-46847	—	< 5.7-150400.3.12.1	5.7-150400.3.12.1	Nov 3, 2023	Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.
CVE-2023-46848	—	< 5.7-150400.3.12.1	5.7-150400.3.12.1	Nov 3, 2023	Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.
CVE-2023-46846	—	< 5.7-150400.3.12.1	5.7-150400.3.12.1	Nov 3, 2023	SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.
CVE-2023-46724	—	< 5.7-150400.3.12.1	5.7-150400.3.12.1	Nov 1, 2023	Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows

CVE-2024-37894Jun 25, 2024
affected < 5.7-150400.3.32.1fixed 5.7-150400.3.32.1
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack.
CVE-2024-25111Mar 6, 2024
affected < 5.7-150400.3.26.1fixed 5.7-150400.3.26.1
Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending
CVE-2024-25617Feb 14, 2024
affected < 5.7-150400.3.26.1fixed 5.7-150400.3.26.1
Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to p
CVE-2024-23638Jan 23, 2024
affected < 5.7-150400.3.23.1fixed 5.7-150400.3.23.1
Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pag
CVE-2023-50269Dec 14, 2023
affected < 5.7-150400.3.23.1fixed 5.7-150400.3.23.1
Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remo
CVE-2023-49285Dec 4, 2023
affected < 5.7-150400.3.20.1fixed 5.7-150400.3.20.1
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no kno
CVE-2023-49286Dec 4, 2023
affected < 5.7-150400.3.20.1fixed 5.7-150400.3.20.1
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to
CVE-2023-46728Nov 6, 2023
affected < 5.7-150400.3.15.1fixed 5.7-150400.3.15.1
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. R
CVE-2023-46847Nov 3, 2023
affected < 5.7-150400.3.12.1fixed 5.7-150400.3.12.1
Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.
CVE-2023-46848Nov 3, 2023
affected < 5.7-150400.3.12.1fixed 5.7-150400.3.12.1
Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.
CVE-2023-46846Nov 3, 2023
affected < 5.7-150400.3.12.1fixed 5.7-150400.3.12.1
SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.
CVE-2023-46724Nov 1, 2023
affected < 5.7-150400.3.12.1fixed 5.7-150400.3.12.1
Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows