rpm package
suse/squid&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
pkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS
Vulnerabilities (14)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-62168 | — | < 4.17-150000.5.58.1 | 4.17-150000.5.58.1 | Oct 17, 2025 | Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted | ||
| CVE-2025-59362 | — | < 4.17-150000.5.55.1 | 4.17-150000.5.55.1 | Sep 26, 2025 | Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs. This occurs in asn_build_objid in lib/snmplib/asn1.c. | ||
| CVE-2024-37894 | — | < 4.17-150000.5.55.1 | 4.17-150000.5.55.1 | Jun 25, 2024 | Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack. | ||
| CVE-2024-25111 | — | < 4.17-150000.5.52.1 | 4.17-150000.5.52.1 | Mar 6, 2024 | Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending | ||
| CVE-2024-25617 | — | < 4.17-150000.5.52.1 | 4.17-150000.5.52.1 | Feb 14, 2024 | Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to p | ||
| CVE-2024-23638 | — | < 4.17-150000.5.49.1 | 4.17-150000.5.49.1 | Jan 23, 2024 | Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pag | ||
| CVE-2023-50269 | — | < 4.17-150000.5.49.1 | 4.17-150000.5.49.1 | Dec 14, 2023 | Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remo | ||
| CVE-2023-49285 | — | < 4.17-150000.5.46.1 | 4.17-150000.5.46.1 | Dec 4, 2023 | Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no kno | ||
| CVE-2023-49286 | — | < 4.17-150000.5.46.1 | 4.17-150000.5.46.1 | Dec 4, 2023 | Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to | ||
| CVE-2023-46728 | — | < 4.17-150000.5.41.1 | 4.17-150000.5.41.1 | Nov 6, 2023 | Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. R | ||
| CVE-2023-46847 | — | < 4.17-150000.5.38.1 | 4.17-150000.5.38.1 | Nov 3, 2023 | Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication. | ||
| CVE-2023-46848 | — | < 4.17-150000.5.38.1 | 4.17-150000.5.38.1 | Nov 3, 2023 | Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input. | ||
| CVE-2023-46846 | — | < 4.17-150000.5.38.1 | 4.17-150000.5.38.1 | Nov 3, 2023 | SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems. | ||
| CVE-2023-46724 | — | < 4.17-150000.5.38.1 | 4.17-150000.5.38.1 | Nov 1, 2023 | Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows |
- CVE-2025-62168Oct 17, 2025affected < 4.17-150000.5.58.1fixed 4.17-150000.5.58.1
Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted
- CVE-2025-59362Sep 26, 2025affected < 4.17-150000.5.55.1fixed 4.17-150000.5.55.1
Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs. This occurs in asn_build_objid in lib/snmplib/asn1.c.
- CVE-2024-37894Jun 25, 2024affected < 4.17-150000.5.55.1fixed 4.17-150000.5.55.1
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack.
- CVE-2024-25111Mar 6, 2024affected < 4.17-150000.5.52.1fixed 4.17-150000.5.52.1
Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending
- CVE-2024-25617Feb 14, 2024affected < 4.17-150000.5.52.1fixed 4.17-150000.5.52.1
Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to p
- CVE-2024-23638Jan 23, 2024affected < 4.17-150000.5.49.1fixed 4.17-150000.5.49.1
Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pag
- CVE-2023-50269Dec 14, 2023affected < 4.17-150000.5.49.1fixed 4.17-150000.5.49.1
Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remo
- CVE-2023-49285Dec 4, 2023affected < 4.17-150000.5.46.1fixed 4.17-150000.5.46.1
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no kno
- CVE-2023-49286Dec 4, 2023affected < 4.17-150000.5.46.1fixed 4.17-150000.5.46.1
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to
- CVE-2023-46728Nov 6, 2023affected < 4.17-150000.5.41.1fixed 4.17-150000.5.41.1
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. R
- CVE-2023-46847Nov 3, 2023affected < 4.17-150000.5.38.1fixed 4.17-150000.5.38.1
Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.
- CVE-2023-46848Nov 3, 2023affected < 4.17-150000.5.38.1fixed 4.17-150000.5.38.1
Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.
- CVE-2023-46846Nov 3, 2023affected < 4.17-150000.5.38.1fixed 4.17-150000.5.38.1
SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.
- CVE-2023-46724Nov 1, 2023affected < 4.17-150000.5.38.1fixed 4.17-150000.5.38.1
Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows