Squid

Source repositories

https://github.com/squid-cache/squid

CVEs (105)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2016-4553	Squid Cache Squid	Hig	0.62	8.6	0.80	May 10, 2016	client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.
CVE-2016-4554	Squid Cache Squid	Hig	0.59	8.6	0.39	May 10, 2016	mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue.
CVE-2016-4054	Squid Cache Squid	Hig	0.59	8.1	0.78	Apr 25, 2016	Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses.
CVE-2016-4051	Squid Cache Squid	Hig	0.59	8.8	0.17	Apr 25, 2016	Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data.
CVE-2016-3947	Squid Cache Squid	Hig	0.54	8.2	0.14	Apr 7, 2016	Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log…
CVE-2016-4555	Squid Cache Squid	Hig	0.53	7.5	0.54	May 10, 2016	client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses.
CVE-2016-4052	Squid Cache Squid	Hig	0.53	8.1	0.13	Apr 25, 2016	Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses.
CVE-2016-3948	Squid Cache Squid	Hig	0.52	7.5	0.35	Apr 7, 2016	Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers.
CVE-2016-4556	Squid Cache Squid	Hig	0.51	7.5	0.23	May 10, 2016	Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response.
CVE-2016-2569	Squid Cache Squid	Hig	0.51	7.5	0.31	Feb 27, 2016	Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.
CVE-2016-2572	Squid Cache Squid	Hig	0.50	7.5	0.10	Feb 27, 2016	http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.
CVE-2016-10003	Squid Cache Squid	Hig	0.49	7.5	0.05	Jan 27, 2017	Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients.
CVE-2016-10002	Squid Cache Squid	Hig	0.49	7.5	0.07	Jan 27, 2017	Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted…
CVE-2016-2571	Squid Cache Squid	Hig	0.49	7.5	0.09	Feb 27, 2016	http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.
CVE-2016-2570	Squid Cache Squid	Hig	0.49	7.5	0.09	Feb 27, 2016	The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to…
CVE-2016-2390	Squid Cache Squid	Med	0.40	5.9	0.26	Apr 19, 2016	The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a…
CVE-2016-4053	Squid Cache Squid	Low	0.25	3.7	0.14	Apr 25, 2016	Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization.
CVE-2013-4123	Squid Cache Squid		0.09	—	0.80	Sep 16, 2013	client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header.
CVE-2009-0478	Squid Cache Squid		0.09	—	0.72	Feb 8, 2009	Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c.
CVE-2024-25617	Squid Cache Squid		0.07	—	0.89	Feb 14, 2024	Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to…

CVE-2016-4553HigMay 10, 2016
Squid Cache
Squid
risk 0.62cvss 8.6epss 0.80
client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.
CVE-2016-4554HigMay 10, 2016
Squid Cache
Squid
risk 0.59cvss 8.6epss 0.39
mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue.
CVE-2016-4054HigApr 25, 2016
Squid Cache
Squid
risk 0.59cvss 8.1epss 0.78
Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses.
CVE-2016-4051HigApr 25, 2016
Squid Cache
Squid
risk 0.59cvss 8.8epss 0.17
Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data.
CVE-2016-3947HigApr 7, 2016
Squid Cache
Squid
risk 0.54cvss 8.2epss 0.14
Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log…
CVE-2016-4555HigMay 10, 2016
Squid Cache
Squid
risk 0.53cvss 7.5epss 0.54
client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses.
CVE-2016-4052HigApr 25, 2016
Squid Cache
Squid
risk 0.53cvss 8.1epss 0.13
Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses.
CVE-2016-3948HigApr 7, 2016
Squid Cache
Squid
risk 0.52cvss 7.5epss 0.35
Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers.
CVE-2016-4556HigMay 10, 2016
Squid Cache
Squid
risk 0.51cvss 7.5epss 0.23
Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response.
CVE-2016-2569HigFeb 27, 2016
Squid Cache
Squid
risk 0.51cvss 7.5epss 0.31
Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.
CVE-2016-2572HigFeb 27, 2016
Squid Cache
Squid
risk 0.50cvss 7.5epss 0.10
http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.
CVE-2016-10003HigJan 27, 2017
Squid Cache
Squid
risk 0.49cvss 7.5epss 0.05
Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients.
CVE-2016-10002HigJan 27, 2017
Squid Cache
Squid
risk 0.49cvss 7.5epss 0.07
Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted…
CVE-2016-2571HigFeb 27, 2016
Squid Cache
Squid
risk 0.49cvss 7.5epss 0.09
http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.
CVE-2016-2570HigFeb 27, 2016
Squid Cache
Squid
risk 0.49cvss 7.5epss 0.09
The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to…
CVE-2016-2390MedApr 19, 2016
Squid Cache
Squid
risk 0.40cvss 5.9epss 0.26
The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a…
CVE-2016-4053LowApr 25, 2016
Squid Cache
Squid
risk 0.25cvss 3.7epss 0.14
Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization.
CVE-2013-4123Sep 16, 2013
Squid Cache
Squid
risk 0.09cvss —epss 0.80
client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header.
CVE-2009-0478Feb 8, 2009
Squid Cache
Squid
risk 0.09cvss —epss 0.72
Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c.
CVE-2024-25617Feb 14, 2024
Squid Cache
Squid
risk 0.07cvss —epss 0.89
Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to…

Page 1 of 6