VYPR

Squid

by Squid Cache

Source repositories

CVEs (105)

  • CVE-2005-0446May 2, 2005
    risk 0.03cvss epss 0.41

    Squid 2.5.STABLE8 and earlier allows remote attackers to cause a denial of service (crash) via certain DNS responses regarding (1) Fully Qualified Domain Names (FQDN) in fqdncache.c or (2) IP addresses in ipcache.c, which trigger an assertion failure.

  • CVE-2005-0173May 2, 2005
    risk 0.03cvss epss 0.32

    squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server.

  • CVE-2005-0175Feb 7, 2005
    risk 0.03cvss epss 0.41

    Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack.

  • CVE-2025-54574Aug 1, 2025
    risk 0.02cvss epss 0.23

    Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URN due to incorrect buffer management. This has been fixed in version 6.4. To work around this issue, disable…

  • CVE-2014-7142Nov 26, 2014
    risk 0.02cvss epss 0.25

    The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.

  • CVE-2014-6270Sep 12, 2014
    risk 0.02cvss epss 0.23

    Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based…

  • CVE-2013-0189Feb 8, 2013
    risk 0.02cvss epss 0.23

    cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect…

  • CVE-2012-5643Dec 20, 2012
    risk 0.02cvss epss 0.23

    Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or…

  • CVE-2011-3205Sep 6, 2011
    risk 0.02cvss epss 0.27

    Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have…

  • CVE-2010-0639Feb 15, 2010
    risk 0.02cvss epss 0.31

    The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port.

  • CVE-2010-0308Feb 3, 2010
    risk 0.02cvss epss 0.23

    lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header.

  • CVE-2009-2621Jul 28, 2009
    risk 0.02cvss epss 0.23

    Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce "buffer limits and related bound checks," which allows remote attackers to cause a denial of service via (1) an incomplete request or (2) a request with a large header size, related to (a)…

  • CVE-2007-1560Mar 21, 2007
    risk 0.02cvss epss 0.27

    The clientProcessRequest() function in src/client_side.c in Squid 2.6 before 2.6.STABLE12 allows remote attackers to cause a denial of service (daemon crash) via crafted TRACE requests that trigger an assertion error.

  • CVE-2005-0211May 2, 2005
    risk 0.02cvss epss 0.22

    Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recvfrom function call that uses an incorrect length parameter.

  • CVE-2024-37894Jun 25, 2024
    risk 0.01cvss epss 0.06

    Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack.

  • CVE-2023-49286Dec 4, 2023
    risk 0.01cvss epss 0.10

    Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised…

  • CVE-2023-46848Nov 3, 2023
    risk 0.01cvss epss 0.10

    Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.

  • CVE-2023-46846Nov 3, 2023
    risk 0.01cvss epss 0.05

    SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.

  • CVE-2020-24606Aug 24, 2020
    risk 0.01cvss epss 0.05

    Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists…

  • CVE-2014-9749Nov 6, 2015
    risk 0.01cvss epss 0.11

    Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay vulnerability."

Page 3 of 6