U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:squid-cache:squid:3.0.stable24:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 51 matching records.
Displaying matches 41 through 51.
Vuln ID Summary CVSS Severity
CVE-2016-3947

Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 packet.

Published: April 07, 2016; 2:59:00 PM -0400
V3.0: 8.2 HIGH
V2.0: 7.5 HIGH
CVE-2016-2571

http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.

Published: February 27, 2016; 12:59:05 AM -0500
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2016-2570

The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.

Published: February 27, 2016; 12:59:04 AM -0500
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2016-2569

Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.

Published: February 27, 2016; 12:59:03 AM -0500
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2015-5400

Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.

Published: September 28, 2015; 4:59:03 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2015-0881

CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response.

Published: February 20, 2015; 6:59:04 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-6270

Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow.

Published: September 12, 2014; 10:55:07 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2012-5643

CVE-2012-5643 squid: cachemgr.cgi memory usage DoS and memory leaks

Published: December 20, 2012; 7:02:19 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-4096

The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record.

Published: November 17, 2011; 2:55:01 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-3205

Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression.

Published: September 06, 2011; 11:55:08 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2010-3072

The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.

Published: September 20, 2010; 5:00:02 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM