Vulnerabilities > Squid Cache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-09-12 | CVE-2014-6270 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow. | 6.8 |
| 2014-09-11 | CVE-2014-3609 | Improper Input Validation vulnerability in Squid-Cache Squid HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted "Range headers with unidentifiable byte-range values." | 5.0 |
| 2014-04-14 | CVE-2014-0128 | Improper Input Validation vulnerability in multiple products Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management. | 5.0 |
| 2013-09-30 | CVE-2013-1839 | Improper Input Validation vulnerability in Squid-Cache Squid The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x before 3.2.9 and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a "," character in an Accept-Language header. | 7.8 |
| 2013-09-16 | CVE-2013-4123 | Improper Input Validation vulnerability in multiple products client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header. | 5.0 |
| 2013-08-09 | CVE-2013-4115 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server termination) via a long name in a DNS lookup request. | 7.5 |
| 2011-11-17 | CVE-2011-4096 | Resource Management Errors vulnerability in Squid-Cache Squid The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record. | 5.0 |
| 2010-10-12 | CVE-2010-2951 | Unspecified vulnerability in Squid-Cache Squid 3.1.6 dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not enabled, accesses an invalid socket during an IPv4 TCP DNS query, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors that trigger an IPv4 DNS response with the TC bit set. | 5.0 |
| 2010-09-20 | CVE-2010-3072 | Denial Of Service vulnerability in Squid Proxy String Processing NULL Pointer Dereference The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request. | 5.0 |
| 2010-02-15 | CVE-2010-0639 | Remote Denial of Service vulnerability in Squid Web Proxy Cache HTCP Request Processing The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port. | 5.0 |