Vulnerabilities > Squid Cache > Medium

DATE CVE VULNERABILITY TITLE RISK
2014-04-14 CVE-2014-0128 Improper Input Validation vulnerability in multiple products
Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management.
network
low complexity
squid-cache opensuse CWE-20
5.0
2013-09-16 CVE-2013-4123 Improper Input Validation vulnerability in multiple products
client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header.
network
low complexity
squid-cache opensuse CWE-20
5.0
2011-11-17 CVE-2011-4096 Resource Management Errors vulnerability in Squid-Cache Squid
The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record.
network
low complexity
squid-cache CWE-399
5.0
2010-10-12 CVE-2010-2951 Unspecified vulnerability in Squid-Cache Squid 3.1.6
dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not enabled, accesses an invalid socket during an IPv4 TCP DNS query, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors that trigger an IPv4 DNS response with the TC bit set.
network
low complexity
squid-cache
5.0
2010-09-20 CVE-2010-3072 Denial Of Service vulnerability in Squid Proxy String Processing NULL Pointer Dereference
The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.
network
low complexity
squid-cache
5.0
2010-02-15 CVE-2010-0639 Remote Denial of Service vulnerability in Squid Web Proxy Cache HTCP Request Processing
The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port.
network
low complexity
squid-cache
5.0
2010-02-03 CVE-2010-0308 Improper Input Validation vulnerability in Squid-Cache Squid
lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header.
network
low complexity
squid-cache CWE-20
4.0
2009-07-28 CVE-2009-2622 Improper Input Validation vulnerability in Squid-Cache Squid
Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) "missing or mismatched protocol identifier," (2) missing or negative status value," (3) "missing version," or (4) "missing or invalid status number," related to (a) HttpMsg.cc and (b) HttpReply.cc.
network
low complexity
squid-cache CWE-20
5.0
2009-07-28 CVE-2009-2621 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Squid-Cache Squid
Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce "buffer limits and related bound checks," which allows remote attackers to cause a denial of service via (1) an incomplete request or (2) a request with a large header size, related to (a) HttpMsg.cc and (b) client_side.cc.
network
low complexity
squid-cache CWE-119
5.0