Vulnerabilities > Squid Cache > Squid > 3.1.6
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-09-12 | CVE-2014-6270 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow. | 6.8 |
2014-09-11 | CVE-2014-3609 | Improper Input Validation vulnerability in Squid-Cache Squid HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted "Range headers with unidentifiable byte-range values." | 5.0 |
2014-04-14 | CVE-2014-0128 | Improper Input Validation vulnerability in multiple products Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management. | 5.0 |
2011-11-17 | CVE-2011-4096 | Resource Management Errors vulnerability in Squid-Cache Squid The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record. | 5.0 |
2010-10-12 | CVE-2010-2951 | Unspecified vulnerability in Squid-Cache Squid 3.1.6 dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not enabled, accesses an invalid socket during an IPv4 TCP DNS query, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors that trigger an IPv4 DNS response with the TC bit set. | 5.0 |
2010-09-20 | CVE-2010-3072 | Denial Of Service vulnerability in Squid Proxy String Processing NULL Pointer Dereference The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request. | 5.0 |