Vulnerabilities > Squid Cache > Squid > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-04-14 | CVE-2014-0128 | Improper Input Validation vulnerability in multiple products Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management. | 5.0 |
| 2013-09-16 | CVE-2013-4123 | Improper Input Validation vulnerability in multiple products client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header. | 5.0 |
| 2011-11-17 | CVE-2011-4096 | Resource Management Errors vulnerability in Squid-Cache Squid The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record. | 5.0 |
| 2010-10-12 | CVE-2010-2951 | Unspecified vulnerability in Squid-Cache Squid 3.1.6 dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not enabled, accesses an invalid socket during an IPv4 TCP DNS query, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors that trigger an IPv4 DNS response with the TC bit set. | 5.0 |
| 2010-09-20 | CVE-2010-3072 | Denial Of Service vulnerability in Squid Proxy String Processing NULL Pointer Dereference The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request. | 5.0 |
| 2010-02-15 | CVE-2010-0639 | Remote Denial of Service vulnerability in Squid Web Proxy Cache HTCP Request Processing The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port. | 5.0 |
| 2010-02-03 | CVE-2010-0308 | Improper Input Validation vulnerability in Squid-Cache Squid lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header. | 4.0 |
| 2009-07-28 | CVE-2009-2622 | Improper Input Validation vulnerability in Squid-Cache Squid Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) "missing or mismatched protocol identifier," (2) missing or negative status value," (3) "missing version," or (4) "missing or invalid status number," related to (a) HttpMsg.cc and (b) HttpReply.cc. | 5.0 |
| 2009-07-28 | CVE-2009-2621 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Squid-Cache Squid Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce "buffer limits and related bound checks," which allows remote attackers to cause a denial of service via (1) an incomplete request or (2) a request with a large header size, related to (a) HttpMsg.cc and (b) client_side.cc. | 5.0 |