Search CVE reports
11 – 20 of 106 results
CVE-2023-46848
Medium prioritySquid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.
2 affected packages
squid, squid3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| squid | — | Fixed | Not affected | Ignored | Ignored |
| squid3 | — | Not in release | Not in release | Not affected | Not affected |
CVE-2023-46847
Medium prioritySquid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.
2 affected packages
squid, squid3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| squid | — | Fixed | Fixed | Ignored | Ignored |
| squid3 | — | Not in release | Not in release | Fixed | Fixed |
CVE-2023-46846
Medium prioritySome fixes available 5 of 7
SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.
2 affected packages
squid, squid3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| squid | Fixed | Fixed | Fixed | Ignored | Ignored |
| squid3 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2023-46724
Medium prioritySome fixes available 4 of 6
Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack...
2 affected packages
squid, squid3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| squid | Fixed | Fixed | Not affected | Ignored | Ignored |
| squid3 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2022-41318
Medium priorityA buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some...
2 affected packages
squid, squid3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| squid | Fixed | Fixed | Fixed | Not in release | Ignored |
| squid3 | — | Not in release | Not in release | Fixed | Fixed |
CVE-2022-41317
Medium priorityAn issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an...
2 affected packages
squid, squid3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| squid | — | Fixed | Fixed | Not in release | Not in release |
| squid3 | — | Not in release | Not in release | Not affected | Not affected |
CVE-2021-46784
Medium prioritySome fixes available 8 of 9
In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses.
2 affected packages
squid, squid3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| squid | Fixed | Fixed | Fixed | Not in release | Not in release |
| squid3 | Not in release | Not in release | Not in release | Fixed | Vulnerable |
CVE-2021-41611
Medium priorityAn issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem allows a remote server to obtain...
2 affected packages
squid, squid3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| squid | — | Not affected | Not affected | Not in release | Not in release |
| squid3 | — | Not in release | Not in release | Not affected | Not affected |
CVE-2021-33620
Medium prioritySome fixes available 10 of 11
Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic...
2 affected packages
squid, squid3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| squid | Fixed | Fixed | Fixed | Not in release | Not in release |
| squid3 | Not in release | Not in release | Not in release | Fixed | Vulnerable |
CVE-2021-31807
Medium prioritySome fixes available 10 of 11
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header...
2 affected packages
squid, squid3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| squid | Fixed | Fixed | Fixed | Not in release | Not in release |
| squid3 | Not in release | Not in release | Not in release | Fixed | Vulnerable |