MidnightBSD

Advisories for squid

CVE-2001-0843 MEDIUM

Squid proxy server 2.4 and earlier allows remote attackers to cause a denial of service (crash) via a mkdir-only FTP PUT request.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
squid squid_web_proxy *
CVE-2001-1030 HIGH

Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
immunix immunix 7.0
redhat linux 7.0
caldera openlinux_server 3.1
trustix secure_linux 1.2
squid squid_web_proxy 2.3stable3
mandrakesoft mandrake_linux_corporate_server 1.0.1
squid squid_web_proxy 2.3stable4
trustix secure_linux 1.1
mandrakesoft mandrake_linux 7.1
mandrakesoft mandrake_linux 7.2
immunix immunix 6.2
trustix secure_linux 1.01
immunix immunix 7.0_beta
mandrakesoft mandrake_single_network_firewall 7.2
mandrakesoft mandrake_linux 8.0
CVE-2002-0067 HIGH

Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when "htcp_port 0" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat linux 7.1
squid squid *
redhat linux 7.0
redhat linux 6.2
redhat linux 7.2
CVE-2002-0068 HIGH

Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat linux 7.1
squid squid *
redhat linux 7.0
redhat linux 6.2
redhat linux 7.2
CVE-2002-0069 LOW

Memory leak in SNMP in Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat linux 7.1
squid squid *
redhat linux 7.0
redhat linux 6.2
redhat linux 7.2
CVE-2002-0163 HIGH

Heap-based buffer overflow in Squid before 2.4 STABLE4, and Squid 2.5 and 2.6 until March 12, 2002 distributions, allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via compressed DNS responses.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
squid squid *
CVE-2002-0713 HIGH

Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code (1) via the MSNT auth helper (msnt_auth) when using denyusers or allowusers files, (2) via the gopher client, or (3) via the FTP server directory listing parser when HTML output is generated.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
squid squid *
CVE-2002-0714 HIGH

FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
squid squid *
CVE-2002-0715 MEDIUM

Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user's proxy login and password.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
squid squid *
CVE-2002-2414 MEDIUM

Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not properly handle when accepting a non-global certificate authority (CA) certificate from a site and establishing a subsequent HTTPS connection, which allows remote attackers to cause a denial of service (crash).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
opera_software opera 6.0.3
squid squid 2.4
CVE-2004-0189 HIGH

The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
squid squid 2.5_stable4
squid squid 2.3_stable5
squid squid 2.0_patch2
squid squid 2.1_patch2
squid squid 2.5_stable3
squid squid 2.4_stable7
squid squid 2.4
CVE-2004-0832 MEDIUM

The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid 2.5.6 and earlier, with NTLM authentication enabled, allow remote attackers to cause a denial of service (application crash) via an NTLMSSP packet that causes a negative value to be passed to memcpy.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
squid squid *
CVE-2004-0918 MEDIUM

The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
squid squid 2.5_.stable6
openpkg openpkg current
squid squid 2.5_.stable4
squid squid 3.0_pre1
openpkg openpkg 2.1
squid squid 2.5_.stable5
openpkg openpkg 2.2
squid squid 2.0_patch2
squid squid 2.1_patch2
squid squid 2.5_.stable1
squid squid 2.5_.stable3
squid squid 3.0_pre3
trustix secure_linux 1.5
redhat fedora_core core_2.0
squid squid 2.4
squid squid 2.4_.stable6
squid squid 3.0_pre2
squid squid 2.4_.stable2
squid squid 2.4_.stable7
trustix secure_linux 2.1
squid squid 2.3_.stable4
trustix secure_linux 2.0
squid squid 2.3_.stable5
ubuntu ubuntu_linux 4.1
gentoo linux *
CVE-2004-2654 MEDIUM

The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory, a researcher claimed that the issue was a buffer overflow that was not fixed in STABLE6. However, the vendor's bug report clearly shows that the researcher later retracted this claim, because the tested product was actually STABLE5.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
squid squid 2.5_stable5
CVE-2005-0094 MEDIUM

Buffer overflow in the gopherToHTML function in the Gopher reply parser for Squid 2.5.STABLE7 and earlier allows remote malicious Gopher servers to cause a denial of service (crash) via crafted responses.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
squid squid 2.5_.stable6
squid squid 2.5_stable4
squid squid 2.5_.stable4
squid squid 2.5_.stable5
squid squid 2.3_stable5
squid squid 2.5.stable2
squid squid 2.5.stable6
squid squid 2.0_patch2
squid squid 2.1_patch2
squid squid 2.4_stable7
squid squid 2.5_.stable1
squid squid 2.5.stable7
squid squid 2.5_.stable3
squid squid 2.4
squid squid 2.6.stable1
squid squid 2.4_.stable6
squid squid 2.5.6
squid squid 2.4_.stable2
squid squid 2.5_stable9
squid squid 2.4_.stable7
squid squid 2.5.stable4
squid squid 2.5.stable5
squid squid 2.3_.stable4
squid squid 2.5.stable1
squid squid 2.3_.stable5
squid squid 2.5.stable3
squid squid 2.5_stable3
CVE-2005-0095 MEDIUM

The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid's home router and invalid WCCP_I_SEE_YOU cache numbers.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
squid squid 2.5_.stable6
squid squid 2.5_stable4
squid squid 2.5_.stable4
squid squid 2.5_.stable5
squid squid 2.3_stable5
squid squid 2.5.stable2
squid squid 2.5.stable6
squid squid 2.0_patch2
squid squid 2.1_patch2
squid squid 2.4_stable7
squid squid 2.5_.stable1
squid squid 2.5.stable7
squid squid 2.5_.stable3
squid squid 2.4
squid squid 2.6.stable1
squid squid 2.4_.stable6
squid squid 2.5.6
squid squid 2.4_.stable2
squid squid 2.5_stable9
squid squid 2.4_.stable7
squid squid 2.5.stable4
squid squid 2.5.stable5
squid squid 2.3_.stable4
squid squid 2.5.stable1
squid squid 2.3_.stable5
squid squid 2.5.stable3
squid squid 2.5_stable3
CVE-2005-0096 MEDIUM

Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (memory consumption).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
squid squid 2.5_.stable6
squid squid 2.5_stable4
squid squid 2.5_.stable4
squid squid 2.5_.stable5
squid squid 2.3_stable5
squid squid 2.5.stable2
squid squid 2.5.stable6
squid squid 2.0_patch2
squid squid 2.1_patch2
squid squid 2.4_stable7
squid squid 2.5_.stable1
squid squid 2.5.stable7
squid squid 2.5_.stable3
squid squid 2.4
squid squid 2.6.stable1
squid squid 2.4_.stable6
squid squid 2.5.6
squid squid 2.4_.stable2
squid squid 2.5_stable9
squid squid 2.4_.stable7
squid squid 2.5.stable4
squid squid 2.5.stable5
squid squid 2.3_.stable4
squid squid 2.5.stable1
squid squid 2.3_.stable5
squid squid 2.5.stable3
squid squid 2.5_stable3
CVE-2005-0097 MEDIUM

The NTLM component in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via a malformed NTLM type 3 message that triggers a NULL dereference.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
squid squid 2.5_.stable6
squid squid 2.5_stable4
squid squid 2.5_.stable4
squid squid 2.5_.stable5
squid squid 2.3_stable5
squid squid 2.5.stable2
squid squid 2.5.stable6
squid squid 2.0_patch2
squid squid 2.1_patch2
squid squid 2.4_stable7
squid squid 2.5_.stable1
squid squid 2.5.stable7
squid squid 2.5_.stable3
squid squid 2.4
squid squid 2.6.stable1
squid squid 2.4_.stable6
squid squid 2.5.6
squid squid 2.4_.stable2
squid squid 2.5_stable9
squid squid 2.4_.stable7
squid squid 2.5.stable4
squid squid 2.5.stable5
squid squid 2.3_.stable4
squid squid 2.5.stable1
squid squid 2.3_.stable5
squid squid 2.5.stable3
squid squid 2.5_stable3
CVE-2005-0173 HIGH

squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
squid squid 2.1.pre4
squid squid 2.2.stable4
squid squid 2.4.stable1
squid squid 2.2.stable5
squid squid 2.3.stable1
squid squid 2.1.patch1
squid squid 2.5.stable2
squid squid 2.1.patch2
squid squid 2.4.stable4
squid squid 2.5.stable6
squid squid 2.2.devel4
squid squid 2.3.stable3
squid squid 2.2.pre2
squid squid 2.2.stable2
squid squid 2.4.stable2
squid squid 2.0.pre1
squid squid 2.2.pre1
squid squid 2.3.devel2
squid squid 2.4.stable7
squid squid 2.3.stable4
squid squid 2.3.stable2
squid squid 2.2.stable1
squid squid 2.4.stable6
squid squid 2.5.stable4
squid squid 2.1.pre1
squid squid 2.2.stable3
squid squid 2.3.devel3
squid squid 2.5.stable5
squid squid 2.0.patch2
squid squid 2.5.stable1
squid squid 2.2.devel3
squid squid 2.5.stable3
squid squid 2.3.stable5
squid squid 2.4.stable3
squid squid 2.1.pre3
squid squid 2.0.release
squid squid 2.1.release
squid squid 2.0.patch1
CVE-2005-0174 MEDIUM

Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including (1) multiple Content-Length headers, (2) carriage return (CR) characters that are not part of a CRLF pair, and (3) header names containing whitespace characters.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
squid squid 2.5_.stable6
squid squid 2.5_stable4
squid squid 2.5_.stable4
squid squid 2.5.6
squid squid 2.5_stable9
squid squid 2.5.stable4
squid squid 2.5.stable5
squid squid 2.5_.stable5
squid squid 2.5.stable1
squid squid 2.5.stable2
squid squid 2.5.stable6
squid squid 2.5.stable3
squid squid 2.5_stable3
squid squid 2.5_.stable1
squid squid 2.5.stable7
squid squid 2.5_.stable3
CVE-2005-0175 MEDIUM

Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
squid squid 2.5_.stable6
squid squid 2.5_stable4
squid squid 2.5_.stable4
squid squid 2.5.6
squid squid 2.5_stable9
squid squid 2.5.stable4
squid squid 2.5.stable5
squid squid 2.5_.stable5
squid squid 2.5.stable1
squid squid 2.5.stable2
squid squid 2.5.stable6
squid squid 2.5.stable3
squid squid 2.5_stable3
squid squid 2.5_.stable1
squid squid 2.5.stable7
squid squid 2.5_.stable3
CVE-2005-0194 HIGH

Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warnings.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
squid squid 2.1.pre4
squid squid 2.2.stable4
squid squid 2.4.stable1
squid squid 2.2.stable5
squid squid 2.3.stable1
squid squid 2.1.patch1
squid squid 2.5.stable2
squid squid 2.1.patch2
squid squid 2.4.stable4
squid squid 2.5.stable6
squid squid 2.2.devel4
squid squid 2.3.stable3
squid squid 2.2.pre2
squid squid 2.2.stable2
squid squid 2.4.stable2
squid squid 2.0.pre1
squid squid 2.2.pre1
squid squid 2.3.devel2
squid squid 2.4.stable7
squid squid 2.3.stable4
squid squid 2.3.stable2
squid squid 2.2.stable1
squid squid 2.4.stable6
squid squid 2.5.stable4
squid squid 2.1.pre1
squid squid 2.2.stable3
squid squid 2.3.devel3
squid squid 2.5.stable5
squid squid 2.0.patch2
squid squid 2.5.stable1
squid squid 2.2.devel3
squid squid 2.5.stable3
squid squid 2.3.stable5
squid squid 2.4.stable3
squid squid 2.1.pre3
squid squid 2.0.release
squid squid 2.1.release
squid squid 2.0.patch1
CVE-2005-0241 MEDIUM

The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling "oversized" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
squid squid 2.5.stable1
squid squid 2.5.stable2
squid squid 2.5.stable6
squid squid 2.5.stable3
squid squid 2.5.stable4
squid squid 2.5.stable5
squid squid 2.5.stable7
CVE-2005-0446 MEDIUM

Squid 2.5.STABLE8 and earlier allows remote attackers to cause a denial of service (crash) via certain DNS responses regarding (1) Fully Qualified Domain Names (FQDN) in fqdncache.c or (2) IP addresses in ipcache.c, which trigger an assertion failure.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
squid squid 2.5_.stable6
squid squid 2.1.pre4
squid squid 2.2.stable4
squid squid 2.4.stable1
squid squid 2.3.stable1
squid squid 2.1.patch1
squid squid 2.5.stable2
squid squid 2.1.patch2
squid squid 2.5.stable6
squid squid 2.2.devel4
squid squid 2.3.stable3
squid squid 2.0_patch2
squid squid 2.2.pre2
squid squid 2.4.stable2
squid squid 2.0.pre1
squid squid 2.2.pre1
squid squid 2.5_.stable1
squid squid 2.5.stable7
squid squid 2.4
squid squid 2.3.devel2
squid squid 2.5.6
squid squid 2.4.stable7
squid squid 2.2.stable1
squid squid 2.4.stable6
squid squid 2.4_.stable7
squid squid 2.5.stable4
squid squid 2.1.pre1
squid squid 2.3_.stable4
squid squid 2.5.stable1
squid squid 2.3_.stable5
squid squid 2.5.stable3
squid squid 2.1.pre3
squid squid 2.5_stable4
squid squid 2.5_.stable4
squid squid 2.2.stable5
squid squid 2.5_.stable5
squid squid 2.5.stable8
squid squid 2.3_stable5
squid squid 2.4.stable4
squid squid 2.1_patch2
squid squid 2.2.stable2
squid squid 2.4_stable7
squid squid 2.5_.stable3
squid squid 2.4_.stable6
squid squid 2.3.stable4
squid squid 2.3.stable2
squid squid 2.4_.stable2
squid squid 2.5_stable9
squid squid 2.2.stable3
squid squid 2.3.devel3
squid squid 2.5.stable5
squid squid 2.0.patch2
squid squid 2.2.devel3
squid squid 2.3.stable5
squid squid 2.5_stable3
squid squid 2.4.stable3
squid squid 2.0.release
squid squid 2.1.release
squid squid 2.0.patch1
CVE-2005-0626 LOW

Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape Set-Cookie recommendations for handling cookies in caches, may cause Set-Cookie headers to be sent to other users, which allows attackers to steal the related cookies.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
squid squid 2.5.stable6
squid squid 2.5.stable5
squid squid 2.5.stable7
CVE-2005-0718 MEDIUM

Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access previously freed memory.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
squid squid 2.5_.stable6
squid squid 2.1.pre4
squid squid 2.2.stable4
squid squid 2.4.stable1
squid squid 2.3.stable1
squid squid 2.1.patch1
squid squid 2.5.stable2
squid squid 2.1.patch2
squid squid 2.5.stable6
squid squid 2.2.devel4
squid squid 2.3.stable3
squid squid 2.0_patch2
squid squid 2.2.pre2
squid squid 2.4.stable2
squid squid 2.0.pre1
squid squid 2.2.pre1
squid squid 2.5_.stable1
squid squid 2.5.stable7
squid squid 2.4
squid squid 2.3.devel2
squid squid 2.5.6
squid squid 2.4.stable7
squid squid 2.2.stable1
squid squid 2.4.stable6
squid squid 2.4_.stable7
squid squid 2.5.stable4
squid squid 2.1.pre1
squid squid 2.3_.stable4
squid squid 2.5.stable1
squid squid 2.3_.stable5
squid squid 2.5.stable3
squid squid 2.1.pre3
squid squid 2.5_stable4
squid squid 2.5_.stable4
squid squid 2.2.stable5
squid squid 2.5_.stable5
squid squid 2.3_stable5
squid squid 2.4.stable4
squid squid 2.1_patch2
squid squid 2.2.stable2
squid squid 2.4_stable7
squid squid 2.5_.stable3
squid squid 2.4_.stable6
squid squid 2.3.stable4
squid squid 2.3.stable2
squid squid 2.4_.stable2
squid squid 2.5_stable9
squid squid 2.2.stable3
squid squid 2.3.devel3
squid squid 2.5.stable5
squid squid 2.0.patch2
squid squid 2.2.devel3
squid squid 2.3.stable5
squid squid 2.5_stable3
squid squid 2.4.stable3
squid squid 2.0.release
squid squid 2.1.release
squid squid 2.0.patch1
CVE-2005-1345 HIGH

Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it identifies missing or invalid ACLs in the http_access configuration, which could lead to less restrictive ACLs than intended by the administrator.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
squid squid 2.5.stable1
squid squid 2.5.stable8
squid squid 2.5.stable2
squid squid 2.5.stable6
squid squid 2.5.stable3
squid squid 2.5.stable4
squid squid 2.5.stable5
squid squid 2.5.stable9
squid squid 2.5.stable7
CVE-2005-1519 MEDIUM

Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered and the environment does not prevent IP spoofing, allows remote attackers to spoof DNS lookups.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
squid squid *
CVE-2005-1711 HIGH

Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to 0.81 for Squid, uses a defunct ClamAV method to scan memory for viruses, which does not return an error code and prevents viruses from being detected.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
gibraltar gibraltar_firewall 2.2
clam_anti-virus clamav 0.90.2
squid squid 2.6.stable1
CVE-2005-2794 MEDIUM

store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (crash) via certain aborted requests that trigger an assert error related to STORE_PENDING.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
squid squid 2.1.pre4
squid squid 2.2.stable4
squid squid 2.4.stable1
squid squid 2.2.stable5
squid squid 2.3.stable1
squid squid 2.1.patch1
squid squid 2.5.stable8
squid squid 2.5.stable2
squid squid 2.1.patch2
squid squid 2.4.stable4
squid squid 2.5.stable6
squid squid 2.2.devel4
squid squid 2.3.stable3
squid squid 2.2.pre2
squid squid 2.2.stable2
squid squid 2.4.stable2
squid squid 2.0.pre1
squid squid 2.2.pre1
squid squid 2.5.stable9
squid squid 2.5.stable7
squid squid 2.5.stable10
squid squid 2.3.devel2
squid squid 2.4.stable7
squid squid 2.3.stable4
squid squid 2.3.stable2
squid squid 2.2.stable1
squid squid 2.4.stable6
squid squid 2.5.stable4
squid squid 2.1.pre1
squid squid 2.2.stable3
squid squid 2.3.devel3
squid squid 2.5.stable5
squid squid 2.0.patch2
squid squid 2.5.stable1
squid squid 2.2.devel3
squid squid 2.5.stable3
squid squid 2.3.stable5
squid squid 2.4.stable3
squid squid 2.1.pre3
squid squid 2.0.release
squid squid 2.1.release
squid squid 2.0.patch1
CVE-2005-2796 MEDIUM

The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (segmentation fault) via certain crafted requests.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
squid squid 2.5_.stable6
squid squid 2.1.pre4
squid squid 2.2.stable4
squid squid 2.4.stable1
squid squid 2.3.stable1
squid squid 2.1.patch1
squid squid 2.5.stable2
squid squid 2.1.patch2
squid squid 2.5.stable6
squid squid 2.2.devel4
squid squid 2.3.stable3
squid squid 2.0_patch2
squid squid 2.2.pre2
squid squid 2.4.stable2
squid squid 2.0.pre1
squid squid 2.2.pre1
squid squid 2.5_.stable1
squid squid 2.5.stable7
squid squid 2.4
squid squid 2.3.devel2
squid squid 2.5.6
squid squid 2.4.stable7
squid squid 2.2.stable1
squid squid 2.4.stable6
squid squid 2.4_.stable7
squid squid 2.5.stable4
squid squid 2.1.pre1
squid squid 2.3_.stable4
squid squid 2.5.stable1
squid squid 2.3_.stable5
squid squid 2.5.stable3
squid squid 2.1.pre3
squid squid 2.5_stable4
squid squid 2.5_.stable4
squid squid 2.2.stable5
squid squid 2.5_.stable5
squid squid 2.5.stable8
squid squid 2.3_stable5
squid squid 2.4.stable4
squid squid 2.1_patch2
squid squid 2.2.stable2
squid squid 2.4_stable7
squid squid 2.5.stable9
squid squid 2.5_.stable3
squid squid 2.5.stable10
squid squid 2.4_.stable6
squid squid 2.3.stable4
squid squid 2.3.stable2
squid squid 2.4_.stable2
squid squid 2.5_stable9
squid squid 2.2.stable3
squid squid 2.3.devel3
squid squid 2.5.stable5
squid squid 2.0.patch2
squid squid 2.2.devel3
squid squid 2.3.stable5
squid squid 2.5_stable3
squid squid 2.4.stable3
squid squid 2.0.release
squid squid 2.1.release
squid squid 2.0.patch1
CVE-2005-2917 MEDIUM

Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
squid squid *
squid squid 2.5.9
CVE-2005-3258 MEDIUM

The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and earlier allows remote FTP servers to cause a denial of service (segmentation fault) via certain "odd" responses.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
squid squid 2.1.pre4
squid squid 2.2.stable4
squid squid 2.4.stable1
squid squid 2.2.stable5
squid squid 2.3.stable1
squid squid 2.1.patch1
squid squid 2.5.stable11
squid squid 2.5.stable8
squid squid 2.5.stable2
squid squid 2.1.patch2
squid squid 2.4.stable4
squid squid 2.5.stable6
squid squid 2.2.devel4
squid squid 2.3.stable3
squid squid 2.2.pre2
squid squid 2.2.stable2
squid squid 2.4.stable2
squid squid 2.0.pre1
squid squid 2.2.pre1
squid squid 2.5.stable9
squid squid 2.5.stable7
squid squid 2.5.stable10
squid squid 2.4
squid squid 2.3.devel2
squid squid 2.5.6
squid squid 2.4.stable7
squid squid 2.3.stable4
squid squid 2.3.stable2
squid squid 2.2.stable1
squid squid 2.4.stable6
squid squid 2.5.stable4
squid squid 2.1.pre1
squid squid 2.2.stable3
squid squid 2.3.devel3
squid squid 2.5.stable5
squid squid 2.0.patch2
squid squid 2.5.stable1
squid squid 2.2.devel3
squid squid 2.5.stable3
squid squid 2.3.stable5
squid squid 2.4.stable3
squid squid 2.1.pre3
squid squid 2.0.release
squid squid 2.1.release
squid squid 2.0.patch1
CVE-2005-3322 MEDIUM

Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote attackers to cause a denial of service (crash) via HTTPs (SSL).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
suse suse_linux 9.0
squid squid 2.6.stable1
CVE-2008-1612 MEDIUM

The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which triggers an assert error. NOTE: this issue is due to an incorrect fix for CVE-2007-6239.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
squid squid 2.6.stable17