CVE Daily
← All tags

Tag: Squid

All CVEs associated with "Squid". Page 2/2 • 177 CVEs.

Subscribe CVEs: RSS for “Squid”  ·  RSS (High+Critical only)

About “Squid”

A curated feed of “Squid”-related CVEs appears below. We currently track 177 CVEs for this tag (all time). In the last 365 days, 7 were published. Average CVSS is 6.6 (all time; 7.6 over 365d), and 47% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-416 - Use After Free, CWE-125 - Out-of-bounds Read, CWE-413 - Improper Resource Locking.

In our taxonomy this topic maps to a LOW impact class. Databases, proxies, and web servers often need coordinated restarts and config checks. Patch only modules you deploy, verify TLS and authentication, and tune limits. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2009-03-04
Medium

CVE-2009-0801

Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight,…

CVSS: 5.4 CWE: CWE-264 View on NVD
2009-02-08
Medium

CVE-2009-0478

Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable a…

CVSS: 5.0 CWE: CWE-20 - Improper Input Validation View on NVD
2008-05-13
Critical

CVE-2008-1922

Multiple stack-based buffer overflows in Sarg might allow attackers to execute arbitrary code via unknown vectors, probably a crafted Squid log file.

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2008-04-01
Medium

CVE-2008-1612

The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows attackers to cause a denial of service (process exit) via unknown vectors that cause an array to shrink to 0 entries, which trigger…

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
2008-03-05
Critical

CVE-2008-1167

Stack-based buffer overflow in the useragent function in useragent.c in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remote attackers to execute arbitrary code via a long Squid proxy server…

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2008-1168

Cross-site scripting (XSS) vulnerability in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent header, which is not prope…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2007-12-04
Medium

CVE-2007-6239

The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP heade…

CVSS: 5.0 CWE: CWE-20 - Improper Input Validation View on NVD
2007-03-21
Medium

CVE-2007-1560

The clientProcessRequest() function in src/client_side.c in Squid 2.6 before 2.6.STABLE12 allows remote attackers to cause a denial of service (daemon crash) via crafted TRACE requests that trigger a…

CVSS: 5.0 CWE: N/A View on NVD
2007-01-16
Medium

CVE-2007-0247

squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a denial of service (core dump) via crafted FTP directory listing responses, possibly related to the (1) ftpListingFinis…

CVSS: 5.0 CWE: CWE-399 View on NVD
Medium

CVE-2007-0248

The aclMatchExternal function in Squid before 2.6.STABLE7 allows remote attackers to cause a denial of service (crash) by causing an external_acl queue overload, which triggers an infinite loop.

CVSS: 5.0 CWE: N/A View on NVD
2006-02-13
High

CVE-2006-0046

squid_redirect script in adzapper before 2006-01-29 allows remote attackers to cause a denial of service (CPU consumption) via a URL with a large number of trailing / (forward slashes), which might p…

CVSS: 7.8 CWE: N/A View on NVD
2005-10-27
Medium

CVE-2005-3322

Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote attackers to cause a denial of service (crash) via HTTPs (SSL).

CVSS: 5.0 CWE: N/A View on NVD
2005-10-20
Medium

CVE-2005-3258

The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and earlier allows remote FTP servers to cause a denial of service (segmentation fault) via certain "odd" responses.

CVSS: 5.0 CWE: N/A View on NVD
2005-09-30
Medium

CVE-2005-2917

Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart).

CVSS: 5.0 CWE: N/A View on NVD
2005-09-07
Medium

CVE-2005-2794

store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (crash) via certain aborted requests that trigger an assert error related to STORE_PENDING.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-2796

The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (segmentation fault) via certain crafted requests.

CVSS: 5.0 CWE: N/A View on NVD
2005-05-24
High

CVE-2005-1711

Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to 0.81 for Squid, uses a defunct ClamAV method to scan memory for viruses, which does not return an error code and prevents viruses f…

CVSS: 7.5 CWE: N/A View on NVD
2005-05-11
Medium

CVE-2005-1519

Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered and the environment does not prevent IP spoofing, allows remote attackers to spoof DNS lookups.

CVSS: 6.4 CWE: N/A View on NVD
2005-05-02
High

CVE-2005-0173

squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored b…

CVSS: 7.5 CWE: N/A View on NVD
Critical

CVE-2005-0194

Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which…

CVSS: 10.0 CWE: N/A View on NVD
High

CVE-2005-0211

Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recv…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2005-0241

The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling "oversized" HTTP reply headers, which might allow remote at…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-0446

Squid 2.5.STABLE8 and earlier allows remote attackers to cause a denial of service (crash) via certain DNS responses regarding (1) Fully Qualified Domain Names (FQDN) in fqdncache.c or (2) IP address…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-0813

Buffer overflow in Initial Redirect (ir) Squid Proxy Plug-In 0.1 and 0.2 may allow attackers to cause a denial of service and execute arbitrary code via unknown vectors.

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2005-1345

Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it identifies missing or invalid ACLs in the http_access configuration, which could lead to less restrictive ACLs than intended by th…

CVSS: 7.5 CWE: N/A View on NVD
2005-04-14
Medium

CVE-2005-0718

Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access p…

CVSS: 5.0 CWE: N/A View on NVD
2005-03-08
Low

CVE-2005-0626

Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape Set-Cookie recommendations for handling cookies in caches, may cause Set-Cookie headers to be sent to other users, which al…

CVSS: 2.6 CWE: N/A View on NVD
2005-02-07
Medium

CVE-2005-0174

Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including (1) multiple Content-Length headers…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-0175

Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack.

CVSS: 5.0 CWE: N/A View on NVD
2005-01-27
Medium

CVE-2004-0918

The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets w…

CVSS: 5.0 CWE: CWE-399 View on NVD
2005-01-25
Medium

CVE-2005-0096

Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (memory consumption).

CVSS: 5.0 CWE: N/A View on NVD
2005-01-15
Medium

CVE-2005-0094

Buffer overflow in the gopherToHTML function in the Gopher reply parser for Squid 2.5.STABLE7 and earlier allows remote malicious Gopher servers to cause a denial of service (crash) via crafted respo…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2005-0095

The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to refer…

CVSS: 5.0 CWE: N/A View on NVD
2005-01-11
Medium

CVE-2005-0097

The NTLM component in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via a malformed NTLM type 3 message that triggers a NULL dereference.

CVSS: 5.0 CWE: N/A View on NVD
2004-12-31
Medium

CVE-2004-2479

Squid Web Proxy Cache 2.5 might allow remote attackers to obtain sensitive information via URLs containing invalid hostnames that cause DNS operations to fail, which results in references to previous…

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2004-2480

Squid Web Proxy Cache 2.3.STABLE5 allows remote attackers to bypass security controls and access arbitrary websites via "@@" sequences in a URL within Internet Explorer.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2004-2654

The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors that trigge…

CVSS: 5.0 CWE: N/A View on NVD
2004-11-03
Medium

CVE-2004-0832

The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid 2.5.6 and earlier, with NTLM authentication enabled, allow remote attackers to cause a denial of service (application crash) via a…

CVSS: 5.0 CWE: N/A View on NVD
2004-08-06
Critical

CVE-2004-0541

Buffer overflow in the ntlm_check_auth (NTLM authentication) function for Squid Web Proxy Cache 2.5.x and 3.x, when compiled with NTLM handlers enabled, allows remote attackers to execute arbitrary c…

CVSS: 10.0 CWE: N/A View on NVD
2004-03-15
High

CVE-2004-0189

The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of t…

CVSS: 7.5 CWE: N/A View on NVD
2004-01-05
High

CVE-2003-0963

Buffer overflows in (1) try_netscape_proxy and (2) try_squid_eplf for lftp 2.6.9 and earlier allow remote HTTP servers to execute arbitrary code via long directory names that are processed by the ls…

CVSS: 7.5 CWE: N/A View on NVD
2002-12-31
Medium

CVE-2002-2414

Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not properly handle when accepting a non-global certificate authority (CA) certificate from a site and establishing a subsequent HTTPS conne…

CVSS: 4.3 CWE: N/A View on NVD
2002-10-04
High

CVE-2002-0916

Format string vulnerability in the allowuser code for the Stellar-X msntauth authentication module, as distributed in Squid 2.4.STABLE6 and earlier, allows remote attackers to execute arbitrary code…

CVSS: 7.5 CWE: N/A View on NVD
2002-08-12
High

CVE-2002-0735

Format string vulnerability in the logging() function in C-Note Squid LDAP authentication module (squid_auth_LDAP) 2.0.2 and earlier allows remote attackers to cause a denial of service and possibly…

CVSS: 7.5 CWE: N/A View on NVD
2002-07-26
High

CVE-2002-0713

Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code (1) via the MSNT auth helper (msnt_auth) when using denyus…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2002-0714

FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2002-0715

Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user's proxy login and password.

CVSS: 5.0 CWE: N/A View on NVD
2002-03-26
High

CVE-2002-0163

Heap-based buffer overflow in Squid before 2.4 STABLE4, and Squid 2.5 and 2.6 until March 12, 2002 distributions, allows remote attackers to cause a denial of service, and possibly execute arbitrary…

CVSS: 7.5 CWE: N/A View on NVD
2002-03-08
High

CVE-2002-0067

Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when "htcp_port 0" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions.

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2002-0068

Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which…

CVSS: 7.5 CWE: N/A View on NVD
Low

CVE-2002-0069

Memory leak in SNMP in Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service.

CVSS: 2.6 CWE: N/A View on NVD
2001-12-06
Medium

CVE-2001-0843

Squid proxy server 2.4 and earlier allows remote attackers to cause a denial of service (crash) via a mkdir-only FTP PUT request.

CVSS: 5.0 CWE: N/A View on NVD
2001-07-18
High

CVE-2001-1030

Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypas…

CVSS: 7.5 CWE: N/A View on NVD
2001-03-12
Low

CVE-2001-0142

squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations.

CVSS: 1.2 CWE: N/A View on NVD
1999-12-31
Medium

CVE-1999-1481

Squid 2.2.STABLE5 and below, when using external authentication, allows attackers to bypass access controls via a newline in the user/password pair.

CVSS: 5.0 CWE: N/A View on NVD
1999-07-25
High

CVE-1999-0710

The Squid package in Red Hat Linux 5.2 and 6.0, and other distributions, installs cachemgr.cgi in a public web directory, which allows remote attackers to use it as an intermediary to connect to othe…

CVSS: 7.5 CWE: N/A View on NVD
1998-02-20
High

CVE-1999-1273

Squid Internet Object Cache 1.1.20 allows users to bypass access control lists (ACLs) by encoding the URL with hexadecimal escape sequences.

CVSS: 7.5 CWE: N/A View on NVD