Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2012-5643

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-20 Dec, 2012 | 11:00
Updated At-06 Aug, 2024 | 21:14
Rejected At-
Credits

Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:20 Dec, 2012 | 11:00
Updated At:06 Aug, 2024 | 21:14
Rejected At:
â–¼CVE Numbering Authority (CNA)

Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.debian.org/security/2013/dsa-2631
vendor-advisory
x_refsource_DEBIAN
http://rhn.redhat.com/errata/RHSA-2013-0505.html
vendor-advisory
x_refsource_REDHAT
http://www.mandriva.com/security/advisories?name=MDVSA-2013:129
vendor-advisory
x_refsource_MANDRIVA
http://www.securitytracker.com/id?1027890
vdb-entry
x_refsource_SECTRACK
http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10479.patch
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html
vendor-advisory
x_refsource_SUSE
http://lists.opensuse.org/opensuse-updates/2013-09/msg00032.html
vendor-advisory
x_refsource_SUSE
http://openwall.com/lists/oss-security/2012/12/17/4
mailing-list
x_refsource_MLIST
http://secunia.com/advisories/52024
third-party-advisory
x_refsource_SECUNIA
http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11714.patch
x_refsource_CONFIRM
http://www.squid-cache.org/Advisories/SQUID-2012_1.txt
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=887962
x_refsource_CONFIRM
http://secunia.com/advisories/54839
third-party-advisory
x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html
vendor-advisory
x_refsource_SUSE
http://lists.opensuse.org/opensuse-updates/2013-01/msg00052.html
vendor-advisory
x_refsource_SUSE
https://bugs.gentoo.org/show_bug.cgi?id=447596
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2013-01/msg00075.html
vendor-advisory
x_refsource_SUSE
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0368
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-updates/2013-09/msg00025.html
vendor-advisory
x_refsource_SUSE
http://ubuntu.com/usn/usn-1713-1
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://www.debian.org/security/2013/dsa-2631
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0505.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2013:129
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://www.securitytracker.com/id?1027890
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10479.patch
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-09/msg00032.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://openwall.com/lists/oss-security/2012/12/17/4
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://secunia.com/advisories/52024
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11714.patch
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.squid-cache.org/Advisories/SQUID-2012_1.txt
Resource:
x_refsource_CONFIRM
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=887962
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/54839
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-01/msg00052.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: https://bugs.gentoo.org/show_bug.cgi?id=447596
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-01/msg00075.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0368
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-09/msg00025.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://ubuntu.com/usn/usn-1713-1
Resource:
vendor-advisory
x_refsource_UBUNTU
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.debian.org/security/2013/dsa-2631
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://rhn.redhat.com/errata/RHSA-2013-0505.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2013:129
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://www.securitytracker.com/id?1027890
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10479.patch
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://lists.opensuse.org/opensuse-updates/2013-09/msg00032.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://openwall.com/lists/oss-security/2012/12/17/4
mailing-list
x_refsource_MLIST
x_transferred
http://secunia.com/advisories/52024
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11714.patch
x_refsource_CONFIRM
x_transferred
http://www.squid-cache.org/Advisories/SQUID-2012_1.txt
x_refsource_CONFIRM
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=887962
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/54839
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://lists.opensuse.org/opensuse-updates/2013-01/msg00052.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://bugs.gentoo.org/show_bug.cgi?id=447596
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-updates/2013-01/msg00075.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0368
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-updates/2013-09/msg00025.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://ubuntu.com/usn/usn-1713-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://www.debian.org/security/2013/dsa-2631
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0505.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2013:129
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://www.securitytracker.com/id?1027890
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10479.patch
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-09/msg00032.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://openwall.com/lists/oss-security/2012/12/17/4
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://secunia.com/advisories/52024
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11714.patch
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.squid-cache.org/Advisories/SQUID-2012_1.txt
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=887962
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/54839
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-01/msg00052.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://bugs.gentoo.org/show_bug.cgi?id=447596
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-01/msg00075.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0368
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-09/msg00025.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://ubuntu.com/usn/usn-1713-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:20 Dec, 2012 | 12:02
Updated At:29 Apr, 2026 | 01:13

Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches

Squid Cache
squid-cache
>>squid>>2.0
cpe:2.3:a:squid-cache:squid:2.0:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>2.1
cpe:2.3:a:squid-cache:squid:2.1:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>2.2
cpe:2.3:a:squid-cache:squid:2.2:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>2.3
cpe:2.3:a:squid-cache:squid:2.3:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>2.4
cpe:2.3:a:squid-cache:squid:2.4:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>2.5
cpe:2.3:a:squid-cache:squid:2.5:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>2.6
cpe:2.3:a:squid-cache:squid:2.6:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>2.7
cpe:2.3:a:squid-cache:squid:2.7:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>2.7
cpe:2.3:a:squid-cache:squid:2.7:stable3:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>2.7
cpe:2.3:a:squid-cache:squid:2.7:stable4:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.0
cpe:2.3:a:squid-cache:squid:3.0:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.0
cpe:2.3:a:squid-cache:squid:3.0:-:pre1:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.0
cpe:2.3:a:squid-cache:squid:3.0:-:pre2:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.0
cpe:2.3:a:squid-cache:squid:3.0:-:pre3:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.0
cpe:2.3:a:squid-cache:squid:3.0:-:pre4:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.0
cpe:2.3:a:squid-cache:squid:3.0:-:pre5:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.0
cpe:2.3:a:squid-cache:squid:3.0:-:pre6:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.0
cpe:2.3:a:squid-cache:squid:3.0:-:pre7:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.0
cpe:2.3:a:squid-cache:squid:3.0:rc4:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.0.stable1
cpe:2.3:a:squid-cache:squid:3.0.stable1:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.0.stable2
cpe:2.3:a:squid-cache:squid:3.0.stable2:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.0.stable3
cpe:2.3:a:squid-cache:squid:3.0.stable3:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.0.stable4
cpe:2.3:a:squid-cache:squid:3.0.stable4:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.0.stable5
cpe:2.3:a:squid-cache:squid:3.0.stable5:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.0.stable6
cpe:2.3:a:squid-cache:squid:3.0.stable6:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.0.stable7
cpe:2.3:a:squid-cache:squid:3.0.stable7:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.0.stable8
cpe:2.3:a:squid-cache:squid:3.0.stable8:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.0.stable9
cpe:2.3:a:squid-cache:squid:3.0.stable9:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.0.stable10
cpe:2.3:a:squid-cache:squid:3.0.stable10:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.0.stable11
cpe:2.3:a:squid-cache:squid:3.0.stable11:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.0.stable11
cpe:2.3:a:squid-cache:squid:3.0.stable11:rc1:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.0.stable12
cpe:2.3:a:squid-cache:squid:3.0.stable12:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.0.stable13
cpe:2.3:a:squid-cache:squid:3.0.stable13:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.0.stable14
cpe:2.3:a:squid-cache:squid:3.0.stable14:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.0.stable15
cpe:2.3:a:squid-cache:squid:3.0.stable15:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.0.stable16
cpe:2.3:a:squid-cache:squid:3.0.stable16:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.0.stable16
cpe:2.3:a:squid-cache:squid:3.0.stable16:rc1:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.0.stable17
cpe:2.3:a:squid-cache:squid:3.0.stable17:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.0.stable18
cpe:2.3:a:squid-cache:squid:3.0.stable18:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.0.stable19
cpe:2.3:a:squid-cache:squid:3.0.stable19:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.0.stable20
cpe:2.3:a:squid-cache:squid:3.0.stable20:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.0.stable21
cpe:2.3:a:squid-cache:squid:3.0.stable21:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.0.stable22
cpe:2.3:a:squid-cache:squid:3.0.stable22:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.0.stable23
cpe:2.3:a:squid-cache:squid:3.0.stable23:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.0.stable24
cpe:2.3:a:squid-cache:squid:3.0.stable24:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.0.stable25
cpe:2.3:a:squid-cache:squid:3.0.stable25:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.1
cpe:2.3:a:squid-cache:squid:3.1:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.1.0.1
cpe:2.3:a:squid-cache:squid:3.1.0.1:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.1.0.2
cpe:2.3:a:squid-cache:squid:3.1.0.2:*:*:*:*:*:*:*
Squid Cache
squid-cache
>>squid>>3.1.0.3
cpe:2.3:a:squid-cache:squid:3.1.0.3:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-updates/2013-01/msg00052.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-updates/2013-01/msg00075.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-updates/2013-09/msg00025.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-updates/2013-09/msg00032.htmlsecalert@redhat.com
N/A
http://openwall.com/lists/oss-security/2012/12/17/4secalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2013-0505.htmlsecalert@redhat.com
N/A
http://secunia.com/advisories/52024secalert@redhat.com
N/A
http://secunia.com/advisories/54839secalert@redhat.com
N/A
http://ubuntu.com/usn/usn-1713-1secalert@redhat.com
N/A
http://www.debian.org/security/2013/dsa-2631secalert@redhat.com
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2013:129secalert@redhat.com
N/A
http://www.securitytracker.com/id?1027890secalert@redhat.com
N/A
http://www.squid-cache.org/Advisories/SQUID-2012_1.txtsecalert@redhat.com
Patch
Vendor Advisory
http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10479.patchsecalert@redhat.com
Patch
http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11714.patchsecalert@redhat.com
Patch
https://bugs.gentoo.org/show_bug.cgi?id=447596secalert@redhat.com
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=887962secalert@redhat.com
N/A
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0368secalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-updates/2013-01/msg00052.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-updates/2013-01/msg00075.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-updates/2013-09/msg00025.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-updates/2013-09/msg00032.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://openwall.com/lists/oss-security/2012/12/17/4af854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2013-0505.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/52024af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/54839af854a3a-2127-422b-91ae-364da2661108
N/A
http://ubuntu.com/usn/usn-1713-1af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2013/dsa-2631af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2013:129af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id?1027890af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.squid-cache.org/Advisories/SQUID-2012_1.txtaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10479.patchaf854a3a-2127-422b-91ae-364da2661108
Patch
http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11714.patchaf854a3a-2127-422b-91ae-364da2661108
Patch
https://bugs.gentoo.org/show_bug.cgi?id=447596af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=887962af854a3a-2127-422b-91ae-364da2661108
N/A
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0368af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-01/msg00052.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-01/msg00075.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-09/msg00025.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-09/msg00032.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://openwall.com/lists/oss-security/2012/12/17/4
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0505.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/52024
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/54839
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://ubuntu.com/usn/usn-1713-1
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.debian.org/security/2013/dsa-2631
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2013:129
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1027890
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.squid-cache.org/Advisories/SQUID-2012_1.txt
Source: secalert@redhat.com
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10479.patch
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11714.patch
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: https://bugs.gentoo.org/show_bug.cgi?id=447596
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=887962
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0368
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00010.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00040.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-01/msg00052.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-01/msg00075.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-09/msg00025.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-09/msg00032.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://openwall.com/lists/oss-security/2012/12/17/4
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2013-0505.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/52024
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/54839
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://ubuntu.com/usn/usn-1713-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2013/dsa-2631
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2013:129
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1027890
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.squid-cache.org/Advisories/SQUID-2012_1.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10479.patch
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11714.patch
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://bugs.gentoo.org/show_bug.cgi?id=447596
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=887962
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0368
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1116Records found

CVE-2014-0128
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-32.63% / 98.13%
||
7 Day CHG~0.00%
Published-14 Apr, 2014 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion failure) via a crafted range request, related to state management.

Action-Not Available
Vendor-n/aSquid CacheopenSUSE
Product-squidopensusen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2013-4123
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-80.45% / 99.57%
||
7 Day CHG~0.00%
Published-16 Sep, 2013 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header.

Action-Not Available
Vendor-n/aSquid CacheopenSUSE
Product-squidopensusen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-4555
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-53.92% / 98.88%
||
7 Day CHG~0.00%
Published-10 May, 2016 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses.

Action-Not Available
Vendor-n/aCanonical Ltd.Squid CacheOracle Corporation
Product-ubuntu_linuxlinuxsquidn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-2570
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-8.95% / 94.62%
||
7 Day CHG-0.07%
Published-27 Feb, 2016 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.

Action-Not Available
Vendor-n/aSquid Cache
Product-squidn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-2571
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-9.29% / 94.76%
||
7 Day CHG-0.08%
Published-27 Feb, 2016 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.

Action-Not Available
Vendor-n/aSquid Cache
Product-squidn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-2569
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-31.19% / 98.05%
||
7 Day CHG-0.22%
Published-27 Feb, 2016 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.

Action-Not Available
Vendor-n/aSquid Cache
Product-squidn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-2572
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-10.15% / 95.09%
||
7 Day CHG-0.08%
Published-27 Feb, 2016 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.

Action-Not Available
Vendor-n/aSquid Cache
Product-squidn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-3609
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-56.22% / 98.93%
||
7 Day CHG~0.00%
Published-11 Sep, 2014 | 18:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted "Range headers with unidentifiable byte-range values."

Action-Not Available
Vendor-n/aSquid Cache
Product-squidn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2009-2855
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-36.73% / 98.31%
||
7 Day CHG~0.00%
Published-18 Aug, 2009 | 20:41
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function.

Action-Not Available
Vendor-n/aSquid Cache
Product-squidn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2009-2622
Matching Score-10
Assigner-CERT/CC
ShareView Details
Matching Score-10
Assigner-CERT/CC
CVSS Score-5||MEDIUM
EPSS-56.91% / 98.95%
||
7 Day CHG~0.00%
Published-28 Jul, 2009 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) "missing or mismatched protocol identifier," (2) missing or negative status value," (3) "missing version," or (4) "missing or invalid status number," related to (a) HttpMsg.cc and (b) HttpReply.cc.

Action-Not Available
Vendor-n/aSquid Cache
Product-squidn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-8517
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.85% / 93.25%
||
7 Day CHG~0.00%
Published-04 Feb, 2020 | 19:54
Updated-04 Aug, 2024 | 10:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating and a denial of service for all clients using the proxy.

Action-Not Available
Vendor-n/aopenSUSECanonical Ltd.Squid Cache
Product-ubuntu_linuxsquidleapn/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-20
Improper Input Validation
CVE-2013-0189
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-23.03% / 97.47%
||
7 Day CHG~0.00%
Published-08 Feb, 2013 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect order of arguments or incorrect comparison.

Action-Not Available
Vendor-n/aSquid CacheCanonical Ltd.
Product-ubuntu_linuxsquidn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-1000024
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-8.08% / 94.10%
||
7 Day CHG~0.00%
Published-09 Feb, 2018 | 23:00
Updated-05 Aug, 2024 | 12:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax.. This vulnerability appears to have been fixed in 4.0.23 and later.

Action-Not Available
Vendor-n/aSquid CacheCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxdebian_linuxsquidn/a
CVE-2011-4096
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-37.19% / 98.33%
||
7 Day CHG-1.13%
Published-17 Nov, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record that contains an empty A record.

Action-Not Available
Vendor-n/aSquid Cache
Product-squidn/a
CVE-2010-0639
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-30.56% / 98.02%
||
7 Day CHG~0.00%
Published-15 Feb, 2010 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port.

Action-Not Available
Vendor-n/aSquid Cache
Product-squidn/a
CVE-2009-2621
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-5||MEDIUM
EPSS-23.05% / 97.48%
||
7 Day CHG~0.00%
Published-28 Jul, 2009 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce "buffer limits and related bound checks," which allows remote attackers to cause a denial of service via (1) an incomplete request or (2) a request with a large header size, related to (a) HttpMsg.cc and (b) client_side.cc.

Action-Not Available
Vendor-n/aSquid Cache
Product-squidn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-12854
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-11.71% / 95.55%
||
7 Day CHG~0.00%
Published-15 Aug, 2019 | 16:15
Updated-04 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it.

Action-Not Available
Vendor-n/aopenSUSESquid CacheCanonical Ltd.Debian GNU/LinuxFedora Project
Product-ubuntu_linuxdebian_linuxsquidfedoraleapn/a
CVE-2018-1000027
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-13.15% / 95.89%
||
7 Day CHG~0.00%
Published-09 Feb, 2018 | 23:00
Updated-05 Aug, 2024 | 12:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later.

Action-Not Available
Vendor-n/aSquid CacheCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxdebian_linuxsquidn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2016-4556
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-23.11% / 97.48%
||
7 Day CHG~0.00%
Published-10 May, 2016 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response.

Action-Not Available
Vendor-n/aCanonical Ltd.Squid CacheOracle Corporation
Product-ubuntu_linuxlinuxsquidn/a
CVE-2016-3948
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-35.27% / 98.25%
||
7 Day CHG~0.00%
Published-07 Apr, 2016 | 18:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers.

Action-Not Available
Vendor-n/aSquid Cache
Product-squidn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-28651
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-7.45% / 93.71%
||
7 Day CHG~0.00%
Published-27 May, 2021 | 00:00
Updated-03 Aug, 2024 | 21:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can easily trigger a large amount of memory consumption.

Action-Not Available
Vendor-n/aFedora ProjectNetApp, Inc.Debian GNU/LinuxSquid Cache
Product-squidfedoradebian_linuxcloud_managern/a
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2010-2951
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-31.46% / 98.07%
||
7 Day CHG~0.00%
Published-12 Oct, 2010 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not enabled, accesses an invalid socket during an IPv4 TCP DNS query, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors that trigger an IPv4 DNS response with the TC bit set.

Action-Not Available
Vendor-n/aSquid Cache
Product-squidn/a
CVE-2010-3072
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-64.24% / 99.13%
||
7 Day CHG~0.00%
Published-20 Sep, 2010 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.

Action-Not Available
Vendor-n/aSquid Cache
Product-squidn/a
CVE-2020-14058
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.61% / 83.52%
||
7 Day CHG~0.00%
Published-30 Jun, 2020 | 18:30
Updated-04 Aug, 2024 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a TLS connection to an attacker-controlled server for HTTPS. This occurs because unrecognized error values are mapped to NULL, but later code expects that each error value is mapped to a valid error string.

Action-Not Available
Vendor-n/aSquid CacheNetApp, Inc.Fedora Project
Product-fedorasquidcloud_managern/a
CVE-2019-18676
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-9.18% / 94.70%
||
7 Day CHG~0.00%
Published-26 Nov, 2019 | 16:23
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incorrect input validation, there is a heap-based buffer overflow that can result in Denial of Service to all clients using the proxy. Severity is high due to this vulnerability occurring before normal security checks; any remote client that can reach the proxy port can trivially perform the attack via a crafted URI scheme.

Action-Not Available
Vendor-n/aDebian GNU/LinuxSquid CacheCanonical Ltd.Fedora Project
Product-ubuntu_linuxdebian_linuxfedorasquidn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2013-1839
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-18.31% / 96.87%
||
7 Day CHG~0.00%
Published-30 Sep, 2013 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x before 3.2.9 and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a "," character in an Accept-Language header.

Action-Not Available
Vendor-n/aSquid Cache
Product-squidn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2024-45802
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-45.29% / 98.63%
||
7 Day CHG~0.00%
Published-28 Oct, 2024 | 14:36
Updated-03 Nov, 2025 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Squid Denial of Service

Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the default build configuration of Squid version 6.10.

Action-Not Available
Vendor-Squid Cache
Product-squidsquidsquid
CWE ID-CWE-20
Improper Input Validation
CVE-2010-0308
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4||MEDIUM
EPSS-22.86% / 97.45%
||
7 Day CHG~0.00%
Published-03 Feb, 2010 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header.

Action-Not Available
Vendor-n/aSquid Cache
Product-squidn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-12520
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.94% / 89.12%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 19:14
Updated-04 Aug, 2024 | 23:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers the request. The absolute URL can include the decoded UserInfo (username and password) for certain protocols. This decoded info is prepended to the domain. This allows an attacker to provide a username that has special characters to delimit the domain, and treat the rest of the URL as a path or query string. An attacker could first make a request to their domain using an encoded username, then when a request for the target domain comes in that decodes to the exact URL, it will serve the attacker's HTML instead of the real HTML. On Squid servers that also act as reverse proxies, this allows an attacker to gain access to features that only reverse proxies can use, such as ESI.

Action-Not Available
Vendor-n/aSquid CacheCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxdebian_linuxsquidn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-2390
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-25.55% / 97.70%
||
7 Day CHG~0.00%
Published-19 Apr, 2016 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintext HTTP message.

Action-Not Available
Vendor-n/aSquid Cache
Product-squidn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-3455
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-2.6||LOW
EPSS-11.40% / 95.47%
||
7 Day CHG~0.00%
Published-18 May, 2015 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate.

Action-Not Available
Vendor-n/aSquid CacheOracle CorporationFedora Project
Product-solarislinuxsquidfedoran/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-33620
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-79.58% / 99.56%
||
7 Day CHG~0.00%
Published-28 May, 2021 | 00:00
Updated-03 Aug, 2024 | 23:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server.

Action-Not Available
Vendor-n/aSquid CacheDebian GNU/LinuxFedora Project
Product-squiddebian_linuxfedoran/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-7142
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.4||MEDIUM
EPSS-24.93% / 97.65%
||
7 Day CHG~0.00%
Published-26 Nov, 2014 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.

Action-Not Available
Vendor-n/aCanonical Ltd.Squid CacheOracle Corporation
Product-solarisubuntu_linuxsquidn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-25097
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-8.6||HIGH
EPSS-8.16% / 94.16%
||
7 Day CHG~0.00%
Published-19 Mar, 2021 | 04:08
Updated-04 Aug, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings.

Action-Not Available
Vendor-n/aFedora ProjectNetApp, Inc.Debian GNU/LinuxSquid Cache
Product-squidfedoradebian_linuxcloud_managern/a
CWE ID-CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE ID-CWE-20
Improper Input Validation
CVE-2014-2284
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-4.43% / 90.20%
||
7 Day CHG~0.00%
Published-24 Mar, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before 5.5.2.1, 5.6.x before 5.6.2.1, and 5.7.x before 5.7.2.1 does not properly validate input, which allows remote attackers to cause a denial of service via unspecified vectors.

Action-Not Available
Vendor-n/aNet-SNMP
Product-net-snmpn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-2037
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.43% / 82.22%
||
7 Day CHG~0.00%
Published-26 Nov, 2014 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Openswan 2.6.40 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. NOTE: this vulnerability exists because of an incomplete fix for CVE 2013-6466.

Action-Not Available
Vendor-xelerancen/a
Product-openswann/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-1316
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5||MEDIUM
EPSS-1.15% / 62.90%
||
7 Day CHG~0.00%
Published-23 Apr, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heimdal, as used in Apple OS X through 10.9.2, allows remote attackers to cause a denial of service (abort and daemon exit) via ASN.1 data encountered in the Kerberos 5 protocol.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-1725
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-5||MEDIUM
EPSS-1.37% / 68.53%
||
7 Day CHG~0.00%
Published-09 Apr, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The base64DecodeInternal function in wtf/text/Base64.cpp in Blink, as used in Google Chrome before 34.0.1847.116, does not properly handle string data composed exclusively of whitespace characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via a window.atob method call.

Action-Not Available
Vendor-n/aGoogle LLC
Product-chromen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-2342
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-4.3||MEDIUM
EPSS-1.79% / 75.69%
||
7 Day CHG~0.00%
Published-30 May, 2014 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Triangle MicroWorks SCADA Data Gateway Resource Exhaustion

Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows remote attackers to cause a denial of service (excessive data processing) via a crafted DNP3 packet.

Action-Not Available
Vendor-trianglemicroworksTriangle MicroWorks
Product-scada_data_gatewaySCADA Data Gateway
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2014-2310
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-1.99% / 78.26%
||
7 Day CHG~0.00%
Published-17 Apr, 2014 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a denial of service (hang) by sending a multi-object request with an Object ID (OID) containing more subids than previous requests, a different vulnerability than CVE-2012-6151.

Action-Not Available
Vendor-n/aNet-SNMP
Product-net-snmpn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-3164
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-1.28% / 66.51%
||
7 Day CHG~0.00%
Published-04 Mar, 2020 | 18:40
Updated-15 Nov, 2024 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco ESA, Cisco WSA, and Cisco SMA GUI Denial of Service Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated remote attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of specific HTTP request headers. An attacker could exploit this vulnerability by sending a malformed HTTP request to an affected device. A successful exploit could allow the attacker to trigger a prolonged status of high CPU utilization relative to the GUI process(es). Upon successful exploitation of this vulnerability, an affected device will still be operative, but its response time and overall performance may be degraded.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-web_security_applianceemail_security_appliancecontent_security_management_appliancecloud_email_securityCisco Web Security Appliance (WSA)
CWE ID-CWE-20
Improper Input Validation
CVE-2014-2121
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5||MEDIUM
EPSS-2.96% / 85.55%
||
7 Day CHG~0.00%
Published-19 Mar, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Java-based software in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (closing of TCP ports) via unspecified vectors, aka Bug IDs CSCug77633, CSCug77667, CSCug78266, CSCug82795, and CSCuh58643.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-hosted_collaboration_solutionn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-2155
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5||MEDIUM
EPSS-1.73% / 74.84%
||
7 Day CHG~0.00%
Published-19 Apr, 2014 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DHCPv6 server module in Cisco CNS Network Registrar 7.1 allows remote attackers to cause a denial of service (daemon reload) via a malformed DHCPv6 packet, aka Bug ID CSCuo07437.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-cns_network_registrarn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-10077
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.39% / 87.34%
||
7 Day CHG~0.00%
Published-06 Nov, 2018 | 16:00
Updated-06 Aug, 2024 | 14:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 for Ruby allows remote attackers to cause a denial of service (application crash) via a call in a situation where :some_key is present in keep_keys but not present in the hash.

Action-Not Available
Vendor-i18n_projectn/aDebian GNU/Linux
Product-i18ndebian_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1711
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-2.30% / 81.19%
||
7 Day CHG~0.00%
Published-17 Apr, 2019 | 21:55
Updated-19 Nov, 2024 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XR gRPC Software Denial of Service Vulnerability

A vulnerability in the Event Management Service daemon (emsd) of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of gRPC requests. An attacker could exploit this vulnerability by repeatedly sending unauthenticated gRPC requests to the affected device. A successful exploit could cause the emsd process to crash, resulting in a DoS condition. Resolved in Cisco IOS XR 6.5.1 and later.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xrCisco IOS XR Software
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0255
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5||MEDIUM
EPSS-41.78% / 98.51%
||
7 Day CHG~0.00%
Published-14 May, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 allow remote attackers to cause a denial of service (iSCSI service outage) by sending many crafted packets, aka "iSCSI Target Remote Denial of Service Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_server_2008windows_server_2012n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0995
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-9.67% / 94.91%
||
7 Day CHG~0.00%
Published-06 Nov, 2014 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the Trace Pattern.

Action-Not Available
Vendor-n/aSAP SE
Product-netweavern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2007-1349
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-10.11% / 95.08%
||
7 Day CHG~0.00%
Published-30 Mar, 2007 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.

Action-Not Available
Vendor-n/aCanonical Ltd.The Apache Software FoundationRed Hat, Inc.
Product-ubuntu_linuxsatelliteenterprise_linux_workstationenterprise_linux_serverenterprise_linux_desktopmod_perlenterprise_linux_eusn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2014-0628
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-5||MEDIUM
EPSS-1.07% / 60.90%
||
7 Day CHG+0.01%
Published-25 Mar, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The server in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.5 does not properly process certificate chains, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.

Action-Not Available
Vendor-n/aDell Inc.
Product-bsafe_micro-edition-suiten/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-16141
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.58% / 72.58%
||
7 Day CHG~0.00%
Published-09 Sep, 2019 | 11:55
Updated-05 Aug, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the once_cell crate before 1.0.1 for Rust. There is a panic during initialization of Lazy.

Action-Not Available
Vendor-once_cell_projectn/a
Product-once_celln/a
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 22
  • 23
  • Next
Details not found