Summary: | net-proxy/squid: Improper Validation of Specified Index | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Jarkko Suominen <bugzillas> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED DUPLICATE | ||
Severity: | minor | CC: | hlein, proxy-maint |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3 | ||
Whiteboard: | B3 [ebuild] | ||
Package list: | Runtime testing required: | --- |
Description
Jarkko Suominen
2023-11-17 07:23:38 UTC
There were more vulnerabilities that are affecting versions below 6.4. https://github.com/squid-cache/squid/security/advisories/GHSA-2g3c-pg7q-g59w Affected versions: 5.0.3-5.9, 6.0-6.3 Due to an Incorrect Conversion between Numeric Types bug Squid is vulnerable to a Denial of Service attack against FTP Native Relay input validation. Due to an Incorrect Conversion between Numeric Types bug Squid is vulnerable to a Denial of Service attack against ftp:// URL validation and access control. https://github.com/squid-cache/squid/security/advisories/GHSA-j83v-w3p4-5cqh Affected versions: 2.6-6.3 Due to chunked decoder lenience Squid is vulnerable to Request/Response smuggling attacks when parsing HTTP/1.1 and ICAP messages. This problem allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems when the upstream server interprets the chunked encoding syntax differently from Squid. This attack is limited to the HTTP/1.1 and ICAP protocols which support receiving Transfer-Encoding:chunked. https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g Affected versions: 3.2.0.1-5.9, 6.0-6.3 Due to a buffer overflow bug Squid is vulnerable to a Denial of Service attack against HTTP Digest Authentication. This problem allows a remote client to perform buffer overflow attack writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication. On machines with advanced memory protections this will result in a Denial of Service against all users of the Squid proxy. *** This bug has been marked as a duplicate of bug 916334 *** Marked as duplicate since there was already a collection of vulnerabilities related to net-proxy/squid. Added this one as a comment. (In reply to Jarkko Suominen from comment #3) > Marked as duplicate since there was already a collection of vulnerabilities > related to net-proxy/squid. Added this one as a comment. Moving the CVE alias then. |