Information on source package squid

Available versions

ReleaseVersion
buster4.6-1+deb10u10
bullseye4.13-10+deb11u3
bookworm5.7-2+deb12u2
trixie6.12-1
sid6.12-1

Open issues

BugbusterbullseyebookwormtrixiesidDescription
CVE-2024-45802vulnerablevulnerablevulnerable (no DSA)fixedfixedSquid is an open source caching proxy for the Web supporting HTTP, HTT ...
CVE-2024-37894vulnerablevulnerablefixedfixedfixedSquid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and ...
CVE-2024-25617vulnerablefixedfixedfixedfixedSquid is an open source caching proxy for the Web supporting HTTP, HTT ...
CVE-2024-25111vulnerablevulnerablefixedfixedfixedSquid is a web proxy cache. Starting in version 3.5.27 and prior to ve ...
CVE-2024-23638vulnerablefixedfixedfixedfixedSquid is a caching proxy for the Web. Due to an expired pointer refere ...
CVE-2023-49288vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedSquid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and ...
CVE-2023-46728vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedSquid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and ...
CVE-2023-5824fixedvulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedA flaw was found in Squid. The limits applied for validation of HTTP r ...

Open unimportant issues

BugbusterbullseyebookwormtrixiesidDescription
CVE-2020-14058vulnerablefixedfixedfixedfixedAn issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due ...
CVE-2020-8517vulnerablefixedfixedfixedfixedAn issue was discovered in Squid before 4.10. Due to incorrect input v ...
CVE-2019-12522vulnerablevulnerablevulnerablevulnerablevulnerableAn issue was discovered in Squid through 4.7. When Squid is run as roo ...

Resolved issues

BugDescription
TEMP-0000000-F99584"slowloris" denial-of-service vulnerability in webservers
CVE-2023-50269Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion ...
CVE-2023-49286Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and ...
CVE-2023-49285Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and ...
CVE-2023-46848Squid is vulnerable to Denial of Service, where a remote attacker can ...
CVE-2023-46847Squid is vulnerable to a Denial of Service, where a remote attacker c ...
CVE-2023-46846SQUID is vulnerable to HTTP request smuggling, caused by chunked decod ...
CVE-2023-46724Squid is a caching proxy for the Web. Due to an Improper Validation of ...
CVE-2022-41318A buffer over-read was discovered in libntlmauth in Squid 2.5 through ...
CVE-2022-41317An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5. ...
CVE-2021-46784In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due ...
CVE-2021-41611An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When ...
CVE-2021-33620Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause ...
CVE-2021-31808An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due ...
CVE-2021-31807An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An ...
CVE-2021-31806An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due ...
CVE-2021-28662An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. ...
CVE-2021-28652An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due ...
CVE-2021-28651An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due ...
CVE-2021-28116Squid through 4.14 and 5.x through 5.0.5, in some configurations, allo ...
CVE-2020-25097An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. D ...
CVE-2020-24606Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perfor ...
CVE-2020-15811An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due ...
CVE-2020-15810An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due ...
CVE-2020-15049An issue was discovered in http/ContentLengthInterpreter.cc in Squid b ...
CVE-2020-14059An issue was discovered in Squid 5.x before 5.0.3. Due to an Incorrect ...
CVE-2020-11945An issue was discovered in Squid before 5.0.2. A remote attacker can r ...
CVE-2020-8450An issue was discovered in Squid before 4.10. Due to incorrect buffer ...
CVE-2020-8449An issue was discovered in Squid before 4.10. Due to incorrect input v ...
CVE-2019-18860Squid before 4.9, when certain web browsers are used, mishandles HTML ...
CVE-2019-18679An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to ...
CVE-2019-18678An issue was discovered in Squid 3.x and 4.x through 4.8. It allows at ...
CVE-2019-18677An issue was discovered in Squid 3.x and 4.x through 4.8 when the appe ...
CVE-2019-18676An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incor ...
CVE-2019-13345The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_ ...
CVE-2019-12854Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4. ...
CVE-2019-12529An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through ...
CVE-2019-12528An issue was discovered in Squid before 4.10. It allows a crafted FTP ...
CVE-2019-12527An issue was discovered in Squid 4.0.23 through 4.7. When checking Bas ...
CVE-2019-12526An issue was discovered in Squid before 4.9. URN response handling in ...
CVE-2019-12525An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through ...
CVE-2019-12524An issue was discovered in Squid through 4.7. When handling requests f ...
CVE-2019-12523An issue was discovered in Squid before 4.9. When handling a URN reque ...
CVE-2019-12521An issue was discovered in Squid through 4.7. When Squid is parsing ES ...
CVE-2019-12520An issue was discovered in Squid through 4.7 and 5. When receiving a r ...
CVE-2019-12519An issue was discovered in Squid through 4.7. When handling the tag es ...
CVE-2019-3688The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterpri ...
CVE-2018-1000027The Squid Software Foundation Squid HTTP Caching Proxy version prior t ...
CVE-2018-1000024The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to ...
CVE-2018-19132Squid before 4.4, when SNMP is enabled, allows a denial of service (Me ...
CVE-2018-19131Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S ...
CVE-2018-1172This vulnerability allows remote attackers to deny service on vulnerab ...
CVE-2016-4556Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x ...
CVE-2016-4555client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.1 ...
CVE-2016-4554mime_header.cc in Squid before 3.5.18 allows remote attackers to bypas ...
CVE-2016-4553client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not p ...
CVE-2016-4054Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows ...
CVE-2016-4053Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to ...
CVE-2016-4052Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4 ...
CVE-2016-4051Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4 ...
CVE-2016-3948Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds ...
CVE-2016-3947Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.c ...
CVE-2016-2572http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after ...
CVE-2016-2571http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with ...
CVE-2016-2570The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x ...
CVE-2016-2569Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append ...
CVE-2016-2390The FwdState::connectedToPeer method in FwdState.cc in Squid before 3. ...
CVE-2015-5400Squid before 3.5.6 does not properly handle CONNECT method peer respon ...
CVE-2015-3455Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, a ...
CVE-2015-0881CRLF injection vulnerability in Squid before 3.1.1 allows remote attac ...
CVE-2014-9749Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest auth ...
CVE-2014-7142The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain ...
CVE-2014-7141The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain ...
CVE-2014-6270Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squi ...
CVE-2014-3609HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allo ...
CVE-2014-0128Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled ...
CVE-2013-4123client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3 ...
CVE-2013-4115Buffer overflow in the idnsALookup function in dns_internal.cc in Squi ...
CVE-2013-0189cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and oth ...
CVE-2012-5643Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2. ...
CVE-2011-3205Buffer overflow in the gopherToHTML function in gopher.cc in the Gophe ...
CVE-2010-3072The string-comparison functions in String.cci in Squid 3.x before 3.1. ...
CVE-2010-0639The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.ST ...
CVE-2010-0308lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through ...
CVE-2009-2855The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allo ...
CVE-2009-2622Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote ...
CVE-2009-2621Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not prope ...
CVE-2009-0801Squid, when transparent interception mode is enabled, uses the HTTP Ho ...
CVE-2009-0478Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allo ...
CVE-2008-1612The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows at ...
CVE-2007-6239The "cache update reply processing" functionality in Squid 2.x before ...
CVE-2007-1560The clientProcessRequest() function in src/client_side.c in Squid 2.6 ...
CVE-2007-0248The aclMatchExternal function in Squid before 2.6.STABLE7 allows remot ...
CVE-2007-0247squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers ...
CVE-2005-3322Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote att ...
CVE-2005-3258The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and ear ...
CVE-2005-2917Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, ...
CVE-2005-2796The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and ear ...
CVE-2005-2794store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to c ...
CVE-2005-1519Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered ...
CVE-2005-1345Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it i ...
CVE-2005-0718Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denia ...
CVE-2005-0626Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Net ...
CVE-2005-0446Squid 2.5.STABLE8 and earlier allows remote attackers to cause a denia ...
CVE-2005-0241The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 an ...
CVE-2005-0211Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remot ...
CVE-2005-0194Squid 2.5, when processing the configuration file, parses empty Access ...
CVE-2005-0175Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cach ...
CVE-2005-0174Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cach ...
CVE-2005-0173squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated u ...
CVE-2005-0097The NTLM component in Squid 2.5.STABLE7 and earlier allows remote atta ...
CVE-2005-0096Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and ...
CVE-2005-0095The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows ...
CVE-2005-0094Buffer overflow in the gopherToHTML function in the Gopher reply parse ...
CVE-2004-2654The clientAbortBody function in client_side.c in Squid Web Proxy Cache ...
CVE-2004-2480Squid Web Proxy Cache 2.3.STABLE5 allows remote attackers to bypass se ...
CVE-2004-2479Squid Web Proxy Cache 2.5 might allow remote attackers to obtain sensi ...
CVE-2004-0918The asn_parse_header function (asn1.c) in the SNMP module for Squid We ...
CVE-2004-0832The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid 2 ...
CVE-2004-0541Buffer overflow in the ntlm_check_auth (NTLM authentication) function ...
CVE-2004-0189The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows ...
CVE-2002-0916Format string vulnerability in the allowuser code for the Stellar-X ms ...
CVE-2002-0735Format string vulnerability in the logging() function in C-Note Squid ...
CVE-2002-0715Vulnerability in Squid before 2.4.STABLE6 related to proxy authenticat ...
CVE-2002-0714FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresse ...
CVE-2002-0713Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to ...
CVE-1999-0710The Squid package in Red Hat Linux 5.2 and 6.0, and other distribution ...

Security announcements

DSA / DLADescription
DSA-5751-1squid - security update
DSA-5637-1squid - security update
DLA-3709-2squid - regression update
DLA-3709-1squid - security update
DSA-5258-1squid - security update
DLA-3151-1squid - security update
DSA-5171-1squid - security update
DSA-4924-1squid - security update
DSA-4873-1squid - security update
DSA-4751-1squid - security update
DSA-4732-1squid - security update
DSA-4682-1squid - security update
DSA-4507-1squid - security update
DLA-1267-1squid - security update
DLA-558-1squid - security update
DLA-216-1squid - security update
DSA-3139-1squid - security update
DSA-1991-1squid squid3 - denial of service
DSA-1843-1squid3 - denial of service
DSA-1646-2squid - array bounds check
DSA-1482-1squid - programming error
DSA-809-3squid - assertion error
DSA-828-1squid - several
DSA-809-1squid - several
DSA-751-1squid - IP spoofing
DSA-721-1squid - design flaw
DSA-688-1squid - mising input sanitising
DSA-667-1squid - several
DSA-651-1squid - buffer overflow, integer overflow
DSA-576-1squid - multiple
DSA-474squid - ACL bypass

Search for package or bug name: Reporting problems