Mandriva Linux Security Advisory 2015-103 - Due to incorrect state management, Squid before 3.3.12 is vulnerable to a denial of service attack when processing certain HTTPS requests if the SSL-Bump feature is enabled. Matthew Daley discovered that Squid 3 did not properly perform input validation in request parsing. A remote attacker could send crafted Range requests to cause a denial of service. Due to incorrect buffer management Squid can be caused by an attacker to write outside its allocated SNMP buffer. Due to incorrect bounds checking Squid pinger binary is vulnerable to denial of service or information leak attack when processing larger than normal ICMP or ICMPv6 packets. Due to incorrect input validation Squid pinger binary is vulnerable to denial of service or information leak attacks when processing ICMP or ICMPv6 packets.
b3a7102719ad1db82c04532795f87002757f84b9b74f8c08a14cd808e53dcbcc
Mandriva Linux Security Advisory 2014-177 - Matthew Daley discovered that Squid 3 did not properly perform input validation in request parsing. A remote attacker could send crafted Range requests to cause a denial of service.
b82575a60b78927a2527d7d736bd33e786fdb5722f3d6b19aae93004a8044b8f
Red Hat Security Advisory 2014-1147-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A flaw was found in the way Squid handled malformed HTTP Range headers. A remote attacker able to send HTTP requests to the Squid proxy could use this flaw to crash Squid.
250909c1e9c114e640035794e8801256d3ff095d6456107301a6399c233f70ec
Red Hat Security Advisory 2014-1148-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A flaw was found in the way Squid handled malformed HTTP Range headers. A remote attacker able to send HTTP requests to the Squid proxy could use this flaw to crash Squid. A buffer overflow flaw was found in Squid's DNS lookup module. A remote attacker able to send HTTP requests to the Squid proxy could use this flaw to crash Squid.
00566e1dd4883a27e81e93827ef180964178270616fea21292642adcff3f8d59
Debian Linux Security Advisory 3014-1 - Matthew Daley discovered that Squid3, a fully featured web proxy cache, did not properly perform input validation in request parsing. A remote attacker could use this flaw to mount a denial of service by sending crafted Range requests.
5e351a1d139585fb9520a9884e38270f9aa23af5afaf97f0010e61ce08fc9064
Ubuntu Security Notice 2327-1 - Matthew Daley discovered that Squid 3 did not properly perform input validation in request parsing. A remote attacker could send crafted Range requests to cause a denial of service.
916e29698c752224a8cbb7a9c77d542b4db061a30ba237e61be04fcc7764a84f