Nixpkgs Security Tracker

Login with GitHub

Suggestions search

Untriaged
Filter by:
With package: squid

Found 4 matching suggestions

View:
Compact
Detailed
Permalink CVE-2023-46848
8.6 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 6 months ago
Squid: denial of service in ftp

Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.

References

Affected products

squid
  • *
  • <6.4
  • ==6.4
squid:4/squid

Matching in nixpkgs

pkgs.squid

Caching proxy for the Web supporting HTTP, HTTPS, FTP, and more

  • nixos-unstable -

Package maintainers

Permalink CVE-2023-46846
9.3 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 6 months ago
Squid: request/response smuggling in http/1.1 and icap

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.

References

Affected products

squid
  • *
  • <6.4
  • ==6.4
squid34
squid:4
  • *

Matching in nixpkgs

pkgs.squid

Caching proxy for the Web supporting HTTP, HTTPS, FTP, and more

  • nixos-unstable -

Package maintainers

Permalink CVE-2023-5824
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 6 months ago
Squid: dos against http and https

Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug.

References

Affected products

squid
  • *
  • ==6.4
squid:4
  • *

Matching in nixpkgs

pkgs.squid

Caching proxy for the Web supporting HTTP, HTTPS, FTP, and more

  • nixos-unstable -

Package maintainers

Permalink CVE-2023-46847
8.6 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): HIGH
updated 1 month, 2 weeks ago by @jopejoe1 Activity log
  • Created automatic suggestion 6 months ago
  • @jopejoe1 removed
    3 packages
    • prometheus-squid-exporter
    • python312Packages.flyingsquid
    • python313Packages.flyingsquid
    1 month, 2 weeks ago
Squid: denial of service in http digest authentication

Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.

References

Affected products

squid
  • *
  • <6.4
  • ==6.4
squid34
  • *
squid:4
  • *

Matching in nixpkgs

pkgs.squid

Caching proxy for the Web supporting HTTP, HTTPS, FTP, and more

  • nixos-unstable -

Package maintainers