Alex Rousskov and Amit Klein discovered that Squid incorrectly handled certain Content-Length headers. A remote attacker could possibly use this issue to perform an HTTP request smuggling attack, resulting in cache poisoning. (CVE-2020-15049)
Amit Klein discovered that Squid incorrectly validated certain data. A remote attacker could possibly use this issue to perform an HTTP request smuggling attack, resulting in cache poisoning. (CVE-2020-15810)
Régis Leroy discovered that Squid incorrectly validated certain data. A remote attacker could possibly use this issue to perform an HTTP request splitting attack, resulting in cache poisoning. (CVE-2020-15811)
Lubos Uhliarik discovered that Squid incorrectly handled certain Cache Digest response messages sent by trusted peers. A remote attacker could possibly use this issue to cause Squid to consume resources, resulting in a denial of service. (CVE-2020-24606)
{ "availability": "No subscription required", "binaries": [ { "squid": "3.5.12-1ubuntu7.15", "squid-dbg": "3.5.12-1ubuntu7.15", "squid-common": "3.5.12-1ubuntu7.15", "squid-cgi": "3.5.12-1ubuntu7.15", "squidclient": "3.5.12-1ubuntu7.15", "squid-purge": "3.5.12-1ubuntu7.15", "squid-cgi-dbgsym": "3.5.12-1ubuntu7.15", "squid3": "3.5.12-1ubuntu7.15", "squidclient-dbgsym": "3.5.12-1ubuntu7.15", "squid-dbgsym": "3.5.12-1ubuntu7.15", "squid-purge-dbgsym": "3.5.12-1ubuntu7.15" } ] }
{ "availability": "No subscription required", "binaries": [ { "squid": "3.5.27-1ubuntu1.9", "squid-dbg": "3.5.27-1ubuntu1.9", "squid-common": "3.5.27-1ubuntu1.9", "squid-cgi": "3.5.27-1ubuntu1.9", "squidclient": "3.5.27-1ubuntu1.9", "squid-purge": "3.5.27-1ubuntu1.9", "squid3": "3.5.27-1ubuntu1.9" } ] }