Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/squid3@3.4.8-6
purl pkg:deb/debian/squid3@3.4.8-6
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 1.4
Vulnerabilities affecting this package (14)
Vulnerability Summary Fixed by
VCID-2fq8-mupa-gfc9
Aliases:
CVE-2016-4054
Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses.
3.4.8-6+deb8u5
Affected by 2 other vulnerabilities.
VCID-2zct-5w44-gkag
Aliases:
CVE-2016-4053
Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization.
3.4.8-6+deb8u5
Affected by 2 other vulnerabilities.
VCID-4238-kt68-byew
Aliases:
CVE-2016-4052
Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses.
3.4.8-6+deb8u5
Affected by 2 other vulnerabilities.
VCID-5f1a-x42j-eqhg
Aliases:
CVE-2015-5400
Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request.
3.4.8-6+deb8u2~bpo70+1
Affected by 13 other vulnerabilities.
VCID-c1s2-z4na-afbf
Aliases:
CVE-2016-4553
client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.
3.4.8-6+deb8u5
Affected by 2 other vulnerabilities.
VCID-dzv1-2tmp-37hz
Aliases:
CVE-2016-10002
squid: Information disclosure in HTTP request processing
3.4.8-6+deb8u5
Affected by 2 other vulnerabilities.
VCID-kks8-56y6-6kew
Aliases:
CVE-2018-1000024
The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax.. This vulnerability appears to have been fixed in 4.0.23 and later.
3.5.23-5+deb9u1
Affected by 0 other vulnerabilities.
3.4.8-6+deb8u5
Affected by 2 other vulnerabilities.
VCID-kqba-yqhn-hbav
Aliases:
CVE-2016-4554
mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue.
3.4.8-6+deb8u5
Affected by 2 other vulnerabilities.
VCID-n33d-b5uw-1yf2
Aliases:
CVE-2016-4051
Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data.
3.4.8-6+deb8u5
Affected by 2 other vulnerabilities.
VCID-pswa-8aa8-ukhw
Aliases:
CVE-2016-2571
http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.
3.4.8-6+deb8u5
Affected by 2 other vulnerabilities.
VCID-qajc-u4gq-vfbf
Aliases:
CVE-2016-4556
Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response.
3.4.8-6+deb8u5
Affected by 2 other vulnerabilities.
VCID-tr27-d4mz-yydt
Aliases:
CVE-2016-3948
Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers.
3.4.8-6+deb8u5
Affected by 2 other vulnerabilities.
VCID-vtfj-m8fv-67fz
Aliases:
CVE-2018-1000027
The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For header to certain types of HTTP request. This vulnerability appears to have been fixed in 4.0.23 and later.
3.5.23-5+deb9u1
Affected by 0 other vulnerabilities.
3.4.8-6+deb8u5
Affected by 2 other vulnerabilities.
VCID-x6a1-9sht-uueb
Aliases:
CVE-2016-4555
client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses.
3.4.8-6+deb8u5
Affected by 2 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-05T22:43:09.764502+00:00 Debian Oval Importer Affected by VCID-kks8-56y6-6kew https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 38.6.0
2026-06-05T22:10:53.433923+00:00 Debian Oval Importer Affected by VCID-vtfj-m8fv-67fz https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 38.6.0
2026-06-05T22:09:26.560697+00:00 Debian Oval Importer Affected by VCID-2zct-5w44-gkag https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.6.0
2026-06-05T22:03:57.431950+00:00 Debian Oval Importer Affected by VCID-kks8-56y6-6kew https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.6.0
2026-06-05T21:58:21.972197+00:00 Debian Oval Importer Affected by VCID-kqba-yqhn-hbav https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.6.0
2026-06-05T21:58:18.098374+00:00 Debian Oval Importer Affected by VCID-2fq8-mupa-gfc9 https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.6.0
2026-06-05T21:55:55.469892+00:00 Debian Oval Importer Affected by VCID-n33d-b5uw-1yf2 https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.6.0
2026-06-05T21:54:44.427556+00:00 Debian Oval Importer Affected by VCID-vtfj-m8fv-67fz https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.6.0
2026-06-05T21:51:18.400464+00:00 Debian Oval Importer Affected by VCID-5f1a-x42j-eqhg https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.6.0
2026-06-05T21:51:14.412504+00:00 Debian Oval Importer Affected by VCID-dzv1-2tmp-37hz https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.6.0
2026-06-05T21:45:17.825717+00:00 Debian Oval Importer Affected by VCID-x6a1-9sht-uueb https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.6.0
2026-06-05T21:41:37.053152+00:00 Debian Oval Importer Affected by VCID-qajc-u4gq-vfbf https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.6.0
2026-06-05T21:40:34.141819+00:00 Debian Oval Importer Affected by VCID-tr27-d4mz-yydt https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.6.0
2026-06-04T20:48:14.874639+00:00 Debian Oval Importer Affected by VCID-pswa-8aa8-ukhw https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.6.0
2026-06-04T20:40:06.419614+00:00 Debian Oval Importer Affected by VCID-c1s2-z4na-afbf https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.6.0
2026-06-04T20:38:29.135614+00:00 Debian Oval Importer Affected by VCID-4238-kt68-byew https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 38.6.0