VulnerableCode Package Details - pkg:ebuild/net-proxy/squid@3.2.13

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-3taj-51kh-vkgf	squid: Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record	CVE-2011-4096
VCID-8rur-rbfr-gubm	cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect order of arguments or incorrect comparison.	CVE-2013-0189
VCID-cm1z-h9k2-rkgx	Squid: strHdrAcptLangGetItem() infinite CPU loop	CVE-2013-1839
VCID-ddm4-j52m-efcy	Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.	CVE-2009-0801
VCID-phqh-ares-pqf8	client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header.	CVE-2013-4123
VCID-pq9r-bdfx-vqb8	Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials.	CVE-2012-5643
VCID-zq3z-pce4-5udp	Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server termination) via a long name in a DNS lookup request.	CVE-2013-4115

Vulnerability

Summary

Aliases

VCID-3taj-51kh-vkgf

squid: Invalid free by processing CNAME DNS record pointing to another CNAME record pointing to an empty A-record

CVE-2011-4096

VCID-8rur-rbfr-gubm

cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect order of arguments or incorrect comparison.

CVE-2013-0189

VCID-cm1z-h9k2-rkgx

Squid: strHdrAcptLangGetItem() infinite CPU loop

CVE-2013-1839

VCID-ddm4-j52m-efcy

Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.

CVE-2009-0801

VCID-phqh-ares-pqf8

client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header.

CVE-2013-4123

VCID-pq9r-bdfx-vqb8

Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2 allow remote attackers to cause a denial of service (memory consumption) via (1) invalid Content-Length headers, (2) long POST requests, or (3) crafted authentication credentials.

CVE-2012-5643

VCID-zq3z-pce4-5udp

Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to cause a denial of service (memory corruption and server termination) via a long name in a DNS lookup request.

CVE-2013-4115

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T19:11:36.193708+00:00	Gentoo Importer	Fixing	VCID-phqh-ares-pqf8	https://security.gentoo.org/glsa/201309-22	38.6.0
2026-06-04T19:11:36.177888+00:00	Gentoo Importer	Fixing	VCID-zq3z-pce4-5udp	https://security.gentoo.org/glsa/201309-22	38.6.0
2026-06-04T19:11:36.161756+00:00	Gentoo Importer	Fixing	VCID-cm1z-h9k2-rkgx	https://security.gentoo.org/glsa/201309-22	38.6.0
2026-06-04T19:11:36.144999+00:00	Gentoo Importer	Fixing	VCID-8rur-rbfr-gubm	https://security.gentoo.org/glsa/201309-22	38.6.0
2026-06-04T19:11:36.128383+00:00	Gentoo Importer	Fixing	VCID-pq9r-bdfx-vqb8	https://security.gentoo.org/glsa/201309-22	38.6.0
2026-06-04T19:11:36.111106+00:00	Gentoo Importer	Fixing	VCID-3taj-51kh-vkgf	https://security.gentoo.org/glsa/201309-22	38.6.0
2026-06-04T19:11:36.094998+00:00	Gentoo Importer	Fixing	VCID-ddm4-j52m-efcy	https://security.gentoo.org/glsa/201309-22	38.6.0