VulnerableCode Package Details - pkg:ebuild/net-proxy/squid@3.5.19

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2fq8-mupa-gfc9	Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses.	CVE-2016-4054
VCID-2zct-5w44-gkag	Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization.	CVE-2016-4053
VCID-4238-kt68-byew	Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses.	CVE-2016-4052
VCID-a579-pajq-hffz	Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow.	CVE-2014-6270
VCID-c1s2-z4na-afbf	client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.	CVE-2016-4553
VCID-jaew-wj9q-17fk	Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 packet.	CVE-2016-3947
VCID-kqba-yqhn-hbav	mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue.	CVE-2016-4554
VCID-n33d-b5uw-1yf2	Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data.	CVE-2016-4051
VCID-pswa-8aa8-ukhw	http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.	CVE-2016-2571
VCID-ptb8-53q8-gfad	The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.	CVE-2016-2570
VCID-qajc-u4gq-vfbf	Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response.	CVE-2016-4556
VCID-tr27-d4mz-yydt	Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers.	CVE-2016-3948
VCID-x6a1-9sht-uueb	client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses.	CVE-2016-4555
VCID-z9fz-nr3a-vqar	Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.	CVE-2016-2569
VCID-ztr3-ygr2-ffbf	http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.	CVE-2016-2572

Vulnerability

Summary

Aliases

VCID-2fq8-mupa-gfc9

Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses.

CVE-2016-4054

VCID-2zct-5w44-gkag

Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization.

CVE-2016-4053

VCID-4238-kt68-byew

Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitrary code via crafted Edge Side Includes (ESI) responses.

CVE-2016-4052

VCID-a579-pajq-hffz

Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow.

CVE-2014-6270

VCID-c1s2-z4na-afbf

client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.

CVE-2016-4553

VCID-jaew-wj9q-17fk

Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers to cause a denial of service (performance degradation or transition failures) or write sensitive information to log files via an ICMPv6 packet.

CVE-2016-3947

VCID-kqba-yqhn-hbav

mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue.

CVE-2016-4554

VCID-n33d-b5uw-1yf2

Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbitrary code by seeding manager reports with crafted data.

CVE-2016-4051

VCID-pswa-8aa8-ukhw

http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.

CVE-2016-2571

VCID-ptb8-53q8-gfad

The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.

CVE-2016-2570

VCID-qajc-u4gq-vfbf

Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response.

CVE-2016-4556

VCID-tr27-d4mz-yydt

Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers.

CVE-2016-3948

VCID-x6a1-9sht-uueb

client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includes (ESI) responses.

CVE-2016-4555

VCID-z9fz-nr3a-vqar

Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.

CVE-2016-2569

VCID-ztr3-ygr2-ffbf

http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.

CVE-2016-2572

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-05T17:27:30.481327+00:00	Gentoo Importer	Fixing	VCID-qajc-u4gq-vfbf	https://security.gentoo.org/glsa/201607-01	38.6.0
2026-06-05T17:27:30.463728+00:00	Gentoo Importer	Fixing	VCID-x6a1-9sht-uueb	https://security.gentoo.org/glsa/201607-01	38.6.0
2026-06-05T17:27:30.446259+00:00	Gentoo Importer	Fixing	VCID-kqba-yqhn-hbav	https://security.gentoo.org/glsa/201607-01	38.6.0
2026-06-05T17:27:30.428500+00:00	Gentoo Importer	Fixing	VCID-c1s2-z4na-afbf	https://security.gentoo.org/glsa/201607-01	38.6.0
2026-06-05T17:27:30.409990+00:00	Gentoo Importer	Fixing	VCID-2fq8-mupa-gfc9	https://security.gentoo.org/glsa/201607-01	38.6.0
2026-06-05T17:27:30.392855+00:00	Gentoo Importer	Fixing	VCID-2zct-5w44-gkag	https://security.gentoo.org/glsa/201607-01	38.6.0
2026-06-05T17:27:30.375748+00:00	Gentoo Importer	Fixing	VCID-4238-kt68-byew	https://security.gentoo.org/glsa/201607-01	38.6.0
2026-06-05T17:27:30.357865+00:00	Gentoo Importer	Fixing	VCID-n33d-b5uw-1yf2	https://security.gentoo.org/glsa/201607-01	38.6.0
2026-06-05T17:27:30.339732+00:00	Gentoo Importer	Fixing	VCID-tr27-d4mz-yydt	https://security.gentoo.org/glsa/201607-01	38.6.0
2026-06-05T17:27:30.321407+00:00	Gentoo Importer	Fixing	VCID-jaew-wj9q-17fk	https://security.gentoo.org/glsa/201607-01	38.6.0
2026-06-05T17:27:30.288165+00:00	Gentoo Importer	Fixing	VCID-ztr3-ygr2-ffbf	https://security.gentoo.org/glsa/201607-01	38.6.0
2026-06-05T17:27:30.255745+00:00	Gentoo Importer	Fixing	VCID-pswa-8aa8-ukhw	https://security.gentoo.org/glsa/201607-01	38.6.0
2026-06-05T17:27:30.221476+00:00	Gentoo Importer	Fixing	VCID-ptb8-53q8-gfad	https://security.gentoo.org/glsa/201607-01	38.6.0
2026-06-05T17:27:30.188371+00:00	Gentoo Importer	Fixing	VCID-z9fz-nr3a-vqar	https://security.gentoo.org/glsa/201607-01	38.6.0
2026-06-05T17:27:30.153788+00:00	Gentoo Importer	Fixing	VCID-a579-pajq-hffz	https://security.gentoo.org/glsa/201607-01	38.6.0