FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  567244
Date:      2021-03-03
Time:      18:18:08Z
Committer: sunpoet

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
d5b6d151-1887-11e8-94f7-9c5c8e75236a	squid -- Vulnerable to Denial of Service attack Louis Dion-Marcil reports: Due to incorrect pointer handling Squid is vulnerable to denial of service attack when processing ESI responses. This problem allows a remote server delivering certain ESI response syntax to trigger a denial of service for all clients accessing the Squid service. Due to unrelated changes Squid-3.5 has become vulnerable to some regular ESI server responses also triggering this issue. This problem is limited to the Squid custom ESI parser. Squid built to use libxml2 or libexpat XML parsers do not have this problem. Due to incorrect pointer handling Squid is vulnerable to denial of service attack when processing ESI responses or downloading intermediate CA certificates. This problem allows a remote client delivering certain HTTP requests in conjunction with certain trusted server responses to trigger a denial of service for all clients accessing the Squid service. Discovery 2017-12-13 Entry 2018-02-23 squid lt 3.5.27_3 squid-devel lt 4.0.23 http://www.squid-cache.org/Advisories/SQUID-2018_1.txt http://www.squid-cache.org/Advisories/SQUID-2018_2.txt CVE-2018-1000024 CVE-2018-1000027 https://www.debian.org/security/2018/dsa-4122 ports/226138
620685d6-0aa3-11ea-9673-4c72b94353b5	squid -- Vulnerable to HTTP Digest Authentication Squid Team reports: Problem Description: Due to incorrect data management Squid is vulnerable to a information disclosure when processing HTTP Digest Authentication. Severity: Nonce tokens contain the raw byte value of a pointer which sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks. Discovery 2019-11-05 Entry 2019-11-19 squid lt 4.9 http://www.squid-cache.org/Advisories/SQUID-2019_11.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18679 CVE-2019-18679
57c1c2ee-7914-11ea-90bf-0800276545c1	Squid -- multiple vulnerabilities The Squid developers reports: Improper Input Validation issues in HTTP Request processing (CVE-2020-8449, CVE-2020-8450). Information Disclosure issue in FTP Gateway (CVE-2019-12528). Buffer Overflow issue in ext_lm_group_acl helper (CVE-2020-8517). Discovery 2020-02-10 Entry 2020-04-07 squid lt 4.10 http://lists.squid-cache.org/pipermail/squid-announce/2020-February/000107.html https://nvd.nist.gov/vuln/detail/CVE-2020-8449 https://nvd.nist.gov/vuln/detail/CVE-2020-8450 https://nvd.nist.gov/vuln/detail/CVE-2019-12528 https://nvd.nist.gov/vuln/detail/CVE-2020-8517 CVE-2020-8449 CVE-2020-8450 CVE-2019-12528 CVE-2020-8517 ports/244026

VuXML ID

Description

d5b6d151-1887-11e8-94f7-9c5c8e75236a

squid -- Vulnerable to Denial of Service attack

Louis Dion-Marcil reports:

Due to incorrect pointer handling Squid is vulnerable to denial of service attack when processing ESI responses.

This problem allows a remote server delivering certain ESI response syntax to trigger a denial of service for all clients accessing the Squid service.

Due to unrelated changes Squid-3.5 has become vulnerable to some regular ESI server responses also triggering this issue.

This problem is limited to the Squid custom ESI parser. Squid built to use libxml2 or libexpat XML parsers do not have this problem.

Due to incorrect pointer handling Squid is vulnerable to denial of service attack when processing ESI responses or downloading intermediate CA certificates.

This problem allows a remote client delivering certain HTTP requests in conjunction with certain trusted server responses to trigger a denial of service for all clients accessing the Squid service.

Discovery 2017-12-13
Entry 2018-02-23
squid

lt 3.5.27_3

squid-devel

lt 4.0.23

http://www.squid-cache.org/Advisories/SQUID-2018_1.txt
http://www.squid-cache.org/Advisories/SQUID-2018_2.txt
CVE-2018-1000024
CVE-2018-1000027
https://www.debian.org/security/2018/dsa-4122
ports/226138

620685d6-0aa3-11ea-9673-4c72b94353b5

squid -- Vulnerable to HTTP Digest Authentication

Squid Team reports:

Problem Description: Due to incorrect data management Squid is vulnerable to a information disclosure when processing HTTP Digest Authentication.

Severity: Nonce tokens contain the raw byte value of a pointer which sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks.

Discovery 2019-11-05
Entry 2019-11-19
squid

lt 4.9

http://www.squid-cache.org/Advisories/SQUID-2019_11.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18679
CVE-2019-18679

57c1c2ee-7914-11ea-90bf-0800276545c1

Squid -- multiple vulnerabilities

The Squid developers reports:

Improper Input Validation issues in HTTP Request processing (CVE-2020-8449, CVE-2020-8450).

Information Disclosure issue in FTP Gateway (CVE-2019-12528).

Buffer Overflow issue in ext_lm_group_acl helper (CVE-2020-8517).

Discovery 2020-02-10
Entry 2020-04-07
squid

lt 4.10

http://lists.squid-cache.org/pipermail/squid-announce/2020-February/000107.html
https://nvd.nist.gov/vuln/detail/CVE-2020-8449
https://nvd.nist.gov/vuln/detail/CVE-2020-8450
https://nvd.nist.gov/vuln/detail/CVE-2019-12528
https://nvd.nist.gov/vuln/detail/CVE-2020-8517
CVE-2020-8449
CVE-2020-8450
CVE-2019-12528
CVE-2020-8517
ports/244026