squid: Multiple issues (CVE-2020-15810, CVE-2020-15811, CVE-2020-24606)
CVE-2020-15810: HTTP Request Smuggling could result in cache poisoning
Due to incorrect data validation Squid is vulnerable to HTTP Request Smuggling attacks against HTTP and HTTPS traffic. This leads to cache poisoning.
Affected Versions: 2.5-3.5.28, 4.0-4.12, 5.0.1-5.0.3
Fixed Versions: 4.13, 5.0.4
Reference:
https://github.com/squid-cache/squid/security/advisories/GHSA-3365-q9qx-f98m
Patch:
https://github.com/squid-cache/squid/commit/9c8e2a71aa1d3c159a319d9365c346c48dc783a5
CVE-2020-15811: HTTP Request Splitting could result in cache poisoning
Due to incorrect data validation Squid is vulnerable to HTTP Request Splitting attacks against HTTP and HTTPS traffic. This leads to cache poisoning.
Affected Versions: 2.7-3.5.28, 4.0-4.12, 5.0.1-5.0.3
Fixed Versions: 4.13, 5.0.4
Reference:
https://github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv
Patch:
https://github.com/squid-cache/squid/commit/fd68382860633aca92065e6c343cfd1b12b126e7
CVE-2020-24606: Improper Input Validation could result in a DoS
Due to Improper Input Validation Squid is vulnerable to a Denial of Service attack against the machine operating Squid.
Affected Versions: 3.0-4.12, 5.0.1-5.0.3
Fixed Versions: 4.13, 5.0.4
Reference:
https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg