55 vulnerabilities have been identified in the Squid proxy server, 35 of which have not yet been fixed

[Carding 4 Carders]

The results of an independent security audit of the Squid open caching proxy server, conducted in 2021, have been published. During the review of the project's code base, 55 vulnerabilities were identified, of which currently 35 problems have not yet been fixed by the developers (0-day). Squid developers were notified of the problems two and a half years ago, but they still haven't finished fixing them. Ultimately, the author of the audit decided to disclose the information without waiting for all the problems to be fixed and notified the Squid developers in advance.

Among the identified vulnerabilities:

* Stack overflow in the implementation of hash authentication (Digest Authentication), which occurs when processing the HTTP Proxy-Authorization header with too large a value of the "Digest nc" field.

* Accessing memory after it is released in the request handler with the TRACE method.

* Accessing memory after it is released when processing HTTP requests with the "Range" header (CVE-2021-31807).

* Stack overflow when processing the X-Forwarded-For HTTP header.

* Stack overflow when processing chunked requests.

* Accessing memory after it is released in the CacheManager web interface.

* Integer overflow in the Range HTTP header handler (CVE-2021-31808).

* Accessing memory after it is released and buffer overflow in the ESI expression handler (Edge Side Includes).

* Multiple memory leaks, read buffer overruns, and problems leading to crashes.