CVE-2026-33515

Medium CVSS: 6.9

Squid is a caching proxy for the Web. Prior to version 7.5, due to improper input validation, Squid is vulnerable to out of bounds read when handling ICP traffic. This problem allows a remote attacker to receive small amounts of memory potentially containing sensitive information when responding with errors to invalid ICP requests. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero `icp_port`). This problem cannot be mitigated by denying ICP queries using `icp_access` rules. Version 7.5 contains a patch.

Vendor

Squid-cache

Product

Squid

CWE

CWE-125

Yayın Tarihi

2026-03-26 01:16:27

Güncelleme

2026-03-31 01:22:04

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-125 Squid MEDIUM Squid-cache 2026

Referanslar

https://github.com/squid-cache/squid/commit/8138e909d2058d4401e0ad49b583afaec912b165 https://github.com/squid-cache/squid/pull/2220 https://github.com/squid-cache/squid/pull/2220#discussion_r2727683637 https://github.com/squid-cache/squid/security/advisories/GHSA-84p4-hcx7-jj7c http://www.openwall.com/lists/oss-security/2026/03/25/4

Benzer Kayıtlar

Critical

CVE-2026-33526

Squid is a caching proxy for the Web. Prior to version 7.5, due to heap Use-After-Free, Squid is vulnerable to Denial of…

High

CVE-2026-32748

Squid is a caching proxy for the Web. Prior to version 7.5, due to premature release of resource during expected lifetim…

Critical

CVE-2025-62168

Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credential…

Medium

CVE-2025-59362

Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs. This occurs in asn_build_objid in lib/snmplib/asn1.c.

Critical

CVE-2025-54574

Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possi…