Debian Squid vulnerabilities

CVE-2026-33526 [CRITICAL] CVE-2026-33526: squid - Squid is a caching proxy for the Web. Prior to version 7.5, due to heap Use-Afte... Squid is a caching proxy for the Web. Prior to version 7.5, due to heap Use-After-Free, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial of Service attack against the Squid service using ICP protocol. This attack is limited to Squid deployments that explicitly enab

CVE-2026-32748 [HIGH] CVE-2026-32748: squid - Squid is a caching proxy for the Web. Prior to version 7.5, due to premature rel... Squid is a caching proxy for the Web. Prior to version 7.5, due to premature release of resource during expected lifetime and heap Use-After-Free bugs, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial of Service attack against the Squid service using ICP protocol. This

CVE-2026-33515 [MEDIUM] CVE-2026-33515: squid - Squid is a caching proxy for the Web. Prior to version 7.5, due to improper inpu... Squid is a caching proxy for the Web. Prior to version 7.5, due to improper input validation, Squid is vulnerable to out of bounds read when handling ICP traffic. This problem allows a remote attacker to receive small amounts of memory potentially containing sensitive information when responding with errors to invalid ICP requests. This attack is limited to Squid de

CVE-2025-54574 [CRITICAL] CVE-2025-54574: squid - Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulner... Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URN due to incorrect buffer management. This has been fixed in version 6.4. To work around this issue, disable URN access permissions. Scope: local bookworm: resolved (fixed in 5.7-2+deb12u3) bulls

CVE-2025-62168 [CRITICAL] CVE-2025-62168: squid - Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure ... Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to authenticate. This potentially allows a remote client to identify secur

CVE-2025-21311 [CRITICAL] CVE-2025-21311: squid - Windows NTLM V1 Elevation of Privilege Vulnerability Windows NTLM V1 Elevation of Privilege Vulnerability Scope: local bookworm: open bullseye: open forky: resolved (fixed in 7.1-1) sid: resolved (fixed in 7.1-1) trixie: open

CVE-2025-59362 [MEDIUM] CVE-2025-59362: squid - Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs. This occurs in as... Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs. This occurs in asn_build_objid in lib/snmplib/asn1.c. Scope: local bookworm: resolved (fixed in 5.7-2+deb12u5) bullseye: resolved (fixed in 4.13-10+deb11u6) forky: resolved (fixed in 7.2-1) sid: resolved (fixed in 7.2-1) trixie: resolved (fixed in 6.13-2+deb13u1)

CVE-2024-25111 [HIGH] CVE-2024-25111: squid - Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8,... Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending a crafted, chunked, encoded HTTP Message. This bug is fixed in Squid version 6.8. In addit

CVE-2024-45802 [HIGH] CVE-2024-45802: squid - Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, a... Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the defaul

CVE-2024-25617 [MEDIUM] CVE-2024-25617: squid - Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, a... Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to perform Denial of Service when sending oversized headers in HTTP messages. In versions of

CVE-2024-37894 [MEDIUM] CVE-2024-37894: squid - Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due ... Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack. Scope: local bookworm: resolved (fixed in 5.7-2+deb12u2) bullseye: resolved (fixed in 4.13-10+deb11u4) forky: resolved (fixe

CVE-2024-23638 [MEDIUM] CVE-2024-23638: squid - Squid is a caching proxy for the Web. Due to an expired pointer reference bug, S... Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client Manager reports. Squid older than 5.0.5 have not been tested and should be

CVE-2023-46846 [CRITICAL] CVE-2023-46846: squid - SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenienc... SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems. Scope: local bookworm: resolved (fixed in 5.7-2+deb12u1) bullseye: resolved (fixed in 4.13-10+deb11u3) forky: resolved (fixed in 6.5-1) sid: resolved (fixed in 6.5-1) trixie:

CVE-2023-49288 [HIGH] CVE-2023-49288: squid - Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affe... Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with "collapsed_forwarding on" are vulnerable. Configurations with "collapsed_forwarding off

CVE-2023-50269 [HIGH] CVE-2023-50269: squid - Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in ve... Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to perform Denial of Service attack by sending a large X-Forwarded-For header wh

CVE-2023-5824 [HIGH] CVE-2023-5824: squid - A flaw was found in Squid. The limits applied for validation of HTTP response he... A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk cache, resulting in a denial of service. Scope: local bookworm: resolved (

CVE-2023-49286 [HIGH] CVE-2023-49286: squid - Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due ... Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. Scope: local bookworm: re

CVE-2023-46728 [HIGH] CVE-2023-46728: squid - Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due ... Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even thos

CVE-2023-49285 [HIGH] CVE-2023-49285: squid - Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due ... Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. Scope: local bookworm: resolved (fixed in 5.7-2+deb

CVE-2023-46724 [HIGH] CVE-2023-46724: squid - Squid is a caching proxy for the Web. Due to an Improper Validation of Specified... Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Hand