cbcvebase.

Squid-Cache Squid vulnerabilities

109 known vulnerabilities affecting squid-cache/squid.

Total CVEs
109
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
CRITICAL7HIGH51MEDIUM49LOW2

Vulnerabilities

Page 1 of 6
CVE-2025-62168P2HIGHCVSS 7.5PoCfixed in 7.22025-10-17
CVE-2025-62168 [HIGH] CWE-209 CVE-2025-62168: Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authe Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to authenticate. This potentially allows a remote client to i
nvd
CVE-2021-31806P2MEDIUMCVSS 6.5PoCfixed in 4.15≥ 5.0, < 5.0.62021-05-27
CVE-2021-31806 [MEDIUM] CWE-116 CVE-2021-31806: An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, i An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing.
nvd
CVE-2025-54574P2CRITICALCVSS 9.8fixed in 6.42025-08-01
CVE-2025-54574 [CRITICAL] CWE-122 CVE-2025-54574: Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffe Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URN due to incorrect buffer management. This has been fixed in version 6.4. To work around this issue, disable URN access permissions.
nvd
CVE-2020-11945P2CRITICALCVSS 9.8≥ 3.0, ≤ 3.5.28≥ 4.0, < 4.11+1 more2020-04-23
CVE-2020-11945 [CRITICAL] CWE-190 CVE-2020-11945: An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authent An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead o
nvd
CVE-2016-4054P2HIGHCVSS 8.1v3.0v3.1+138 more2016-04-25
CVE-2016-4054 [HIGH] CWE-119 CVE-2016-4054: Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute a Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses.
nvd
CVE-2023-46847P2HIGHCVSS 7.5≥ 3.2.0.1, < 6.42023-11-03
CVE-2023-46847 [HIGH] CWE-120 CVE-2023-46847: Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow att Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.
nvd
CVE-2013-4123P3MEDIUMCVSS 5.0PoCv3.3.0v3.3.0.2+39 more2013-09-16
CVE-2013-4123 [MEDIUM] CWE-20 CVE-2013-4123: client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers t client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header.
nvd
CVE-2023-49285P2HIGHCVSS 7.5≤ 6.4v>= 2.2, < 6.52023-12-04
CVE-2023-49285 [HIGH] CWE-126 CVE-2023-49285: Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
nvd
CVE-2016-4553P2HIGHCVSS 8.6≤ 3.5.17v4.0.1+8 more2016-05-10
CVE-2016-4553 [HIGH] CWE-345 CVE-2016-4553: client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.
nvd
CVE-2024-25617P2HIGHCVSS 7.5≥ 3.0, < 6.5fixed in 6.52024-02-14
CVE-2024-25617 [HIGH] CWE-182 CVE-2024-25617: Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Co Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to perform Denial of Service when sending oversized headers in HTTP messages.
nvd
CVE-2020-8450P2HIGHCVSS 7.3fixed in 4.102020-02-04
CVE-2020-8450 [HIGH] CWE-131 CVE-2020-8450: An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client ca An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.
nvd
CVE-2019-12527P2HIGHCVSS 8.8≥ 4.0.23, ≤ 4.72019-07-11
CVE-2019-12527 [HIGH] CWE-787 CVE-2019-12527: An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHea An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user controlled data.
nvd
CVE-2021-31807P3MEDIUMCVSS 6.5PoC≥ 3.0, < 4.15≥ 5.0, < 5.0.6+15 more2021-06-08
CVE-2021-31807 [MEDIUM] CWE-190 CVE-2021-31807: An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allow An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent.
nvd
CVE-2019-12525P2CRITICALCVSS 9.8≥ 3.3.9, ≤ 3.5.28≥ 4.0, ≤ 4.72019-07-11
CVE-2019-12525 [CRITICAL] CWE-787 CVE-2019-12525: An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token's value starts with a quote and ends with one. If so, it performs a memcpy of its length m
nvd
CVE-2023-50269P3HIGHCVSS 7.5≥ 3.1, ≤ 5.9≥ 6.0.1, ≤ 6.5+5 more2023-12-14
CVE-2023-50269 [HIGH] CWE-674 CVE-2023-50269: Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2 Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to perform Denial of Service attack by sending a large X-Forwar
nvd
CVE-2024-25111P3HIGHCVSS 7.5≥ 3.5.27, < 6.8v>= 3.5.27, < 6.82024-03-06
CVE-2024-25111 [HIGH] CWE-674 CVE-2024-25111: Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulner Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending a crafted, chunked, encoded HTTP Message. This bug is fixed in Squid vers
nvd
CVE-2019-12526P2CRITICALCVSS 9.8≥ 3.0, ≤ 3.5.28≥ 4.0, ≤ 4.82019-11-26
CVE-2019-12526 [CRITICAL] CWE-787 CVE-2019-12526: An issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-base An issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-based buffer overflow. When receiving data from a remote server in response to an URN request, Squid fails to ensure that the response can fit within the buffer. This leads to attacker controlled data overflowing in the heap.
nvd
CVE-2016-4554P2HIGHCVSS 8.6≤ 3.5.172016-05-10
CVE-2016-4554 [HIGH] CWE-345 CVE-2016-4554: mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restric mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a crafted HTTP Host header, aka a "header smuggling" issue.
nvd
CVE-2024-45802P3HIGHCVSS 7.5≥ 3.0, < 6.10v>= 3.0, < 6.102024-10-28
CVE-2024-45802 [HIGH] CWE-20 CVE-2024-45802: Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Inpu Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fix
nvd
CVE-2019-18679P3HIGHCVSS 7.5≥ 2.0, ≤ 2.7≥ 3.0, ≤ 3.5.28+2 more2019-11-26
CVE-2019-18679 [HIGH] CWE-200 CVE-2019-18679: An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating
nvd
Squid-Cache Squid vulnerabilities | cvebase