Squid-Cache Squid vulnerabilities
109 known vulnerabilities affecting squid-cache/squid.
Total CVEs
109
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
CRITICAL7HIGH51MEDIUM49LOW2
Vulnerabilities
Page 3 of 6
CVE-2026-32748P3HIGHCVSS 7.5fixed in 7.52026-03-26
CVE-2026-32748 [HIGH] CWE-413 CVE-2026-32748: Squid is a caching proxy for the Web. Prior to version 7.5, due to premature release of resource dur
Squid is a caching proxy for the Web. Prior to version 7.5, due to premature release of resource during expected lifetime and heap Use-After-Free bugs, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial of Service attack against the Squid service using I
nvd
CVE-2020-8449P3HIGHCVSS 7.5fixed in 4.102020-02-04
CVE-2020-8449 [HIGH] CWE-668 CVE-2020-8449: An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret cr
An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways to access server resources prohibited by earlier security filters.
nvd
CVE-2022-41318P3HIGHCVSS 8.6≥ 2.5, < 5.72022-12-25
CVE-2022-41318 [HIGH] CWE-190 CVE-2022-41318: A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-
A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a client. This is fixed in 5.7.
nvd
CVE-2019-18676P3HIGHCVSS 7.5≥ 3.0, ≤ 3.5.28≥ 4.0, ≤ 4.82019-11-26
CVE-2019-18676 [HIGH] CWE-787 CVE-2019-18676: An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incorrect input validation, there i
An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incorrect input validation, there is a heap-based buffer overflow that can result in Denial of Service to all clients using the proxy. Severity is high due to this vulnerability occurring before normal security checks; any remote client that can reach the proxy port can trivially perform
nvd
CVE-2019-12528P3HIGHCVSS 7.5fixed in 4.102020-02-04
CVE-2019-12528 [HIGH] CVE-2019-12528: An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure o
An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes.
nvd
CVE-2023-49286P3HIGHCVSS 7.5≤ 6.4fixed in 6.52023-12-04
CVE-2023-49286 [HIGH] CWE-253 CVE-2023-49286: Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Chec
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
nvd
CVE-2016-4556P3HIGHCVSS 7.5v3.0v3.1+140 more2016-05-10
CVE-2016-4556 [HIGH] CVE-2016-4556: Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote s
Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response.
nvd
CVE-2023-46848P3HIGHCVSS 7.5≥ 5.0.3, < 6.42023-11-03
CVE-2023-46848 [HIGH] CWE-681 CVE-2023-46848: Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp://
Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.
nvd
CVE-2010-3072P3MEDIUMCVSS 5.0v3.0v3.0.stable1+51 more2010-09-20
CVE-2010-3072 [MEDIUM] CVE-2010-3072: The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 all
The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.
nvd
CVE-2016-10002P3HIGHCVSS 7.5v3.1.10v3.1.11+119 more2017-01-27
CVE-2016-10002 [HIGH] CWE-200 CVE-2016-10002: Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy
Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information.
nvd
CVE-2019-12854P3HIGHCVSS 7.5≥ 4.0, ≤ 4.72019-08-15
CVE-2019-12854 [HIGH] CVE-2019-12854: Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memor
Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it.
nvd
CVE-2023-49288P3HIGHCVSS 7.5≥ 3.5, ≤ 5.9v>= 3.5, < 6.0.12023-12-04
CVE-2023-49288 [HIGH] CWE-416 CVE-2023-49288: Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squ
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with "collapsed_forwarding on" are vulnerable. Configurations with "collaps
nvd
CVE-2019-12520P3HIGHCVSS 7.5≤ 4.72020-04-15
CVE-2019-12520 [HIGH] CWE-20 CVE-2019-12520: An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache
An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers the request. The absolute URL can include the decoded UserInfo (username and password) for certain protocols. This decoded i
nvd
CVE-2009-2622P3MEDIUMCVSS 5.0v3.0v3.1+4 more2009-07-28
CVE-2009-2622 [MEDIUM] CWE-20 CVE-2009-2622: Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of
Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) "missing or mismatched protocol identifier," (2) missing or negative status value," (3) "missing version," or (4) "missing or invalid status number," related to (a) HttpMsg.cc and (b) HttpReply.cc.
nvd
CVE-2018-1000027P3HIGHCVSS 7.5fixed in 4.0.232018-02-09
CVE-2018-1000027 [HIGH] CWE-476 CVE-2018-1000027: The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NU
The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in HTTP Response X-Forwarded-For header processing that can result in Denial of Service to all clients of the proxy. This attack appear to be exploitable via Remote HTTP server responding with an X-Forwarded-For
nvd
CVE-2020-8517P3HIGHCVSS 7.5fixed in 4.102020-02-04
CVE-2020-8517 [HIGH] CWE-20 CVE-2020-8517: An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentica
An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating
nvd
CVE-2005-0211P3HIGHCVSS 7.5v2.5.stable1v2.5.stable2+4 more2005-05-02
CVE-2005-0211 [HIGH] CWE-119 CVE-2005-0211: Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial
Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recvfrom function call that uses an incorrect length parameter.
nvd
CVE-2021-41611P3HIGHCVSS 7.5≥ 5.0.6, < 5.22021-10-18
CVE-2021-41611 [HIGH] CWE-295 CVE-2021-41611: An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or
An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem allows a remote server to obtain security trust well improperly. This indication of trust may be passed along to clients, allowing access to unsafe or hijack
nvd
CVE-2018-1000024P3HIGHCVSS 7.5≥ 3.0, ≤ 3.5.27≥ 4.0, ≤ 4.0.222018-02-09
CVE-2018-1000024 [HIGH] CVE-2018-1000024: The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains
The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusu
nvd
CVE-2014-3609P3MEDIUMCVSS 5.0v3.1v3.1.0.1+86 more2014-09-11
CVE-2014-3609 [MEDIUM] CWE-20 CVE-2014-3609: HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a
HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted "Range headers with unidentifiable byte-range values."
nvd