Squid-Cache Squid vulnerabilities
109 known vulnerabilities affecting squid-cache/squid.
Total CVEs
109
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
CRITICAL7HIGH51MEDIUM49LOW2
Vulnerabilities
Page 6 of 6
CVE-2010-0308P4MEDIUMCVSS 4.0v2.0v2.1+44 more2010-02-03
CVE-2010-0308 [MEDIUM] CWE-20 CVE-2010-0308: lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attacke
lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header.
nvd
CVE-2021-28652P4MEDIUMCVSS 4.9≥ 1.0, < 4.15≥ 5.0, < 5.0.62021-05-27
CVE-2021-28652 [MEDIUM] CWE-401 CVE-2021-28652: An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validatio
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unspecified short query string. This attack is limited to clients with Cach
nvd
CVE-2014-9749P4MEDIUMCVSS 4.0v3.4.4v3.4.5+13 more2015-11-06
CVE-2014-9749 [MEDIUM] CWE-264 CVE-2014-9749: Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remo
Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay vulnerability."
nvd
CVE-2015-0881P4MEDIUMCVSS 4.3≤ 3.1.0.182015-02-20
CVE-2015-0881 [MEDIUM] CVE-2015-0881: CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP
CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response.
nvd
CVE-2018-19131P4MEDIUMCVSS 6.1fixed in 4.42018-11-09
CVE-2018-19131 [MEDIUM] CWE-79 CVE-2018-19131: Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for ce
Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors.
nvd
CVE-2016-4053P4LOWCVSS 3.7v3.0v3.1+138 more2016-04-25
CVE-2016-4053 [LOW] CWE-119 CVE-2016-4053: Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout
Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization.
nvd
CVE-2019-12522P4MEDIUMCVSS 4.5≤ 4.72020-04-15
CVE-2019-12522 [MEDIUM] CWE-269 CVE-2019-12522: An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child process
An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This makes it trivial for an attacker who has compromised the child process to escalate their privileges back to root.
nvd
CVE-2015-3455P4LOWCVSS 2.6v3.2.0.1v3.2.0.2+68 more2015-05-18
CVE-2015-3455 [LOW] CWE-20 CVE-2015-3455: Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when co
Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate.
nvd
CVE-2025-59362P4MEDIUMCVSS 4.0≤ 7.12025-09-26
CVE-2025-59362 [MEDIUM] CWE-121 CVE-2025-59362: Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs. This occurs in asn_build_objid in lib
Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs. This occurs in asn_build_objid in lib/snmplib/asn1.c.
nvd
← Previous6 / 6