82 matches found
Important: Red Hat Security Advisory: squid security update
An update for squid is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
squid: Squid: Denial of Service via heap Use-After-Free vulnerability in ICP handling
A flaw was found in Squid. A remote attacker can exploit a heap Use-After-Free vulnerability when handling ICP Internet Cache Protocol traffic. This allows them to perform a reliable and repeatable Denial of Service DoS attack, making the Squid service unavailable. This attack is limited to...
Squid: Squid: Denial of Service via crafted ICP traffic
A flaw was found in Squid. A remote attacker can exploit this vulnerability by sending specially crafted ICP Internet Cache Protocol traffic. This can lead to a Denial of Service DoS due to premature resource release and use-after-free vulnerabilities. This attack is possible in Squid deployments...
CLSA-2026-1774947708 squid: Fix of 3 CVEs
CVE-2026-33526: fix heap Use-After-Free in ICP traffic handling causing DoS - CVE-2026-33515: fix out-of-bounds read in ICP message handling leaking sensitive information - CVE-2026-32748: fix HttpRequest lifetime in ICP v3 queries preventing Use-After-Free DoS...
Important: squid security update
Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects. Security Fixes: squid: Squid: Denial of Service via heap Use-After-Free vulnerability in ICP handling CVE-2026-33526 Squid: Squid: Denial of Service via crafted ICP traffic CVE-2026-32748 For...
CLSA-2026-1774877548 squid: Fix of 3 CVEs
CVE-2026-33526: fix heap use-after-free due to double rfc1738escape in ICP error handling - CVE-2026-33515: fix validation of ICP packet sizes and URLs to prevent out-of-bounds reads - CVE-2026-32748: fix HttpRequest use-after-free in ICP v3 query handling...
CLSA-2026-1774874340 squid: Fix of 3 CVEs
CVE-2026-33526: fix heap use-after-free due to double rfc1738escape in ICP error handling - CVE-2026-33515: fix validation of ICP packet sizes and URLs to prevent out-of-bounds reads - CVE-2026-32748: fix HttpRequest use-after-free in ICP v3 query handling...
CLSA-2026-1774622460 squid: Fix of 3 CVEs
CVE-2025-59362: fix ASN.1 encoding of long SNMP OIDs - CVE-2026-33526: do not escape malformed URI twice when sending ICP errors - CVE-2026-33515: fix validation of ICP packet sizes and URLs...
Squid has Denial of Service in ICP Response handling
...
Squid has issues in ICP message handling
...
Squid vulnerable to Denial of Service in ICP Request handling
...
Squid < 7.5 Multiple Vulnerabilities
The version of Squid on the remote host is prior to 7.5. It is, therefore, affected by multiple vulnerabilities: - Due to heap Use-After-Free, Squid is vulnerable to Denial of Service when handling ICP traffic. This attack is limited to Squid deployments that explicitly enable ICP support...
CVE-2026-33515
A flaw was found in Squid, a caching proxy for the Web. Due to improper input validation, Squid is vulnerable to an out-of-bounds read when handling Internet Cache Protocol ICP traffic. A remote attacker can exploit this by sending invalid ICP requests, potentially receiving small amounts of memo...
CVE-2026-33526
A flaw was found in Squid. A remote attacker can exploit a heap Use-After-Free vulnerability when handling ICP Internet Cache Protocol traffic. This allows them to perform a reliable and repeatable Denial of Service DoS attack, making the Squid service unavailable. This attack is limited to...
CVE-2026-32748
A flaw was found in Squid. A remote attacker can exploit this vulnerability by sending specially crafted ICP Internet Cache Protocol traffic. This can lead to a Denial of Service DoS due to premature resource release and use-after-free vulnerabilities. This attack is possible in Squid deployments...
CVE-2026-33515
Squid is a caching proxy for the Web. Prior to version 7.5, due to improper input validation, Squid is vulnerable to out of bounds read when handling ICP traffic. This problem allows a remote attacker to receive small amounts of memory potentially containing sensitive information when responding...
CVE-2026-33526
Squid is a caching proxy for the Web. Prior to version 7.5, due to heap Use-After-Free, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial of Service attack against the Squid service using ICP...
CVE-2026-32748
Squid is a caching proxy for the Web. Prior to version 7.5, due to premature release of resource during expected lifetime and heap Use-After-Free bugs, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable...
DEBIAN-CVE-2026-32748
Squid is a caching proxy for the Web. Prior to version 7.5, due to premature release of resource during expected lifetime and heap Use-After-Free bugs, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable...
UBUNTU-CVE-2026-33526
Squid is a caching proxy for the Web. Prior to version 7.5, due to heap Use-After-Free, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial of Service attack against the Squid service using ICP...