Squid Proxy - HTTP Authentication Credentials Disclosure

Squid versions prior to 7.2 fail to redact HTTP authentication credentials in error page responses. The Authorization header value is embedded in plain text inside the mailto: diagnostic block when Squid generates an error page e.g. ERRDNSFAIL. id: CVE-2025-62168 info: name: Squid Proxy - HTTP...

29-Year-Old Squid Proxy Bug 'Squidbleed' Can Leak Cleartext HTTP Requests

A heap over-read in the Squid web proxy can leak another user's cleartext HTTP request, including any credentials or session tokens it carries, to anyone already allowed to send traffic through the same proxy. The bug traces to a 1997 FTP-parsing change and is still live in Squid's default...

Astra Linux – Vulnerability in Squid

Squid encounters issues with the improper handling of ASN.1 encoding for long SNMP OIDs in version 7.1. This issue occurs in the asnbuildobjid function within lib/snmplib/asn1.c...

Astra Linux – Vulnerability in Squid

A vulnerability was discovered in Squid before versions 4.15 and 5.x before version 5.0.6. Due to incorrect parser validation, this vulnerability allows for a Denial of Service attack against the Cache Manager API. This enables a trusted client to trigger memory leaks, which over time can lead to...

Astra Linux – Vulnerability in Squid

A issue was discovered in Squid 4.x before 4.15, and in 5.x before 5.0.6. If a remote server sends a certain response header via HTTP or HTTPS, it can lead to a denial of service. This header can potentially appear in legitimate network traffic...

Squid < 7.6 Heap-based Buffer Overflow

The version of Squid on the remote host is prior to 7.6. It is, therefore, affected by a heap-based buffer overflow vulnerability: - Due to an Improper Input Validation bug, Squid is vulnerable to a Heap-based Buffer Overflow attack against cache digests. This problem allows a trusted server to...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Squid vulnerabilities (USN-8435-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8435-1 advisory. It was discovered that Squid incorrectly handled FTP gateway processing under certain circumstances, which could result i...

Friday Squid Blogging: Squid-Inspired Fluid Pump

This fluid pump was inspired by the way squids propel themselves through the water. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

Linux Distros Unpatched Vulnerability : CVE-2026-47729

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - squid - None Ubuntu Linux - Out-of-bounds Read attack against the FTP gateway CVE-2026-47729 Note that Nessus relies on the presence of the packa...

PT-2026-49605

Name of the Vulnerable Software and Affected Versions Squid versions prior to 7.6 Description A heap buffer over-read issue, known as Squidbleed, exists in the FTP directory listing parser of the Squid proxy. The flaw originates from a misunderstanding of how the strchr function handles null...

PT-2026-49606

Name of the Vulnerable Software and Affected Versions squid-cache Squid affected versions not specified Description A heap-based buffer overflow occurs during the processing of cache digests. A heap-based buffer overflow is a memory corruption issue where a program writes more data to a buffer...

Linux Distros Unpatched Vulnerability : CVE-2026-50012

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - squid - None Ubuntu Linux - Heap-based Buffer Overflow attack against cache digests CVE-2026-50012 Note that Nessus relies on the presence of the...

TencentOS Server 4: squid (TSSA-2026:0346)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0346 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Friday Squid Blogging: Another Squid

Someone named "Squid" seems to be a "West Country legend." As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

RHSA-2026:20580 Red Hat Security Advisory: squid:4 security update

Bulletin has no description...

RHSA-2026:20565 Red Hat Security Advisory: squid:4 security update

Bulletin has no description...

RHSA-2026:20564 Red Hat Security Advisory: squid:4 security update

Bulletin has no description...

squid: Squid: Denial of Service via heap Use-After-Free vulnerability in ICP handling

A flaw was found in Squid. A remote attacker can exploit a heap Use-After-Free vulnerability when handling ICP Internet Cache Protocol traffic. This allows them to perform a reliable and repeatable Denial of Service DoS attack, making the Squid service unavailable. This attack is limited to...

Important: Red Hat Security Advisory: squid:4 security update

An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

squid: Squid: Denial of Service via heap Use-After-Free vulnerability in ICP handling

A flaw was found in Squid. A remote attacker can exploit a heap Use-After-Free vulnerability when handling ICP Internet Cache Protocol traffic. This allows them to perform a reliable and repeatable Denial of Service DoS attack, making the Squid service unavailable. This attack is limited to...