6033 matches found
Squid Proxy - HTTP Authentication Credentials Disclosure
Squid versions prior to 7.2 fail to redact HTTP authentication credentials in error page responses. The Authorization header value is embedded in plain text inside the mailto: diagnostic block when Squid generates an error page e.g. ERRDNSFAIL. id: CVE-2025-62168 info: name: Squid Proxy - HTTP...
Friday Squid Blogging: Another Squid
Someone named "Squid" seems to be a "West Country legend." As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...
RHSA-2026:20580 Red Hat Security Advisory: squid:4 security update
Bulletin has no description...
RHSA-2026:20565 Red Hat Security Advisory: squid:4 security update
Bulletin has no description...
RHSA-2026:20564 Red Hat Security Advisory: squid:4 security update
Bulletin has no description...
squid: Squid: Denial of Service via heap Use-After-Free vulnerability in ICP handling
A flaw was found in Squid. A remote attacker can exploit a heap Use-After-Free vulnerability when handling ICP Internet Cache Protocol traffic. This allows them to perform a reliable and repeatable Denial of Service DoS attack, making the Squid service unavailable. This attack is limited to...
Important: Red Hat Security Advisory: squid:4 security update
An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common...
Squid: Squid: Denial of Service via crafted ICP traffic
A flaw was found in Squid. A remote attacker can exploit this vulnerability by sending specially crafted ICP Internet Cache Protocol traffic. This can lead to a Denial of Service DoS due to premature resource release and use-after-free vulnerabilities. This attack is possible in Squid deployments...
Important: Red Hat Security Advisory: squid:4 security update
An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...
squid: Squid: Denial of Service via heap Use-After-Free vulnerability in ICP handling
A flaw was found in Squid. A remote attacker can exploit a heap Use-After-Free vulnerability when handling ICP Internet Cache Protocol traffic. This allows them to perform a reliable and repeatable Denial of Service DoS attack, making the Squid service unavailable. This attack is limited to...
Important: Red Hat Security Advisory: squid:4 security update
An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this...
Squid: Squid: Denial of Service via crafted ICP traffic
A flaw was found in Squid. A remote attacker can exploit this vulnerability by sending specially crafted ICP Internet Cache Protocol traffic. This can lead to a Denial of Service DoS due to premature resource release and use-after-free vulnerabilities. This attack is possible in Squid deployments...
squid: Squid: Denial of Service via heap Use-After-Free vulnerability in ICP handling
A flaw was found in Squid. A remote attacker can exploit a heap Use-After-Free vulnerability when handling ICP Internet Cache Protocol traffic. This allows them to perform a reliable and repeatable Denial of Service DoS attack, making the Squid service unavailable. This attack is limited to...
RHEL 8 : squid:4 (RHSA-2026:20580)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20580 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects. Security Fixes: squid: Squid: Deni...
RHEL 8 : squid:4 (RHSA-2026:20565)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20565 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects. Security Fixes: squid: Squid: Deni...
RHEL 8 : squid:4 (RHSA-2026:20564)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20564 advisory. Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects. Security Fixes: squid: Squid: Deni...
Friday Squid Blogging: Regulating Squid Fishing in the South Pacific
The South Pacific Regional Fisheries Management Organization SPRFMO needs to regulate squid fishing in the South Pacific. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...
Astra Linux - уязвимость в squid
Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URNs due to incorrect buffer management. This issue has been fixed in version 6.4. To address this problem, disable URN access...
Astra Linux - уязвимость в squid
A issue was discovered in Squid before version 4.15 and 5.x before version 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack targeting all clients using the proxy through HTTP Range request processing...
Astra Linux - уязвимость в squid
Squid encounters issues with the improper handling of ASN.1 encoding for long SNMP OIDs in version 7.1. This issue occurs in the asnbuildobjid function within lib/snmplib/asn1.c...