PT-2026-28164 · Squid+3 · Squid+4
Alex Rousskov
+1
·
Published
2026-01-01
·
Updated
2026-05-05
·
CVE-2026-33515
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Squid versions prior to 7.5
Description
Squid, a caching proxy for the Web, contains a flaw due to improper input validation when handling ICP traffic. This can lead to an out-of-bounds read, potentially exposing sensitive information to a remote attacker. The attack requires the Squid deployment to have ICP support enabled via a non-zero
icp port configuration. Denying ICP queries using icp access rules does not resolve this issue.Recommendations
Update to version 7.5 or later.
Exploit
Fix
DoS
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Linuxmint
Red Os
Squid
Squid Cache
Ubuntu