CVE-2026-33515
MEDIUM
6,9
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A
Description
AI Translation Available
Squid is a caching proxy for the Web. Prior to version 7.5, due to improper input validation, Squid is vulnerable to out of bounds read when handling ICP traffic. This problem allows a remote attacker to receive small amounts of memory potentially containing sensitive information when responding with errors to invalid ICP requests. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero `icp_port`). This problem cannot be mitigated by denying ICP queries using `icp_access` rules. Version 7.5 contains a patch.
125
Out-of-bounds Read
DraftCommon Consequences
Security Scopes Affected:
Confidentiality
Availability
Other
Potential Impacts:
Read Memory
Bypass Protection Mechanism
Dos: Crash, Exit, Or Restart
Varies By Context
Applicable Platforms
Languages:
C, C++, Memory-Unsafe
Technologies:
ICS/OT
1289
Improper Validation of Unsafe Equivalence in Input
IncompleteCommon Consequences
Security Scopes Affected:
Other
Potential Impacts:
Varies By Context
Applicable Platforms
All platforms may be affected
http://www.openwall.com/lists/oss-security/2026/03/25/4
https://github.com/squid-cache/squid/commit/8138e909d2058d4401e0ad49b583afaec91…
https://github.com/squid-cache/squid/pull/2220
https://github.com/squid-cache/squid/pull/2220#discussion_r2727683637
https://github.com/squid-cache/squid/security/advisories/GHSA-84p4-hcx7-jj7c