CVE-2026-33515

Squid is a caching proxy for the Web. Prior to version 7.5, due to improper input validation, Squid is vulnerable to out of bounds read when handling ICP traffic. This problem allows a remote attacker to receive small amounts of memory potentially containing sensitive information when responding with errors to invalid ICP requests. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero `icp_port`). This problem cannot be mitigated by denying ICP queries using `icp_access` rules. Version 7.5 contains a patch.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/squid-cache/squid/commit/8138e909d2058d4401e0ad49b583afaec912b165	Patch
https://github.com/squid-cache/squid/pull/2220	Issue Tracking
https://github.com/squid-cache/squid/pull/2220#discussion_r2727683637	Issue Tracking
https://github.com/squid-cache/squid/security/advisories/GHSA-84p4-hcx7-jj7c	Vendor Advisory
http://www.openwall.com/lists/oss-security/2026/03/25/4	Third Party Advisory Mailing List

Configurations

Configuration 1 (hide)

cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*

History

31 Mar 2026, 01:22

Type	Values Removed	Values Added
References	~~() https://github.com/squid-cache/squid/commit/8138e909d2058d4401e0ad49b583afaec912b165 -~~	() https://github.com/squid-cache/squid/commit/8138e909d2058d4401e0ad49b583afaec912b165 - Patch
References	~~() https://github.com/squid-cache/squid/pull/2220 -~~	() https://github.com/squid-cache/squid/pull/2220 - Issue Tracking
References	~~() https://github.com/squid-cache/squid/pull/2220#discussion_r2727683637 -~~	() https://github.com/squid-cache/squid/pull/2220#discussion_r2727683637 - Issue Tracking
References	~~() https://github.com/squid-cache/squid/security/advisories/GHSA-84p4-hcx7-jj7c -~~	() https://github.com/squid-cache/squid/security/advisories/GHSA-84p4-hcx7-jj7c - Vendor Advisory
References	~~() http://www.openwall.com/lists/oss-security/2026/03/25/4 -~~	() http://www.openwall.com/lists/oss-security/2026/03/25/4 - Third Party Advisory, Mailing List
CPE		cpe:2.3:a:squid-cache:squid::::::::
First Time		Squid-cache squid Squid-cache
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.5
Summary		(es) Squid es un proxy de caché para la Web. Antes de la versión 7.5, debido a una validación de entrada incorrecta, Squid es vulnerable a una lectura fuera de límites al manejar tráfico ICP. Este problema permite a un atacante remoto recibir pequeñas cantidades de memoria que potencialmente contienen información sensible al responder con errores a solicitudes ICP no válidas. Este ataque se limita a implementaciones de Squid que habilitan explícitamente el soporte ICP (es decir, configuran un 'icp_port' distinto de cero). Este problema no puede mitigarse denegando consultas ICP utilizando reglas de 'icp_access'. La versión 7.5 contiene un parche.

26 Mar 2026, 01:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-26 01:16

Updated : 2026-03-31 01:22

NVD link : CVE-2026-33515

Mitre link : CVE-2026-33515

CVE.ORG link : CVE-2026-33515

JSON object : View

Products Affected

squid-cache

squid

CWE

CWE-125

Out-of-bounds Read

CWE-1289

Improper Validation of Unsafe Equivalence in Input

6.5 /10