CVE-2026-33515

Name
CVE-2026-33515
Description
Squid is a caching proxy for the Web. Prior to version 7.5, due to improper input validation, Squid is vulnerable to out of bounds read when handling ICP traffic. This problem allows a remote attacker to receive small amounts of memory potentially containing sensitive information when responding with errors to invalid ICP requests. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero `icp_port`). This problem cannot be mitigated by denying ICP queries using `icp_access` rules. Version 7.5 contains a patch.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
security-advisories@github.com https://github.com/squid-cache/squid/commit/8138e909d2058d4401e0ad49b583afaec912b165
security-advisories@github.com https://github.com/squid-cache/squid/pull/2220
security-advisories@github.com https://github.com/squid-cache/squid/pull/2220#discussion_r2727683637
security-advisories@github.com https://github.com/squid-cache/squid/security/advisories/GHSA-84p4-hcx7-jj7c
af854a3a-2127-422b-91ae-364da2661108 http://www.openwall.com/lists/oss-security/2026/03/25/4

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:* squid >= None < 7.5

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
squid edge-main 7.4-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
squid edge-main 7.3-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
squid edge-main 6.12-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
squid edge-main 6.12-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
squid edge-main 6.6-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
squid edge-main 6.5-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
squid edge-main 6.4-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
squid edge-main 6.1-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
squid edge-main 5.7-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
squid edge-main 5.2-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
squid edge-main 5.0.6-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
squid edge-main 5.0.5-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
squid edge-main 4.13.0-r0 None possibly vulnerable
squid edge-main 4.12.0-r0 None possibly vulnerable
squid edge-main 4.10-r0 None possibly vulnerable
squid edge-main 4.9-r0 None possibly vulnerable
squid edge-main 4.8-r0 None possibly vulnerable
squid edge-main 3.5.27-r2 None possibly vulnerable
squid 3.23-main 7.3-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
squid 3.22-main 6.12-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
squid 3.22-main 6.6-r0 None possibly vulnerable
squid 3.22-main 6.5-r0 None possibly vulnerable
squid 3.22-main 6.4-r0 None possibly vulnerable
squid 3.22-main 6.1-r0 None possibly vulnerable
squid 3.22-main 5.7-r0 None possibly vulnerable
squid 3.22-main 5.2-r0 None possibly vulnerable
squid 3.22-main 5.0.6-r0 None possibly vulnerable
squid 3.22-main 5.0.5-r0 None possibly vulnerable
squid 3.22-main 4.13.0-r0 None possibly vulnerable
squid 3.22-main 4.12.0-r0 None possibly vulnerable
squid 3.22-main 4.10-r0 None possibly vulnerable
squid 3.22-main 4.9-r0 None possibly vulnerable
squid 3.22-main 4.8-r0 None possibly vulnerable
squid 3.22-main 3.5.27-r2 None possibly vulnerable
squid 3.21-main 6.12-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
squid 3.21-main 6.6-r0 None possibly vulnerable
squid 3.21-main 6.5-r0 None possibly vulnerable
squid 3.21-main 6.4-r0 None possibly vulnerable
squid 3.21-main 6.1-r0 None possibly vulnerable
squid 3.21-main 5.7-r0 None possibly vulnerable
squid 3.21-main 5.2-r0 None possibly vulnerable
squid 3.21-main 5.0.6-r0 None possibly vulnerable
squid 3.21-main 5.0.5-r0 None possibly vulnerable
squid 3.21-main 4.13.0-r0 None possibly vulnerable
squid 3.21-main 4.12.0-r0 None possibly vulnerable
squid 3.21-main 4.10-r0 None possibly vulnerable
squid 3.21-main 4.9-r0 None possibly vulnerable
squid 3.21-main 4.8-r0 None possibly vulnerable
squid 3.21-main 3.5.27-r2 None possibly vulnerable
squid 3.20-main 6.9-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
squid 3.20-main 6.6-r0 None possibly vulnerable
squid 3.20-main 6.5-r0 None possibly vulnerable
squid 3.20-main 6.4-r0 None possibly vulnerable
squid 3.20-main 6.1-r0 None possibly vulnerable
squid 3.20-main 5.7-r0 None possibly vulnerable
squid 3.20-main 5.2-r0 None possibly vulnerable
squid 3.20-main 5.0.6-r0 None possibly vulnerable
squid 3.20-main 5.0.5-r0 None possibly vulnerable
squid 3.20-main 4.13.0-r0 None possibly vulnerable
squid 3.20-main 4.12.0-r0 None possibly vulnerable
squid 3.20-main 4.10-r0 None possibly vulnerable
squid 3.20-main 4.9-r0 None possibly vulnerable
squid 3.20-main 4.8-r0 None possibly vulnerable
squid 3.20-main 3.5.27-r2 None possibly vulnerable
squid 3.19-main 6.6-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
squid 3.19-main 6.5-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
squid 3.19-main 6.4-r0 None possibly vulnerable
squid 3.19-main 6.1-r0 None possibly vulnerable
squid 3.19-main 5.7-r0 None possibly vulnerable
squid 3.19-main 5.2-r0 None possibly vulnerable
squid 3.19-main 5.0.6-r0 None possibly vulnerable
squid 3.19-main 5.0.5-r0 None possibly vulnerable
squid 3.19-main 4.13.0-r0 None possibly vulnerable
squid 3.19-main 4.12.0-r0 None possibly vulnerable
squid 3.19-main 4.10-r0 None possibly vulnerable
squid 3.19-main 4.9-r0 None possibly vulnerable
squid 3.19-main 4.8-r0 None possibly vulnerable
squid 3.19-main 3.5.27-r2 None possibly vulnerable