Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HSquid Cache Squid
APPSquid-Cache≤ 6.4
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
DoS
References
Related vulnerabilities
CVE-2026-33526CRITICAL9.2PL ✓ten sam produkt
Squid: Use-After-Free w obsłudze ruchu ICP umożliwia atak DoS
CVE-2025-62168CRITICAL10.0PL ✓ten sam produkt
Squid: ujawnienie danych uwierzytelniających HTTP przez błędy obsługi
CVE-2025-54574CRITICAL9.3PL ✓ten sam produkt
Heap buffer overflow w Squid podczas przetwarzania URN – możliwy RCE
CVE-2023-46846CRITICAL9.3ten sam produkt
SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to...
CVE-2020-15049CRITICAL9.9ten sam produkt
An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Reque...