CRITICAL🇵🇱 Wersja polska

CVE-2025-54574

CVSS 9.3v3.1pub. 2025-08-01upd. 2025-11-05

Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URN due to incorrect buffer management. This has been fixed in version 6.4. To work around this issue, disable URN access permissions.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H
  • Squid Cache Squid

    APP
    Squid-Cache
    < 6.4
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEMemory
CWE
References

Related vulnerabilities

CVE-2026-33526CRITICAL9.2PL ✓ten sam produkt

Squid: Use-After-Free w obsłudze ruchu ICP umożliwia atak DoS

CVE-2025-62168CRITICAL10.0PL ✓ten sam produkt

Squid: ujawnienie danych uwierzytelniających HTTP przez błędy obsługi

CVE-2023-46846CRITICAL9.3ten sam produkt

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to...

CVE-2020-15049CRITICAL9.9ten sam produkt

An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Reque...

CVE-2020-11945CRITICAL9.8ten sam produkt

An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication no...