Squid-cache Squid
54 CVEs affecting Squid-cache Squid. Latest disclosed: 2026-03-26. Critical: 2, High: 23.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-62168 | Critical | 10.0 | 2025-10-17 | Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information… |
CVE-2025-54574 | Critical | 9.3 | 2025-08-01 | Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when p… |
CVE-2016-4051 | High | 8.8 | 2016-04-25 | Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of service or execute arbi… |
CVE-2024-25111 | High | 8.6 | 2024-03-06 | Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked dec… |
CVE-2023-50269 | High | 8.6 | 2023-12-14 | Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 th… |
CVE-2023-49285 | High | 8.6 | 2023-12-04 | Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack agai… |
CVE-2023-49286 | High | 8.6 | 2023-12-04 | Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Den… |
CVE-2023-49288 | High | 8.6 | 2023-12-04 | Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to… |
CVE-2023-46724 | High | 8.6 | 2023-11-01 | Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled us… |
CVE-2016-4554 | High | 8.6 | 2016-05-10 | mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct cache-poisoning attacks via a cr… |
CVE-2016-4553 | High | 8.6 | 2016-05-10 | client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attacke… |
CVE-2016-3947 | High | 8.2 | 2016-04-07 | Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8 allows remote servers… |
CVE-2016-4054 | High | 8.1 | 2016-04-25 | Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) response… |
CVE-2016-4052 | High | 8.1 | 2016-04-25 | Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of service or execute arbitra… |
CVE-2024-45802 | High | 7.5 | 2024-10-28 | Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected… |
CVE-2023-46728 | High | 7.5 | 2023-11-06 | Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service at… |
CVE-2016-10003 | High | 7.5 | 2017-01-27 | Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenl… |
CVE-2016-10002 | High | 7.5 | 2017-01-27 | Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 th… |
CVE-2016-4556 | High | 7.5 | 2016-05-10 | Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted E… |
CVE-2016-4555 | High | 7.5 | 2016-05-10 | client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via crafted Edge Side Includ… |