Nixpkgs security tracker

Untriaged

Permalink CVE-2026-33515

created 2 weeks, 4 days ago

Squid has issues in ICP message handling

Squid is a caching proxy for the Web. Prior to version 7.5, due to improper input validation, Squid is vulnerable to out of bounds read when handling ICP traffic. This problem allows a remote attacker to receive small amounts of memory potentially containing sensitive information when responding with errors to invalid ICP requests. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero `icp_port`). This problem cannot be mitigated by denying ICP queries using `icp_access` rules. Version 7.5 contains a patch.

References

https://github.com/squid-cache/squid/security/advisories/GHSA-84p4-hcx7-jj7c x_refsource_CONFIRM
https://github.com/squid-cache/squid/pull/2220 x_refsource_MISC
https://github.com/squid-cache/squid/pull/2220#discussion_r2727683637 x_refsource_MISC
https://github.com/squid-cache/squid/commit/8138e909d2058d4401e0ad49b583afaec912b165 x_refsource_MISC
http://www.openwall.com/lists/oss-security/2026/03/25/4

Affected products

squid

==< 7.5

Matching in nixpkgs

pkgs.squid

Caching proxy for the Web supporting HTTP, HTTPS, FTP, and more

nixos-unstable 7.4
- nixpkgs-unstable 7.4
- nixos-unstable-small 7.4
nixos-25.11 7.4
- nixos-25.11-small 7.4
- nixpkgs-25.11-darwin 7.4

pkgs.prometheus-squid-exporter

Squid Prometheus exporter

nixos-unstable 1.13.0
- nixpkgs-unstable 1.13.0
- nixos-unstable-small 1.13.0
nixos-25.11 1.13.0
- nixos-25.11-small 1.13.0
- nixpkgs-25.11-darwin 1.13.0

pkgs.python312Packages.flyingsquid

More interactive weak supervision with FlyingSquid

nixos-25.11 0.0.0a0
- nixos-25.11-small 0.0.0a0
- nixpkgs-25.11-darwin 0.0.0a0

pkgs.python313Packages.flyingsquid

More interactive weak supervision with FlyingSquid

nixos-unstable 0.0.0a0
- nixpkgs-unstable 0.0.0a0
- nixos-unstable-small 0.0.0a0
nixos-25.11 0.0.0a0
- nixos-25.11-small 0.0.0a0
- nixpkgs-25.11-darwin 0.0.0a0

pkgs.python314Packages.flyingsquid

More interactive weak supervision with FlyingSquid

nixos-unstable 0.0.0a0
- nixpkgs-unstable 0.0.0a0
- nixos-unstable-small 0.0.0a0

pkgs.pkgsRocm.python3Packages.flyingsquid

More interactive weak supervision with FlyingSquid

nixos-unstable 0.0.0a0
- nixpkgs-unstable 0.0.0a0
- nixos-unstable-small 0.0.0a0
nixos-25.11 0.0.0a0
- nixos-25.11-small 0.0.0a0
- nixpkgs-25.11-darwin 0.0.0a0

Package maintainers

@srhb Sarah Brofeldt <sbrofeldt@gmail.com>
@happysalada Raphael Megzari <raphael@megzari.com>
@7c6f434c Michael Raskin <7c6f434c@mail.ru>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.squid

pkgs.prometheus-squid-exporter

pkgs.python312Packages.flyingsquid

pkgs.python313Packages.flyingsquid

pkgs.python314Packages.flyingsquid

pkgs.pkgsRocm.python3Packages.flyingsquid

Package maintainers