Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

All statuses
Filter by:
With package: prometheus-squid-exporter

Found 6 matching suggestions

View:
Compact
Detailed
Untriaged
Permalink CVE-2026-32748
created 2 weeks, 4 days ago
Squid has Denial of Service in ICP Response handling

Squid is a caching proxy for the Web. Prior to version 7.5, due to premature release of resource during expected lifetime and heap Use-After-Free bugs, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial of Service attack against the Squid service using ICP protocol. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero `icp_port`). This problem _cannot_ be mitigated by denying ICP queries using `icp_access` rules. This bug is fixed in Squid version 7.5.

Affected products

squid
  • ==< 7.5

Matching in nixpkgs

pkgs.squid

Caching proxy for the Web supporting HTTP, HTTPS, FTP, and more

  • nixos-unstable 7.4
    • nixpkgs-unstable 7.4
    • nixos-unstable-small 7.4
  • nixos-25.11 7.4
    • nixos-25.11-small 7.4
    • nixpkgs-25.11-darwin 7.4

Package maintainers

Untriaged
Permalink CVE-2026-33526
created 2 weeks, 4 days ago
Squid vulnerable to Denial of Service in ICP Request handling

Squid is a caching proxy for the Web. Prior to version 7.5, due to heap Use-After-Free, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial of Service attack against the Squid service using ICP protocol. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero `icp_port`). This problem _cannot_ be mitigated by denying ICP queries using `icp_access` rules. Version 7.5 contains a patch.

Affected products

squid
  • ==< 7.5

Matching in nixpkgs

pkgs.squid

Caching proxy for the Web supporting HTTP, HTTPS, FTP, and more

  • nixos-unstable 7.4
    • nixpkgs-unstable 7.4
    • nixos-unstable-small 7.4
  • nixos-25.11 7.4
    • nixos-25.11-small 7.4
    • nixpkgs-25.11-darwin 7.4

Package maintainers

Untriaged
Permalink CVE-2026-33515
created 2 weeks, 4 days ago
Squid has issues in ICP message handling

Squid is a caching proxy for the Web. Prior to version 7.5, due to improper input validation, Squid is vulnerable to out of bounds read when handling ICP traffic. This problem allows a remote attacker to receive small amounts of memory potentially containing sensitive information when responding with errors to invalid ICP requests. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero `icp_port`). This problem cannot be mitigated by denying ICP queries using `icp_access` rules. Version 7.5 contains a patch.

Affected products

squid
  • ==< 7.5

Matching in nixpkgs

pkgs.squid

Caching proxy for the Web supporting HTTP, HTTPS, FTP, and more

  • nixos-unstable 7.4
    • nixpkgs-unstable 7.4
    • nixos-unstable-small 7.4
  • nixos-25.11 7.4
    • nixos-25.11-small 7.4
    • nixpkgs-25.11-darwin 7.4

Package maintainers

Published
Permalink CVE-2023-46847
8.6 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): HIGH
updated 5 months, 2 weeks ago by @Erethon Activity log
  • Created automatic suggestion 8 months, 1 week ago
  • @Erethon accepted 5 months, 2 weeks ago
  • @Erethon published on GitHub 5 months, 2 weeks ago
Squid: denial of service in http digest authentication

Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.

References

Affected products

squid
  • ==6.4
  • <6.4
  • *
squid34
  • *
squid:4
  • *

Matching in nixpkgs

pkgs.squid

Caching proxy for the Web supporting HTTP, HTTPS, FTP, and more

Package maintainers

Published
Permalink CVE-2023-5824
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
updated 6 months, 2 weeks ago by @Erethon Activity log
  • Created automatic suggestion 8 months, 1 week ago
  • @Erethon accepted 6 months, 2 weeks ago
  • @Erethon published on GitHub 6 months, 2 weeks ago
Squid: dos against http and https

A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk cache, resulting in a denial of service.

References

Affected products

squid
  • ==6.4
  • *
squid:4
  • *

Matching in nixpkgs

pkgs.squid

Caching proxy for the Web supporting HTTP, HTTPS, FTP, and more

Package maintainers

Untriaged
Permalink CVE-2023-46848
8.6 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 8 months, 1 week ago
Squid: denial of service in ftp

Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.

References

Affected products

squid
  • *
  • ==6.4
  • <6.4
squid:4/squid

Matching in nixpkgs

pkgs.squid

Caching proxy for the Web supporting HTTP, HTTPS, FTP, and more

Package maintainers