Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

Untriaged
Filter by:
With package: squid

Found 5 matching suggestions

View:
Compact
Detailed
Permalink CVE-2026-32748
created 2 weeks, 4 days ago
Squid has Denial of Service in ICP Response handling

Squid is a caching proxy for the Web. Prior to version 7.5, due to premature release of resource during expected lifetime and heap Use-After-Free bugs, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial of Service attack against the Squid service using ICP protocol. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero `icp_port`). This problem _cannot_ be mitigated by denying ICP queries using `icp_access` rules. This bug is fixed in Squid version 7.5.

Affected products

squid
  • ==< 7.5

Matching in nixpkgs

pkgs.squid

Caching proxy for the Web supporting HTTP, HTTPS, FTP, and more

  • nixos-unstable 7.4
    • nixpkgs-unstable 7.4
    • nixos-unstable-small 7.4
  • nixos-25.11 7.4
    • nixos-25.11-small 7.4
    • nixpkgs-25.11-darwin 7.4

Package maintainers

Permalink CVE-2026-33526
created 2 weeks, 4 days ago
Squid vulnerable to Denial of Service in ICP Request handling

Squid is a caching proxy for the Web. Prior to version 7.5, due to heap Use-After-Free, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial of Service attack against the Squid service using ICP protocol. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero `icp_port`). This problem _cannot_ be mitigated by denying ICP queries using `icp_access` rules. Version 7.5 contains a patch.

Affected products

squid
  • ==< 7.5

Matching in nixpkgs

pkgs.squid

Caching proxy for the Web supporting HTTP, HTTPS, FTP, and more

  • nixos-unstable 7.4
    • nixpkgs-unstable 7.4
    • nixos-unstable-small 7.4
  • nixos-25.11 7.4
    • nixos-25.11-small 7.4
    • nixpkgs-25.11-darwin 7.4

Package maintainers

Permalink CVE-2026-33515
created 2 weeks, 4 days ago
Squid has issues in ICP message handling

Squid is a caching proxy for the Web. Prior to version 7.5, due to improper input validation, Squid is vulnerable to out of bounds read when handling ICP traffic. This problem allows a remote attacker to receive small amounts of memory potentially containing sensitive information when responding with errors to invalid ICP requests. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero `icp_port`). This problem cannot be mitigated by denying ICP queries using `icp_access` rules. Version 7.5 contains a patch.

Affected products

squid
  • ==< 7.5

Matching in nixpkgs

pkgs.squid

Caching proxy for the Web supporting HTTP, HTTPS, FTP, and more

  • nixos-unstable 7.4
    • nixpkgs-unstable 7.4
    • nixos-unstable-small 7.4
  • nixos-25.11 7.4
    • nixos-25.11-small 7.4
    • nixpkgs-25.11-darwin 7.4

Package maintainers

Permalink CVE-2023-46848
8.6 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 8 months, 1 week ago
Squid: denial of service in ftp

Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.

References

Affected products

squid
  • *
  • ==6.4
  • <6.4
squid:4/squid

Matching in nixpkgs

pkgs.squid

Caching proxy for the Web supporting HTTP, HTTPS, FTP, and more

Package maintainers

Permalink CVE-2023-46846
9.3 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 1 year, 2 months ago
Squid: request/response smuggling in http/1.1 and icap

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.

References

Affected products

squid
  • ==6.4
  • <6.4
  • *
squid34
squid:4
  • *

Matching in nixpkgs

pkgs.squid

Caching proxy for the Web supporting HTTP, HTTPS, FTP, and more

  • nixos-unstable 6.10
    • nixpkgs-unstable 6.10
    • nixos-unstable-small 6.10

Package maintainers