SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:NRed Hat Enterprise Linux
OSRedhat8.09.0Red Hat Enterprise Linux Eus
OSRedhat8.68.89.09.2Red Hat Enterprise Linux For Arm 64
OSRedhat8.0_aarch64Red Hat Enterprise Linux For IBM Z Systems
OSRedhat8.0_s390xRed Hat Enterprise Linux For Power Little Endian
OSRedhat8.0_ppc64leRed Hat Enterprise Linux Server Aus
OSRedhat8.28.48.69.2Red Hat Enterprise Linux Server Tus
OSRedhat8.28.48.68.89.2Squid Cache Squid
APPSquid-Cache2.6 – 6.4 (bez)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Firewall
References
Related vulnerabilities
CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
CVE-2021-40438CRITICAL9.0⚠ KEVten sam produkt
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...
CVE-2019-5544CRITICAL9.8⚠ KEVten sam produkt
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the s...
CVE-2018-14667CRITICAL9.8⚠ KEVten sam produkt
The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserReso...
CVE-2016-3427CRITICAL9.8⚠ KEVten sam produkt
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 ...