CVE-2026-33515

| EUVD-2026-16067 MEDIUM
2026-03-26 GitHub_M
6.9
CVSS 4.0
Share

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

4
Patch Released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 26, 2026 - 01:00 euvd
EUVD-2026-16067
Analysis Generated
Mar 26, 2026 - 01:00 vuln.today
CVE Published
Mar 26, 2026 - 00:13 nvd
MEDIUM 6.9

Tags

Buffer Overflow Information Disclosure

Description

Squid is a caching proxy for the Web. Prior to version 7.5, due to improper input validation, Squid is vulnerable to out of bounds read when handling ICP traffic. This problem allows a remote attacker to receive small amounts of memory potentially containing sensitive information when responding with errors to invalid ICP requests. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero `icp_port`). This problem cannot be mitigated by denying ICP queries using `icp_access` rules. Version 7.5 contains a patch.

Analysis

Squid prior to version 7.5 contains an out-of-bounds read vulnerability in ICP (Internet Cache Protocol) traffic handling due to improper input validation, classified as CWE-125. Remote attackers can exploit this to leak small amounts of process memory potentially containing sensitive information by sending malformed ICP requests to deployments with explicitly enabled ICP support (non-zero icp_port configuration). …

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

35
Low Medium High Critical
KEV: 0
EPSS: +1.0
CVSS: +34
POC: 0

Vendor Status

Ubuntu

Priority: Medium
squid
Release Status Version
focal needs-triage -
jammy needs-triage -
noble needs-triage -
questing needs-triage -
upstream needs-triage -
squid3
Release Status Version
xenial needs-triage -
bionic needs-triage -
jammy DNE -
noble DNE -
questing DNE -
upstream needs-triage -

Debian

squid
Release Status Fixed Version Urgency
bullseye vulnerable 4.13-10+deb11u3 -
bullseye (security) vulnerable 4.13-10+deb11u6 -
bookworm vulnerable 5.7-2+deb12u5 -
bookworm (security) vulnerable 5.7-2+deb12u4 -
trixie, trixie (security) vulnerable 6.13-2+deb13u1 -
forky vulnerable 7.4-1 -
sid fixed 7.5-1 -
(unstable) fixed 7.5-1 -

Share

CVE-2026-33515 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy