Every CVE whose affected-product data names Squid-cache Squid, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (109)
CVE-2025-62168 — CVSS 10.0 (critical): Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling…
CVE-2020-15049 — CVSS 9.9 (critical): An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning…
CVE-2019-12519 — CVSS 9.8 (critical): An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This…
CVE-2019-12524 — CVSS 9.8 (critical): An issue was discovered in Squid through 4.7. When handling requests from users, Squid checks its rules to see if the request should be…
CVE-2020-11945 — CVSS 9.8 (critical): An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to…
CVE-2019-12526 — CVSS 9.8 (critical): An issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-based buffer overflow. When receiving data…
CVE-2019-12525 — CVSS 9.8 (critical): An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses…
CVE-2023-46846 — CVSS 9.3 (critical): SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response…
CVE-2025-54574 — CVSS 9.3 (critical): Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code…
CVE-2019-12523 — CVSS 9.1 (critical): An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't…
CVE-2019-12527 — CVSS 8.8 (high): An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global…
CVE-2016-4051 — CVSS 8.8 (high): Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 might allow remote attackers to cause a denial of…
CVE-2023-50269 — CVSS 8.6 (high): Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9…
CVE-2023-49286 — CVSS 8.6 (high): Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is…
CVE-2023-49285 — CVSS 8.6 (high): Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of…
CVE-2023-46848 — CVSS 8.6 (high): Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or…
CVE-2016-4553 — CVSS 8.6 (high): client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which…
CVE-2023-46847 — CVSS 8.6 (high): Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary…
CVE-2023-46724 — CVSS 8.6 (high): Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0…
CVE-2022-41318 — CVSS 8.6 (high): A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB…
CVE-2020-25097 — CVSS 8.6 (high): An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to…
CVE-2020-24606 — CVSS 8.6 (high): Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during…
CVE-2024-25111 — CVSS 8.6 (high): Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack…
CVE-2016-4554 — CVSS 8.6 (high): mime_header.cc in Squid before 3.5.18 allows remote attackers to bypass intended same-origin restrictions and possibly conduct…
CVE-2023-49288 — CVSS 8.6 (high): Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free…
CVE-2016-3947 — CVSS 8.2 (high): Heap-based buffer overflow in the Icmp6::Recv function in icmp/Icmp6.cc in the pinger utility in Squid before 3.5.16 and 4.x before 4.0.8…
CVE-2016-4054 — CVSS 8.1 (high): Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows remote attackers to execute arbitrary code via crafted Edge Side…
CVE-2016-4052 — CVSS 8.1 (high): Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote HTTP servers to cause a denial of…
CVE-2013-1839 — CVSS 7.8 (high): The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x before 3.2.9 and 3.3.x before 3.3.3 allows remote attackers to cause a…
CVE-2026-33526 — CVSS 7.5 (high): Squid is a caching proxy for the Web. Prior to version 7.5, due to heap Use-After-Free, Squid is vulnerable to Denial of Service when…
CVE-2013-4115 — CVSS 7.5 (high): Buffer overflow in the idnsALookup function in dns_internal.cc in Squid 3.2 through 3.2.11 and 3.3 through 3.3.6 allows remote attackers to…
CVE-2016-10002 — CVSS 7.5 (high): Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through…
CVE-2016-10003 — CVSS 7.5 (high): Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed…
CVE-2016-2569 — CVSS 7.5 (high): Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial…
CVE-2016-2570 — CVSS 7.5 (high): The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which…
CVE-2016-2571 — CVSS 7.5 (high): http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which…
CVE-2016-2572 — CVSS 7.5 (high): http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to…
CVE-2016-3948 — CVSS 7.5 (high): Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service…
CVE-2016-4555 — CVSS 7.5 (high): client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via…
CVE-2016-4556 — CVSS 7.5 (high): Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service…
CVE-2018-1000024 — CVSS 7.5 (high): The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling…
CVE-2018-1000027 — CVSS 7.5 (high): The Squid Software Foundation Squid HTTP Caching Proxy version prior to version 4.0.23 contains a NULL Pointer Dereference vulnerability in…
CVE-2019-12520 — CVSS 7.5 (high): An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response…
CVE-2019-12528 — CVSS 7.5 (high): An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap…
CVE-2019-12854 — CVSS 7.5 (high): Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access…
CVE-2019-18676 — CVSS 7.5 (high): An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incorrect input validation, there is a heap-based buffer overflow that can…
CVE-2019-18679 — CVSS 7.5 (high): An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information…
CVE-2020-14058 — CVSS 7.5 (high): An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default…
CVE-2020-8449 — CVSS 7.5 (high): An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret crafted HTTP requests in unexpected ways…
CVE-2020-8517 — CVSS 7.5 (high): An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in…
CVE-2021-28651 — CVSS 7.5 (high): An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When…
CVE-2021-41611 — CVSS 7.5 (high): An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may…
CVE-2023-46728 — CVSS 7.5 (high): Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a…
CVE-2023-5824 — CVSS 7.5 (high): A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a…
CVE-2024-45802 — CVSS 7.5 (high): Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of…
CVE-2026-32748 — CVSS 7.5 (high): Squid is a caching proxy for the Web. Prior to version 7.5, due to premature release of resource during expected lifetime and heap…
CVE-2005-0211 — CVSS 7.5 (high): Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute…
CVE-2020-8450 — CVSS 7.3 (high): An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid…
CVE-2014-6270 — CVSS 6.8 (medium): Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote…
CVE-2015-5400 — CVSS 6.8 (medium): Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to…
CVE-2011-3205 — CVSS 6.8 (medium): Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15…
CVE-2020-15810 — CVSS 6.5 (medium): An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Smuggling attacks may…
CVE-2024-23638 — CVSS 6.5 (medium): Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of…
CVE-2020-14059 — CVSS 6.5 (medium): An issue was discovered in Squid 5.x before 5.0.3. Due to an Incorrect Synchronization, a Denial of Service can occur when processing…
CVE-2020-15811 — CVSS 6.5 (medium): An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may…
CVE-2026-33515 — CVSS 6.5 (medium): Squid is a caching proxy for the Web. Prior to version 7.5, due to improper input validation, Squid is vulnerable to out of bounds read…
CVE-2021-28662 — CVSS 6.5 (medium): An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain response header over HTTP or…
CVE-2021-31806 — CVSS 6.5 (medium): An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service…
CVE-2021-31807 — CVSS 6.5 (medium): An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of…
CVE-2021-31808 — CVSS 6.5 (medium): An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of Service…
CVE-2021-33620 — CVSS 6.5 (medium): Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an…
CVE-2021-46784 — CVSS 6.5 (medium): In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when…
CVE-2022-41317 — CVSS 6.5 (medium): An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be…
CVE-2014-7142 — CVSS 6.4 (medium): The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a…
CVE-2014-7141 — CVSS 6.4 (medium): The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds…
CVE-2024-37894 — CVSS 6.3 (medium): Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI…
CVE-2018-19131 — CVSS 6.1 (medium): Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors.
CVE-2019-18677 — CVSS 6.1 (medium): An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not…
CVE-2019-18860 — CVSS 6.1 (medium): Squid before 4.9, when certain web browsers are used, mishandles HTML in the host (aka hostname) parameter to cachemgr.cgi.
CVE-2016-2390 — CVSS 5.9 (medium): The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake…
CVE-2019-12529 — CVSS 5.9 (medium): An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic…
CVE-2019-12521 — CVSS 5.9 (medium): An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a…
CVE-2018-19132 — CVSS 5.9 (medium): Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet.
CVE-2018-1172 — CVSS 5.9 (medium): This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid…
CVE-2024-25617 — CVSS 5.3 (medium): Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug…
CVE-2019-18678 — CVSS 5.3 (medium): An issue was discovered in Squid 3.x and 4.x through 4.8. It allows attackers to smuggle HTTP requests through frontend software to a Squid…
CVE-2010-0639 — CVSS 5.0 (medium): The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before…
CVE-2012-5643 — CVSS 5.0 (medium): Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid 2.x and 3.x before 3.1.22, 3.2.x before 3.2.4, and 3.3.x before 3.3.0.2…
CVE-2011-4096 — CVSS 5.0 (medium): The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service…
CVE-2010-3072 — CVSS 5.0 (medium): The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial…
CVE-2013-4123 — CVSS 5.0 (medium): client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a…
CVE-2009-2855 — CVSS 5.0 (medium): The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth…
CVE-2014-3609 — CVSS 5.0 (medium): HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a…
CVE-2009-2621 — CVSS 5.0 (medium): Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce "buffer limits and related bound checks," which allows…
CVE-2010-2951 — CVSS 5.0 (medium): dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not enabled, accesses an invalid socket during an IPv4 TCP DNS query, which…
CVE-2014-0128 — CVSS 5.0 (medium): Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is enabled, allows remote attackers to cause a denial of service (assertion…
CVE-2013-0189 — CVSS 5.0 (medium): cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service…
CVE-2009-2622 — CVSS 5.0 (medium): Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests…
CVE-2012-2213 — CVSS 5.0 (medium): Squid 3.1.9 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in…
CVE-2021-28652 — CVSS 4.9 (medium): An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack…
CVE-2019-12522 — CVSS 4.5 (medium): An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the…
CVE-2015-0881 — CVSS 4.3 (medium): CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response…
CVE-2025-59362 — CVSS 4.0 (medium): Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs. This occurs in asn_build_objid in lib/snmplib/asn1.c.
CVE-2010-0308 — CVSS 4.0 (medium): lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service…
CVE-2014-9749 — CVSS 4.0 (medium): Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access…
CVE-2021-28116 — CVSS 3.7 (low): Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP…
CVE-2016-4053 — CVSS 3.7 (low): Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side…
CVE-2015-3455 — CVSS 2.6 (low): Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do…