Description
A flaw was found in Squid. Due to improper input validation, a heap-based buffer overflow can occur when processing cache digests. This issue allows a trusted server to cause a denial of service when sending specially crafted replies to cache_digest request messages.
Published: n/a
Score: 5.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A heap‑based buffer overflow in the cache_digest reply handling of Squid can be triggered by a trusted server that sends specially crafted replies. The flaw stems from improper input validation when processing cache digest messages. Exploitation results in a denial of service, terminating or crashing the Squid process for the victim server.

Affected Systems

The vulnerability affects the Squid caching proxy server. No specific Squid version numbers are listed, so any installation running an unpatched version of Squid that processes cache_digest replies is potentially exposed.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity. EPSS is not available and the issue is not in CISA KEV, suggesting limited evidence of exploitation in the wild. The attacker must be a trusted server within the network, able to send crafted cache_digest replies to the vulnerable Squid instance. Successful exploitation would be internal or hybrid, causing a service disruption of the proxy.

Generated by OpenCVE AI on June 26, 2026 at 01:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest Squid release, which patches the cache_digest input validation flaw.
  • If an immediate patch is unavailable, disable the cache_digest feature or configure Squid to reject cache digest replies from untrusted sources.
  • Segregate or restrict network traffic so that only authorized servers can communicate with Squid, and employ ACLs or firewall rules to limit the scope of trust.

Generated by OpenCVE AI on June 26, 2026 at 01:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6360-1 squid security update
History

Fri, 26 Jun 2026 05:30:00 +0000

Type Values Removed Values Added
First Time appeared Squid-cache
Squid-cache squid
Vendors & Products Squid-cache
Squid-cache squid

Fri, 26 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Description A flaw was found in Squid. Due to improper input validation, a heap-based buffer overflow can occur when processing cache digests. This issue allows a trusted server to cause a denial of service when sending specially crafted replies to cache_digest request messages.
Title squid: memory corruption in cache_digest reply handling
Weaknesses CWE-122
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H'}

threat_severity

Moderate

Subscriptions

Squid-cache Squid
cve-icon MITRE

No data.

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-23T00:00:00Z

Links: CVE-2026-50012 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T05:15:16Z

Weaknesses
  • CWE-122

    Heap-based Buffer Overflow