Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2026-33526

Опубликовано: 26 мар. 2026
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 7.5

Описание

Squid is a caching proxy for the Web. Prior to version 7.5, due to heap Use-After-Free, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial of Service attack against the Squid service using ICP protocol. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero icp_port). This problem cannot be mitigated by denying ICP queries using icp_access rules. Version 7.5 contains a patch.

РелизСтатусПримечание
devel

needs-triage

esm-infra/focal

needs-triage

jammy

needs-triage

noble

needs-triage

questing

needs-triage

upstream

needs-triage

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra/bionic

needs-triage

esm-infra/xenial

needs-triage

jammy

DNE

noble

DNE

questing

DNE

upstream

needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 82%
0.01701
Низкий

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2026-33526

CVSS3: 7.5
redhat
13 дней назад

Squid is a caching proxy for the Web. Prior to version 7.5, due to heap Use-After-Free, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial of Service attack against the Squid service using ICP protocol. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero `icp_port`). This problem _cannot_ be mitigated by denying ICP queries using `icp_access` rules. Version 7.5 contains a patch.

nvd логотип

CVE-2026-33526

CVSS3: 7.5
nvd
13 дней назад

Squid is a caching proxy for the Web. Prior to version 7.5, due to heap Use-After-Free, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial of Service attack against the Squid service using ICP protocol. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero `icp_port`). This problem _cannot_ be mitigated by denying ICP queries using `icp_access` rules. Version 7.5 contains a patch.

msrc логотип

CVE-2026-33526

CVSS3: 7.5
msrc
12 дней назад

Squid vulnerable to Denial of Service in ICP Request handling

debian логотип

CVE-2026-33526

CVSS3: 7.5
debian
13 дней назад

Squid is a caching proxy for the Web. Prior to version 7.5, due to hea ...

oracle-oval логотип

ELSA-2026-6301

oracle-oval
8 дней назад

ELSA-2026-6301: squid security update (IMPORTANT)

EPSS

Процентиль: 82%
0.01701
Низкий

7.5 High

CVSS3