Squid is a caching proxy for the Web. Prior to 7.6, due to an improper input validation bug in cache digest reply handling (peerDigestSwapInMask in src/peer_digest.cc), Squid is vulnerable to a heap-based buffer overflow: a cache digest's on-the-wire size may be larger than the mask_size declared within the digest, so a trusted peer sending a maliciously crafted reply to a cache_digest request message can trigger the overflow. This attack is limited to Squid instances compiled with the --enable-cache-digests option and configured with cache_peer entries. This issue is fixed in version 7.6.
Advisories
| Source | ID | Title |
|---|---|---|
Debian DSA |
DSA-6360-1 | squid security update |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Thu, 16 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A flaw was found in Squid. Due to improper input validation, a heap-based buffer overflow can occur when processing cache digests. This issue allows a trusted server to cause a denial of service when sending specially crafted replies to cache_digest request messages. | Squid is a caching proxy for the Web. Prior to 7.6, due to an improper input validation bug in cache digest reply handling (peerDigestSwapInMask in src/peer_digest.cc), Squid is vulnerable to a heap-based buffer overflow: a cache digest's on-the-wire size may be larger than the mask_size declared within the digest, so a trusted peer sending a maliciously crafted reply to a cache_digest request message can trigger the overflow. This attack is limited to Squid instances compiled with the --enable-cache-digests option and configured with cache_peer entries. This issue is fixed in version 7.6. |
| Title | squid: memory corruption in cache_digest reply handling | Squid: Memory corruption in cache_digest reply handling |
| Weaknesses | CWE-20 | |
| References |
|
Fri, 26 Jun 2026 05:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Squid-cache
Squid-cache squid |
|
| Vendors & Products |
Squid-cache
Squid-cache squid |
Fri, 26 Jun 2026 00:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A flaw was found in Squid. Due to improper input validation, a heap-based buffer overflow can occur when processing cache digests. This issue allows a trusted server to cause a denial of service when sending specially crafted replies to cache_digest request messages. | |
| Title | squid: memory corruption in cache_digest reply handling | |
| Weaknesses | CWE-122 | |
| References |
| |
| Metrics |
threat_severity
|
cvssV3_1
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-16T16:11:34.488Z
Reserved: 2026-06-02T22:46:02.579Z
Link: CVE-2026-50012
No data.
No data.
OpenCVE Enrichment
Updated: 2026-06-26T05:15:16Z
Debian DSA