Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
Debian DSA |
DSA-6360-1 | squid security update |
Thu, 16 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A flaw was found in Squid. Due to improper input validation, a heap-based buffer overflow can occur when processing cache digests. This issue allows a trusted server to cause a denial of service when sending specially crafted replies to cache_digest request messages. | Squid is a caching proxy for the Web. Prior to 7.6, due to an improper input validation bug in cache digest reply handling (peerDigestSwapInMask in src/peer_digest.cc), Squid is vulnerable to a heap-based buffer overflow: a cache digest's on-the-wire size may be larger than the mask_size declared within the digest, so a trusted peer sending a maliciously crafted reply to a cache_digest request message can trigger the overflow. This attack is limited to Squid instances compiled with the --enable-cache-digests option and configured with cache_peer entries. This issue is fixed in version 7.6. |
| Title | squid: memory corruption in cache_digest reply handling | Squid: Memory corruption in cache_digest reply handling |
| Weaknesses | CWE-20 | |
| References |
|
Fri, 26 Jun 2026 05:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Squid-cache
Squid-cache squid |
|
| Vendors & Products |
Squid-cache
Squid-cache squid |
Fri, 26 Jun 2026 00:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A flaw was found in Squid. Due to improper input validation, a heap-based buffer overflow can occur when processing cache digests. This issue allows a trusted server to cause a denial of service when sending specially crafted replies to cache_digest request messages. | |
| Title | squid: memory corruption in cache_digest reply handling | |
| Weaknesses | CWE-122 | |
| References |
| |
| Metrics |
threat_severity
|
cvssV3_1
|
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-16T16:11:34.488Z
Reserved: 2026-06-02T22:46:02.579Z
Link: CVE-2026-50012
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-17T03:45:04Z
Debian DSA