CVE-2026-50012
Public on 2026-06-12
Modified on 2026-06-12
Description
Due to an Improper Input Validation bug, Squid is vulnerable to
a Heap-based Buffer Overflow attack against cache digests.
This problem allows a trusted server to perform a Heap-based
Buffer Overflow when sending maliciously crafted replies to
cache_digest request messages.
This attack is limited to Squid instances that have been
compiled with the --enable-cache-digests option.
a Heap-based Buffer Overflow attack against cache digests.
This problem allows a trusted server to perform a Heap-based
Buffer Overflow when sending maliciously crafted replies to
cache_digest request messages.
This attack is limited to Squid instances that have been
compiled with the --enable-cache-digests option.
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2 - Core | squid | Pending Fix | ||
| Amazon Linux 2023 | squid | Pending Fix |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 8.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |