Compliance Impact

The vulnerability in Squid prior to version 7.5 allows remote attackers to read small amounts of memory that may contain sensitive information due to improper input validation in ICP traffic handling.

This exposure of potentially sensitive information could impact compliance with data protection standards and regulations such as GDPR and HIPAA, which require safeguarding of sensitive data against unauthorized access.

Since the vulnerability allows confidentiality impacts by leaking memory contents, organizations using vulnerable Squid versions with ICP enabled may face increased risk of data breaches or unauthorized disclosure, which could lead to non-compliance with these regulations.

Mitigation involves disabling ICP support or upgrading to Squid version 7.5 or later, which patches the vulnerability and helps maintain compliance by preventing unauthorized memory disclosure.

Useful 0 Not Useful 0

Executive Summary

CVE-2026-33515 is a moderate severity vulnerability in the Squid caching proxy software versions prior to 7.5 that have ICP (Internet Cache Protocol) support enabled. It arises from improper input validation when handling ICP traffic, which allows a remote attacker to cause Squid to perform an out-of-bounds read of memory when processing invalid ICP requests.

This means that an attacker can send malformed ICP messages that cause Squid to read memory beyond the intended buffer boundaries, potentially exposing small amounts of memory that may contain sensitive information.

The vulnerability specifically affects Squid installations with a non-zero icp_port configured, and cannot be mitigated by simply denying ICP queries using icp_access rules. The issue was fixed in Squid version 7.5 by adding strict validation of ICP packet sizes and URLs, rejecting malformed packets, and adding defensive checks to prevent invalid memory access.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can impact you by allowing a remote attacker to read small amounts of memory from the Squid proxy server when it processes invalid ICP requests.

The exposed memory may contain sensitive information, leading to a confidentiality breach.

However, the impact on confidentiality and integrity is considered low, and the vulnerability does not affect availability.

Exploitation requires that ICP support is enabled with a non-zero icp_port, and no special privileges or user interaction are needed.

Mitigation includes disabling ICP support by setting icp_port to 0 or upgrading to Squid version 7.5 or later where the vulnerability is patched.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by checking if the Squid proxy has ICP support enabled with a non-zero icp_port configuration. If ICP is enabled on a non-zero port, the Squid version prior to 7.5 is vulnerable.

A suggested command to detect this is:

• `squid -k parse 2>&1 | grep -E "(icp|udp)_port" | tail -n1`

If the output shows a non-zero icp_port, the system is potentially vulnerable. If it is set to 0, ICP support is disabled and the system is not vulnerable.

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to disable ICP support by setting the `icp_port` configuration to 0 in the Squid configuration file.

It is important to note that simply denying ICP queries using `icp_access` rules does not mitigate this vulnerability.

Alternatively, upgrading to Squid version 7.5 or later, which contains the patch fixing this vulnerability, is recommended.

For stable releases, patches are available but may require applying prerequisite patches first.

Useful 0 Not Useful 0