DEBIAN-CVE-2025-54574

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/DEBIAN-CVE-2025-54574
Import Source
https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2025-54574.json
JSON Data
https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2025-54574
Upstream
Published
2025-08-01T18:15:55Z
Modified
2025-09-19T07:35:37.977824Z
Summary
[none]
Details

Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URN due to incorrect buffer management. This has been fixed in version 6.4. To work around this issue, disable URN access permissions.

References

Affected packages

Debian:12 / squid

Package

Name
squid
Purl
pkg:deb/debian/squid?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.7-2+deb12u3

Affected versions

5.*

5.7-2
5.7-2+deb12u1
5.7-2+deb12u2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / squid

Package

Name
squid
Purl
pkg:deb/debian/squid?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.5-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / squid

Package

Name
squid
Purl
pkg:deb/debian/squid?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.5-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}