UBUNTU-CVE-2026-33515
- Source
- https://ubuntu.com/security/CVE-2026-33515
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-33515.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2026-33515
- Upstream
- Downstream
- Related
- Published
- 2026-03-26T01:16:00Z
- Modified
- 2026-04-13T14:33:24.376761Z
- Severity
-
- 6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N CVSS Calculator
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
Squid is a caching proxy for the Web. Prior to version 7.5, due to improper input validation, Squid is vulnerable to out of bounds read when handling ICP traffic. This problem allows a remote attacker to receive small amounts of memory potentially containing sensitive information when responding with errors to invalid ICP requests. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero
icp_port). This problem cannot be mitigated by denying ICP queries usingicp_accessrules. Version 7.5 contains a patch. - References
Affected packages
Ubuntu:22.04:LTS
squid
Package
- Name
- squid
- Purl
- pkg:deb/ubuntu/squid@5.9-0ubuntu0.22.04.5?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.9-0ubuntu0.22.04.5
Affected versions
4.*
4.13-10ubuntu5
5.*
5.2-1ubuntu1
5.2-1ubuntu3
5.2-1ubuntu4
5.2-1ubuntu4.1
5.2-1ubuntu4.2
5.2-1ubuntu4.3
5.7-0ubuntu0.22.04.1
5.7-0ubuntu0.22.04.2
5.7-0ubuntu0.22.04.3
5.7-0ubuntu0.22.04.4
5.9-0ubuntu0.22.04.1
5.9-0ubuntu0.22.04.2
5.9-0ubuntu0.22.04.3
5.9-0ubuntu0.22.04.4
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "squid",
"binary_version": "5.9-0ubuntu0.22.04.5"
},
{
"binary_name": "squid-cgi",
"binary_version": "5.9-0ubuntu0.22.04.5"
},
{
"binary_name": "squid-common",
"binary_version": "5.9-0ubuntu0.22.04.5"
},
{
"binary_name": "squid-openssl",
"binary_version": "5.9-0ubuntu0.22.04.5"
},
{
"binary_name": "squid-purge",
"binary_version": "5.9-0ubuntu0.22.04.5"
},
{
"binary_name": "squidclient",
"binary_version": "5.9-0ubuntu0.22.04.5"
}
]
}Ubuntu:24.04:LTS
squid
Package
- Name
- squid
- Purl
- pkg:deb/ubuntu/squid@6.14-0ubuntu0.24.04.2?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.14-0ubuntu0.24.04.2
Affected versions
6.*
6.1-2ubuntu1
6.1-2ubuntu2
6.5-1ubuntu1
6.5-1ubuntu2
6.5-1ubuntu3
6.6-1ubuntu4
6.6-1ubuntu5
6.6-1ubuntu5.1
6.10-0ubuntu0.24.04.1
6.13-0ubuntu0.24.04.1
6.13-0ubuntu0.24.04.2
6.13-0ubuntu0.24.04.3
6.14-0ubuntu0.24.04.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "squid",
"binary_version": "6.14-0ubuntu0.24.04.2"
},
{
"binary_name": "squid-cgi",
"binary_version": "6.14-0ubuntu0.24.04.2"
},
{
"binary_name": "squid-common",
"binary_version": "6.14-0ubuntu0.24.04.2"
},
{
"binary_name": "squid-openssl",
"binary_version": "6.14-0ubuntu0.24.04.2"
},
{
"binary_name": "squid-purge",
"binary_version": "6.14-0ubuntu0.24.04.2"
},
{
"binary_name": "squidclient",
"binary_version": "6.14-0ubuntu0.24.04.2"
}
]
}Ubuntu:25.10
squid
Package
- Name
- squid
- Purl
- pkg:deb/ubuntu/squid@6.14-0ubuntu0.25.10.2?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.14-0ubuntu0.25.10.2
Affected versions
6.*
6.13-1ubuntu1
6.13-1ubuntu2
6.13-1ubuntu3
6.13-1ubuntu4
6.13-1ubuntu4.1
6.14-0ubuntu0.25.10.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "squid",
"binary_version": "6.14-0ubuntu0.25.10.2"
},
{
"binary_name": "squid-cgi",
"binary_version": "6.14-0ubuntu0.25.10.2"
},
{
"binary_name": "squid-common",
"binary_version": "6.14-0ubuntu0.25.10.2"
},
{
"binary_name": "squid-openssl",
"binary_version": "6.14-0ubuntu0.25.10.2"
},
{
"binary_name": "squid-purge",
"binary_version": "6.14-0ubuntu0.25.10.2"
},
{
"binary_name": "squidclient",
"binary_version": "6.14-0ubuntu0.25.10.2"
}
]
}Ubuntu:Pro:16.04:LTS
squid3
Package
- Name
- squid3
- Purl
- pkg:deb/ubuntu/squid3@3.5.12-1ubuntu7.16+esm6?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
3.*
3.3.8-1ubuntu16
3.3.8-1ubuntu17
3.5.12-1ubuntu6
3.5.12-1ubuntu7
3.5.12-1ubuntu7.1
3.5.12-1ubuntu7.2
3.5.12-1ubuntu7.3
3.5.12-1ubuntu7.4
3.5.12-1ubuntu7.5
3.5.12-1ubuntu7.6
3.5.12-1ubuntu7.7
3.5.12-1ubuntu7.8
3.5.12-1ubuntu7.9
3.5.12-1ubuntu7.10
3.5.12-1ubuntu7.11
3.5.12-1ubuntu7.12
3.5.12-1ubuntu7.13
3.5.12-1ubuntu7.14
3.5.12-1ubuntu7.15
3.5.12-1ubuntu7.16
3.5.12-1ubuntu7.16+esm1
3.5.12-1ubuntu7.16+esm2
3.5.12-1ubuntu7.16+esm3
3.5.12-1ubuntu7.16+esm4
3.5.12-1ubuntu7.16+esm5
3.5.12-1ubuntu7.16+esm6
Ecosystem specific
{
"binaries": [
{
"binary_name": "squid",
"binary_version": "3.5.12-1ubuntu7.16+esm6"
},
{
"binary_name": "squid-cgi",
"binary_version": "3.5.12-1ubuntu7.16+esm6"
},
{
"binary_name": "squid-common",
"binary_version": "3.5.12-1ubuntu7.16+esm6"
},
{
"binary_name": "squid-purge",
"binary_version": "3.5.12-1ubuntu7.16+esm6"
},
{
"binary_name": "squid3",
"binary_version": "3.5.12-1ubuntu7.16+esm6"
},
{
"binary_name": "squidclient",
"binary_version": "3.5.12-1ubuntu7.16+esm6"
}
]
}Ubuntu:Pro:18.04:LTS
squid3
Package
- Name
- squid3
- Purl
- pkg:deb/ubuntu/squid3@3.5.27-1ubuntu1.14+esm5?arch=source&distro=esm-infra/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
3.*
3.5.23-5ubuntu1
3.5.23-5ubuntu2
3.5.27-1ubuntu1
3.5.27-1ubuntu1.1
3.5.27-1ubuntu1.2
3.5.27-1ubuntu1.3
3.5.27-1ubuntu1.4
3.5.27-1ubuntu1.5
3.5.27-1ubuntu1.6
3.5.27-1ubuntu1.7
3.5.27-1ubuntu1.8
3.5.27-1ubuntu1.9
3.5.27-1ubuntu1.10
3.5.27-1ubuntu1.11
3.5.27-1ubuntu1.12
3.5.27-1ubuntu1.13
3.5.27-1ubuntu1.14
3.5.27-1ubuntu1.14+esm1
3.5.27-1ubuntu1.14+esm2
3.5.27-1ubuntu1.14+esm3
3.5.27-1ubuntu1.14+esm4
3.5.27-1ubuntu1.14+esm5
Ecosystem specific
{
"binaries": [
{
"binary_name": "squid",
"binary_version": "3.5.27-1ubuntu1.14+esm5"
},
{
"binary_name": "squid-cgi",
"binary_version": "3.5.27-1ubuntu1.14+esm5"
},
{
"binary_name": "squid-common",
"binary_version": "3.5.27-1ubuntu1.14+esm5"
},
{
"binary_name": "squid-purge",
"binary_version": "3.5.27-1ubuntu1.14+esm5"
},
{
"binary_name": "squid3",
"binary_version": "3.5.27-1ubuntu1.14+esm5"
},
{
"binary_name": "squidclient",
"binary_version": "3.5.27-1ubuntu1.14+esm5"
}
]
}Ubuntu:Pro:20.04:LTS
squid
Package
- Name
- squid
- Purl
- pkg:deb/ubuntu/squid@4.10-1ubuntu1.13+esm2?arch=source&distro=esm-infra/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
4.*
4.8-1ubuntu2
4.8-1ubuntu3
4.9-2ubuntu1
4.9-2ubuntu2
4.9-2ubuntu3
4.9-2ubuntu4
4.10-1ubuntu1
4.10-1ubuntu1.1
4.10-1ubuntu1.2
4.10-1ubuntu1.3
4.10-1ubuntu1.4
4.10-1ubuntu1.5
4.10-1ubuntu1.6
4.10-1ubuntu1.7
4.10-1ubuntu1.8
4.10-1ubuntu1.9
4.10-1ubuntu1.10
4.10-1ubuntu1.11
4.10-1ubuntu1.12
4.10-1ubuntu1.13
4.10-1ubuntu1.13+esm1
4.10-1ubuntu1.13+esm2
Ecosystem specific
{
"binaries": [
{
"binary_name": "squid",
"binary_version": "4.10-1ubuntu1.13+esm2"
},
{
"binary_name": "squid-cgi",
"binary_version": "4.10-1ubuntu1.13+esm2"
},
{
"binary_name": "squid-common",
"binary_version": "4.10-1ubuntu1.13+esm2"
},
{
"binary_name": "squid-purge",
"binary_version": "4.10-1ubuntu1.13+esm2"
},
{
"binary_name": "squidclient",
"binary_version": "4.10-1ubuntu1.13+esm2"
}
]
}