NIXPKGS-2026-0780

GitHub issue published on 27 Mar 2026

Permalink CVE-2026-32748

updated 1 day ago by @LeSuisse Activity log

Created automatic suggestion 1 day, 9 hours ago
@LeSuisse removed
5 packages
- prometheus-squid-exporter
- python312Packages.flyingsquid
- python313Packages.flyingsquid
- python314Packages.flyingsquid
- pkgsRocm.python3Packages.flyingsquid
1 day ago
@LeSuisse accepted 1 day ago
@LeSuisse published on GitHub 1 day ago

Squid has Denial of Service in ICP Response handling

Squid is a caching proxy for the Web. Prior to version 7.5, due to premature release of resource during expected lifetime and heap Use-After-Free bugs, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial of Service attack against the Squid service using ICP protocol. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero `icp_port`). This problem _cannot_ be mitigated by denying ICP queries using `icp_access` rules. This bug is fixed in Squid version 7.5.

References

https://github.com/squid-cache/squid/security/advisories/GHSA-f9p7-3jqg-hhvq x_refsource_CONFIRM
https://github.com/squid-cache/squid/commit/703e07d25ca6fa11f52d20bf0bb879e22ab7481b x_refsource_MISC
http://www.openwall.com/lists/oss-security/2026/03/25/3

Affected products

squid

==< 7.5

Matching in nixpkgs

pkgs.squid

Caching proxy for the Web supporting HTTP, HTTPS, FTP, and more

nixos-unstable 7.4
- nixpkgs-unstable 7.4
- nixos-unstable-small 7.4
nixos-25.11 7.4
- nixos-25.11-small 7.4
- nixpkgs-25.11-darwin 7.4

Ignored packages (5)

pkgs.prometheus-squid-exporter

Squid Prometheus exporter

nixos-unstable 1.13.0
- nixpkgs-unstable 1.13.0
- nixos-unstable-small 1.13.0
nixos-25.11 1.13.0
- nixos-25.11-small 1.13.0
- nixpkgs-25.11-darwin 1.13.0

pkgs.python312Packages.flyingsquid

More interactive weak supervision with FlyingSquid

nixos-25.11 0.0.0a0
- nixos-25.11-small 0.0.0a0
- nixpkgs-25.11-darwin 0.0.0a0

pkgs.python313Packages.flyingsquid

More interactive weak supervision with FlyingSquid

nixos-unstable 0.0.0a0
- nixpkgs-unstable 0.0.0a0
- nixos-unstable-small 0.0.0a0
nixos-25.11 0.0.0a0
- nixos-25.11-small 0.0.0a0
- nixpkgs-25.11-darwin 0.0.0a0

pkgs.python314Packages.flyingsquid

More interactive weak supervision with FlyingSquid

nixos-unstable 0.0.0a0
- nixpkgs-unstable 0.0.0a0
- nixos-unstable-small 0.0.0a0

pkgs.pkgsRocm.python3Packages.flyingsquid

More interactive weak supervision with FlyingSquid

nixos-unstable 0.0.0a0
- nixpkgs-unstable 0.0.0a0
- nixos-unstable-small 0.0.0a0
nixos-25.11 0.0.0a0
- nixos-25.11-small 0.0.0a0
- nixpkgs-25.11-darwin 0.0.0a0

Package maintainers

@7c6f434c Michael Raskin <7c6f434c@mail.ru>

Upstream advisory: https://github.com/squid-cache/squid/security/advisories/GHSA-f9p7-3jqg-hhvq
Upstream patch: https://github.com/squid-cache/squid/commit/703e07d25ca6fa11f52d20bf0bb879e22ab7481b

Nixpkgs Security Tracker

Details of issue NIXPKGS-2026-0780

References

Affected products

Matching in nixpkgs

pkgs.squid

pkgs.prometheus-squid-exporter

pkgs.python312Packages.flyingsquid

pkgs.python313Packages.flyingsquid

pkgs.python314Packages.flyingsquid

pkgs.pkgsRocm.python3Packages.flyingsquid

Package maintainers