Nixpkgs security tracker

Login with GitHub

Details of issue NIXPKGS-2026-0795

NIXPKGS-2026-0795
published on
Permalink CVE-2026-33515
updated 1 month, 1 week ago by @LeSuisse Activity log
  • Created suggestion 1 month, 1 week ago
  • @LeSuisse ignored
    5 packages
    • prometheus-squid-exporter
    • python312Packages.flyingsquid
    • python313Packages.flyingsquid
    • python314Packages.flyingsquid
    • pkgsRocm.python3Packages.flyingsquid
    1 month, 1 week ago
  • @LeSuisse accepted 1 month, 1 week ago
  • @LeSuisse published on GitHub 1 month, 1 week ago
Squid has issues in ICP message handling

Squid is a caching proxy for the Web. Prior to version 7.5, due to improper input validation, Squid is vulnerable to out of bounds read when handling ICP traffic. This problem allows a remote attacker to receive small amounts of memory potentially containing sensitive information when responding with errors to invalid ICP requests. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero `icp_port`). This problem cannot be mitigated by denying ICP queries using `icp_access` rules. Version 7.5 contains a patch.

Affected products

squid
  • ==< 7.5

Matching in nixpkgs

pkgs.squid

Caching proxy for the Web supporting HTTP, HTTPS, FTP, and more

  • nixos-unstable 7.4
    • nixpkgs-unstable 7.4
    • nixos-unstable-small 7.4
  • nixos-25.11 7.4
    • nixos-25.11-small 7.4
    • nixpkgs-25.11-darwin 7.4
Ignored packages (5)

Package maintainers

Upstream advisory: https://github.com/squid-cache/squid/security/advisories/GHSA-84p4-hcx7-jj7c
Upstream patch: https://github.com/squid-cache/squid/commit/8138e909d2058d4401e0ad49b583afaec912b165