Main Vulnerability Database SB2025082141

SB2025082141 - Debian update for squid

Published: August 21, 2025

Security Bulletin ID SB2025082141

Severity

Medium

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Improper Handling of Structural Elements (CVE-ID: CVE-2023-5824)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper handling of structural elements in HTTP response caching. A remote user can cause a denial of service condition on the target system.

2) Buffer Over-read (CVE-ID: CVE-2025-54574)

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to a boundary error when processing URN Trivial-HTTP responses. A remote user can send a specially crafted HTTP response from the web server to the affected proxy, trigger memory corruption and force the proxy to deliver up to 4KB of Squid allocated heap memory to the client.

Remediation

Install update from vendor's website.

References

https://lists.debian.org/debian-security-announce/2025/msg00146.html