Critical Squid Proxy Vulnerability Enables Remote Code Execution

A severe security vulnerability designated as SQUID-2025:1 has been identified in the popular Squid HTTP proxy server, affecting millions of installations worldwide.

The flaw, discovered by security researcher StarryNight and published by GitHub user yadij, represents a critical heap buffer overflow condition in URN (Uniform Resource Name) handling mechanisms that could potentially allow remote code execution attacks.

Vulnerability Technical Analysis and Impact

The vulnerability stems from incorrect buffer management within Squid’s URN processing routines, creating a dangerous heap buffer overflow condition.

When processing URN Trivial-HTTP responses, the flaw enables remote servers to execute buffer overflow attacks, potentially exposing up to 4KB of Squid’s allocated heap memory to unauthorized clients.

This memory disclosure poses significant security risks as it may contain sensitive information, including security credentials, authentication tokens, or other confidential data.

The vulnerability affects a broad range of Squid versions, with all releases before version 6.4 considered vulnerable.

Specifically, all Squid-4. x versions up to and including 4.17, all Squid-5 versions through 5.9, and Squid-6. x versions up to 6.3 are susceptible to this attack vector.

Legacy installations running Squid versions older than 4.14 should be assumed vulnerable, as they have not undergone comprehensive security testing for this particular flaw.

Mitigation Strategies and Security Patches

The Squid development team, working in collaboration with The Measurement Factory, has released version 6.4 as the primary remediation for this vulnerability.

For organizations unable to immediately upgrade, a temporary workaround involves disabling URN access permissions through Access Control List (ACL) configuration:

textacl URN proto URN
http_access deny URN

This configuration effectively blocks URN protocol requests, eliminating the attack vector while maintaining core proxy functionality.

The fix has been backported to stable releases, with commit a27bf4b84da23594150c7a86a23435df0b35b988 providing the specific patch for Squid 6.x installations.

Organizations utilizing prepackaged Squid distributions should consult their respective vendors for updated packages and deployment timelines.

The vulnerability’s critical severity rating and potential for remote exploitation necessitates immediate attention from system administrators managing Squid proxy infrastructures in production environments.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates