{"id":"USN-8435-1","summary":"squid vulnerabilities","details":"It was discovered that Squid incorrectly handled FTP gateway processing\nunder certain circumstances, which could result in an out-of-bounds read. A\nremote attacker could use this issue to cause Squid to crash, resulting in\na denial of service, or possibly obtain sensitive information.\n(CVE-2026-47729)\n\nIt was discovered that Squid incorrectly handled cache digest processing\nunder certain circumstances, which could result in a heap-based buffer\noverflow. A remote attacker could use this issue to cause Squid to crash,\nresulting in a denial of service, or possibly execute arbitrary code.\n(CVE-2026-50012)","modified":"2026-06-16T21:59:19.991888340Z","published":"2026-06-16T14:27:13Z","related":["UBUNTU-CVE-2026-47729","UBUNTU-CVE-2026-50012"],"upstream":["CVE-2026-47729","CVE-2026-50012","UBUNTU-CVE-2026-47729","UBUNTU-CVE-2026-50012"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-8435-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-47729"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-50012"}],"affected":[{"package":{"name":"squid","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/squid?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.9-0ubuntu0.22.04.7"}]}],"versions":["4.13-10ubuntu5","5.2-1ubuntu1","5.2-1ubuntu3","5.2-1ubuntu4","5.2-1ubuntu4.1","5.2-1ubuntu4.2","5.2-1ubuntu4.3","5.7-0ubuntu0.22.04.1","5.7-0ubuntu0.22.04.2","5.7-0ubuntu0.22.04.3","5.7-0ubuntu0.22.04.4","5.9-0ubuntu0.22.04.1","5.9-0ubuntu0.22.04.2","5.9-0ubuntu0.22.04.3","5.9-0ubuntu0.22.04.4","5.9-0ubuntu0.22.04.5"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"5.9-0ubuntu0.22.04.7","binary_name":"squid"},{"binary_version":"5.9-0ubuntu0.22.04.7","binary_name":"squid-cgi"},{"binary_version":"5.9-0ubuntu0.22.04.7","binary_name":"squid-common"},{"binary_version":"5.9-0ubuntu0.22.04.7","binary_name":"squid-openssl"},{"binary_version":"5.9-0ubuntu0.22.04.7","binary_name":"squid-purge"},{"binary_version":"5.9-0ubuntu0.22.04.7","binary_name":"squidclient"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:22.04:LTS","cves":[{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-47729"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-50012"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8435-1.json"}},{"package":{"name":"squid","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/squid?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.14-0ubuntu0.24.04.4"}]}],"versions":["6.1-2ubuntu1","6.1-2ubuntu2","6.5-1ubuntu1","6.5-1ubuntu2","6.5-1ubuntu3","6.6-1ubuntu4","6.6-1ubuntu5","6.6-1ubuntu5.1","6.10-0ubuntu0.24.04.1","6.13-0ubuntu0.24.04.1","6.13-0ubuntu0.24.04.2","6.13-0ubuntu0.24.04.3","6.14-0ubuntu0.24.04.1","6.14-0ubuntu0.24.04.2"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"6.14-0ubuntu0.24.04.4","binary_name":"squid"},{"binary_version":"6.14-0ubuntu0.24.04.4","binary_name":"squid-cgi"},{"binary_version":"6.14-0ubuntu0.24.04.4","binary_name":"squid-common"},{"binary_version":"6.14-0ubuntu0.24.04.4","binary_name":"squid-openssl"},{"binary_version":"6.14-0ubuntu0.24.04.4","binary_name":"squid-purge"},{"binary_version":"6.14-0ubuntu0.24.04.4","binary_name":"squidclient"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:24.04:LTS","cves":[{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-47729"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-50012"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8435-1.json"}},{"package":{"name":"squid","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/squid?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.14-0ubuntu0.25.10.4"}]}],"versions":["6.13-1ubuntu1","6.13-1ubuntu2","6.13-1ubuntu3","6.13-1ubuntu4","6.13-1ubuntu4.1","6.14-0ubuntu0.25.10.1","6.14-0ubuntu0.25.10.2"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"6.14-0ubuntu0.25.10.4","binary_name":"squid"},{"binary_version":"6.14-0ubuntu0.25.10.4","binary_name":"squid-cgi"},{"binary_version":"6.14-0ubuntu0.25.10.4","binary_name":"squid-common"},{"binary_version":"6.14-0ubuntu0.25.10.4","binary_name":"squid-openssl"},{"binary_version":"6.14-0ubuntu0.25.10.4","binary_name":"squid-purge"},{"binary_version":"6.14-0ubuntu0.25.10.4","binary_name":"squidclient"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:25.10","cves":[{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-47729"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-50012"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8435-1.json"}},{"package":{"name":"squid","ecosystem":"Ubuntu:26.04:LTS","purl":"pkg:deb/ubuntu/squid?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.2-2ubuntu2.2"}]}],"versions":["6.13-1ubuntu4","6.13-1ubuntu5","7.2-2ubuntu1","7.2-2ubuntu2"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"7.2-2ubuntu2.2","binary_name":"squid"},{"binary_version":"7.2-2ubuntu2.2","binary_name":"squid-common"},{"binary_version":"7.2-2ubuntu2.2","binary_name":"squid-openssl"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:26.04:LTS","cves":[{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-47729"},{"severity":[{"score":"medium","type":"Ubuntu"}],"id":"CVE-2026-50012"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8435-1.json"}}],"schema_version":"1.7.5"}