OverviewQuickstartResponse FieldsAPI ReferenceSDK ReferenceAccount & PortalAI Agent IntegrationCI/CD IntegrationIntegrations↳ LangChainProductsSupply chainFAQ
products / squid

Squid

Squid is a caching proxy server supporting HTTP, HTTPS, FTP, and other protocols. It has an extensive CVE history concentrated in HTTP request parsing, URI handling, and authentication mechanisms. NVD tracks it under squid-cache:squid.

api usage

Querying Squid

product slugsquid
version format6.5, 5.7, 4.15
bash
curl "https://api.attestd.io/v1/check?product=squid&version=6.3" \
  -H "Authorization: Bearer $ATTESTD_KEY"

Squid 6.3 is affected by CVE-2023-49285 (buffer over-read). The aggregated response expects risk_state: "critical".

json
{
  "product": "squid",
  "version": "6.3",
  "supported": true,
  "risk_state": "critical",
  "risk_factors": [
    "remote_code_execution",
    "internet_exposed_service",
    "no_authentication_required",
    "patch_available"
  ],
  "actively_exploited": false,
  "remote_exploitable": true,
  "authentication_required": false,
  "patch_available": true,
  "fixed_version": "6.5",
  "confidence": 0.85,
  "cve_ids": ["CVE-2023-49285"],
  "last_updated": "2026-02-23T18:21:30Z"
}
safe version

Squid 6.9 has no known relevant vulnerabilities at the time of the last synthesis run.

bash
curl "https://api.attestd.io/v1/check?product=squid&version=6.9" \
  -H "Authorization: Bearer $ATTESTD_KEY"
notable cves

CVE history

Squid's CVE history is one of the largest in the proxy category, with vulnerabilities spanning HTTP/1.1 request parsing, URI handling, NTLM and Digest authentication, and the ICAP protocol integration. High-severity buffer over-reads in request parsing are the most common recent pattern.

CVEDescriptionAffectsCVSS
CVE-2023-49285Buffer over-read in HTTP request header processing via crafted status line in responses.< 6.59.8
CVE-2023-46724Buffer over-read in HTTP message processing triggered by crafted peer response headers.< 6.58.6
CVE-2023-46847Denial of service via crafted Gopher protocol request causing excessive memory allocation.< 6.58.6
CVE-2022-41317Information disclosure via NTLM authentication negotiation, exposing internal network responses to unauthorized clients.< 6.06.5
CVE-2021-46784Denial of service via crafted Gopher URI triggering assertion failure in the URI parser.< 5.7, < 6.27.5
CVE-2020-25097HTTP request smuggling via ICAP protocol allowing cache poisoning through request header manipulation.< 4.15, < 5.0.28.6
related
All productsHAProxyNGINXResponse Field Reference