CVE-2025-54574
Publication date 1 August 2025
Last updated 4 August 2025
Ubuntu priority
Cvss 3 Severity Score
Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URN due to incorrect buffer management. This has been fixed in version 6.4. To work around this issue, disable URN access permissions.
Status
Package | Ubuntu Release | Status |
---|---|---|
squid3 | 25.04 plucky | Not in release |
24.04 LTS noble | Not in release | |
22.04 LTS jammy | Not in release | |
18.04 LTS bionic |
Needs evaluation
|
|
16.04 LTS xenial |
Needs evaluation
|
|
squid | 25.04 plucky |
Not affected
|
24.04 LTS noble |
Not affected
|
|
22.04 LTS jammy |
Fixed 5.7-0ubuntu0.22.04.4
|
|
20.04 LTS focal |
Fixed 4.10-1ubuntu1.12
|
Notes
mdeslaur
Ths commit to fix this issue is the same commit that fixed CVE-2023-5824 in USN-6728-1, USN-6728-2, and USN-6728-3. See CVE-2023-5824 for additional commits.
Severity score breakdown
Parameter | Value |
---|---|
Base score |
|
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Changed |
Confidentiality | None |
Integrity impact | Low |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H |