2386026 – (CVE-2025-54574) CVE-2025-54574 squid-cache: Squid Buffer Overflow

Bug 2386026 (CVE-2025-54574) - CVE-2025-54574 squid-cache: Squid Buffer Overflow

Summary: CVE-2025-54574 squid-cache: Squid Buffer Overflow

Keywords:
Status:	NEW
Alias:	CVE-2025-54574
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2386063 2386064
Blocks:
TreeView+	depends on / blocked

Reported:	2025-08-01 19:01 UTC by OSIDB Bzimport
Modified:	2025-09-05 02:43 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2025:14414	0	None	None	None	2025-08-25 01:49:32 UTC

Description OSIDB Bzimport 2025-08-01 19:01:31 UTC

Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URN due to incorrect buffer management. This has been fixed in version 6.4. To work around this issue, disable URN access permissions.

Comment 2 errata-xmlrpc 2025-08-25 01:49:30 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2025:14414 https://access.redhat.com/errata/RHSA-2025:14414

Note You need to log in before you can comment on or make changes to this bug.