CVE-2025-59362

Published Sep 26, 2025

Last updated 5 months ago

CVSS medium 4.0

Overview

Description
Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs. This occurs in asn_build_objid in lib/snmplib/asn1.c.
Source
cve@mitre.org
NVD status
Analyzed
Products
squid

Risk scores

CVSS 3.1

Type
Secondary
Base score
4
Impact score
1.4
Exploitability score
2.5
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Severity
MEDIUM

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-121

Social media

Hype score
Not currently trending

  1. CVE-2025-59362 Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs. This occurs in asn_build_objid in lib/snmplib/asn1.c. https://t.co/Zhb3zZYqud

    @CVEnew

    26 Sept 2025

    327 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-59362 Squid Web Proxy Cache 7.1-VCS - snmp message processing stack based buffer-overflow https://t.co/KJda8fSgnh

    @syspwnx

    15 Sept 2025

    1806 Impressions

    5 Retweets

    14 Likes

    5 Bookmarks

    1 Reply

    0 Quotes

  3. CVE-2025-59362 Squid Web Proxy Cache 7.1-VCS - snmp message processing stack based buffer-overflow https://t.co/4gDIdOHgdb

    @microsvuln

    15 Sept 2025

    1086 Impressions

    2 Retweets

    15 Likes

    6 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to authenticate. This potentially allows a remote client to identify security tokens or credentials used internally by a web application using Squid for backend load balancing. These attacks do not require Squid to be configured with HTTP authentication. The vulnerability is fixed in version 7.2. As a workaround, disable debug information in administrator mailto links generated by Squid by configuring squid.conf with email_err_data off.CVE-2025-62168
  2. Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URN due to incorrect buffer management. This has been fixed in version 6.4. To work around this issue, disable URN access permissions.CVE-2025-54574
  3. Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the default build configuration of Squid version 6.10.CVE-2024-45802
  4. Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack.CVE-2024-37894
  5. Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending a crafted, chunked, encoded HTTP Message. This bug is fixed in Squid version 6.8. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. There is no workaround for this issue.CVE-2024-25111

References

Sources include official advisories and independent security research.