Security News > 2023 > October > Squid games: 35 security holes still unpatched in proxy after 2 years, now public

Squid games: 35 security holes still unpatched in proxy after 2 years, now public
2023-10-13 00:21

35 vulnerabilities in the Squid caching proxy remain unfixed more than two years after being found and disclosed to the open source project's maintainers, according to the person who reported them.

Squid is a caching and forwarding HTTP web proxy that is very widely used by ISPs and website operators.

In February 2021, security researcher Joshua Rogers performed a security audit of Squid and said he uncovered 55 flaws in the project's C++ source code.

The Register emailed several Squid developers listed on the contact page and did not immediately receive responses to our questions.

"The Squid Team have been helpful and supportive during the process of reporting these issues," Rogers conceded.

Back to the issue at hand: with more than 2.5 million Squid instances available on the internet, we'd suggest reading through the vulnerability descriptions if you are running the code.


News URL

https://go.theregister.com/feed/www.theregister.com/2023/10/13/squid_proxy_bugs_remain_unfixed/