CLSA-2026-1774947465

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1774947465.json
JSON Data
https://api.osv.dev/v1/vulns/CLSA-2026-1774947465
Upstream
Published
2026-03-31T08:57:50Z
Modified
2026-06-04T09:45:18.473069097Z
Summary
Fix CVE(s): CVE-2026-32748, CVE-2026-33515, CVE-2026-33526
Details
  • SECURITY UPDATE: Denial of Service in ICP request handling via double rfc1738escape() call causing heap use-after-free
    • debian/patches/CVE-2026-33526.patch: Remove redundant rfc1738escape() call in icpGetRequest()
    • CVE-2026-33526
  • SECURITY UPDATE: Denial of Service in ICP v3 query handling via use-after-free of HttpRequest object
    • debian/patches/CVE-2026-32748.patch: Add proper HTTPMSGLOCK/HTTPMSGUNLOCK to doV3Query() to match doV2Query() locking pattern
    • CVE-2026-32748
  • SECURITY UPDATE: Out-of-bounds read in ICP message handling allows information disclosure
    • debian/patches/CVE-2026-33515.patch: Add icpGetUrl() validation function to check packet bounds and NUL-termination of URLs in ICP messages
    • CVE-2026-33515
References

Affected packages

TuxCare:Debian:10
squid

Package

Name
squid
Purl
pkg:deb/tuxcare/squid?distro=debian-10

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.6-1+deb10u10+tuxcare.els4

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1774947465.json"
squid-cgi

Package

Name
squid-cgi
Purl
pkg:deb/tuxcare/squid-cgi?distro=debian-10

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.6-1+deb10u10+tuxcare.els4

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1774947465.json"
squid-common

Package

Name
squid-common
Purl
pkg:deb/tuxcare/squid-common?distro=debian-10

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.6-1+deb10u10+tuxcare.els4

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1774947465.json"
squid-purge

Package

Name
squid-purge
Purl
pkg:deb/tuxcare/squid-purge?distro=debian-10

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.6-1+deb10u10+tuxcare.els4

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1774947465.json"
squid3

Package

Name
squid3
Purl
pkg:deb/tuxcare/squid3?distro=debian-10

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.6-1+deb10u10+tuxcare.els4

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1774947465.json"
squidclient

Package

Name
squidclient
Purl
pkg:deb/tuxcare/squidclient?distro=debian-10

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.6-1+deb10u10+tuxcare.els4

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/debian10els/CLSA-2026-1774947465.json"