Numerous vulnerabilities in the widely used open-source Squid caching and forwarding web proxy remain unpatched two years after being reported by a researcher. Joshua Rogers identified 55 vulnerabilities using fuzzing, manual code review, and static analysis in 2021. He said that only a few of them have been assigned CVE identifiers, with 35 remaining unpatched. While many of these flaws can lead to a system crash, some can also be exploited for arbitrary code execution. Rogers noted that there are more than 2.5 million Squid instances exposed on the internet and suggested that organizations using it should reconsider whether it’s the right solution for their systems.
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.