Numerous vulnerabilities in the widely used open-source Squid caching and forwarding web proxy remain unpatched two years after being reported by a researcher. Joshua Rogers identified 55 vulnerabilities using fuzzing, manual code review, and static analysis in 2021. He said that only a few of them have been assigned CVE identifiers, with 35 remaining unpatched. While many of these flaws can lead to a system crash, some can also be exploited for arbitrary code execution. Rogers noted that there are more than 2.5 million Squid instances exposed on the internet and suggested that organizations using it should reconsider whether it’s the right solution for their systems.

Read more: https://www.securityweek.com/dozens-of-squid-proxy-vulnerabilities-remain-unpatched-2-years-after-disclosure/