Squid is a caching proxy for the Web. Prior to version 7.5, due to premature release of resource during expected lifetime and heap Use-After-Free bugs, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial of Service attack against the Squid service using ICP protocol. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero icp_port). This problem cannot be mitigated by denying ICP queries using icp_access rules. This bug is fixed in Squid version 7.5.
5.9-0ubuntu0.22.04.56.14-0ubuntu0.24.04.26.14-0ubuntu0.25.10.23.3.8-1ubuntu163.3.8-1ubuntu173.5.12-1ubuntu63.5.12-1ubuntu73.5.12-1ubuntu7.13.5.12-1ubuntu7.103.5.12-1ubuntu7.113.5.12-1ubuntu7.123.5.12-1ubuntu7.133.5.12-1ubuntu7.14+16 more3.5.23-5ubuntu13.5.23-5ubuntu23.5.27-1ubuntu13.5.27-1ubuntu1.13.5.27-1ubuntu1.103.5.27-1ubuntu1.113.5.27-1ubuntu1.123.5.27-1ubuntu1.133.5.27-1ubuntu1.143.5.27-1ubuntu1.14+esm1+12 more4.10-1ubuntu14.10-1ubuntu1.14.10-1ubuntu1.104.10-1ubuntu1.114.10-1ubuntu1.124.10-1ubuntu1.134.10-1ubuntu1.13+esm14.10-1ubuntu1.13+esm24.10-1ubuntu1.24.10-1ubuntu1.3+12 moreExploitability
AV:NAC:LAT:NPR:NUI:NVulnerable System
VC:NVI:NVA:HSubsequent System
SC:NSI:NSA:LCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L