Horizon Alert
Summary of the vulnerability and why it matters
This vulnerability impacts Squid, a web caching proxy, specifically when the Internet Cache Protocol (ICP) is enabled. It allows for a reliable denial-of-service attack, potentially disrupting services that rely on this specific Squid configuration. The main concern is confirming relevance and exposure within your specific environment.
- Prevents web proxy services from running.
- Affects Squid when ICP protocol is enabled.
- Confirm if your Squid ICP configuration is exposed.
Attack Path
How an attacker could exploit the issue
An attacker can remotely trigger this vulnerability by sending specially crafted ICP traffic to a Squid proxy that has ICP support explicitly enabled. This could lead to the Squid service becoming unavailable.
- Requires ICP protocol to be enabled.
- Triggered by crafted ICP traffic.
- Results in Denial of Service.
Live Threat
Current exploitation, exposure, and threat context
When Squid's ICP support is explicitly enabled, a remote attacker could cause the service to repeatedly crash. This vulnerability, stemming from a heap use-after-free error, could impact the availability of the Squid proxy when handling ICP traffic.
- Squid service availability.
- Malicious ICP traffic.
- Repeated service crashes.
Operational Fix
Recommended remediation, mitigation, and detection steps
In many organizations, the platform or infrastructure teams responsible for maintaining the Squid proxy service will likely own this issue. The first practical step is to inventory all Squid deployments, confirm if ICP is enabled, assess if these instances are externally reachable, and then identify the specific application or service owners for those critical or exposed instances to plan remediation.
- Platform/Infrastructure teams own the fix.
- Verify ICP port is enabled and exposed.
- Plan maintenance for ICP-enabled Squid instances.