CVE-2025-59362: 
Squid vulnerability analysis and mitigation

Squid through version 7.1 contains a vulnerability (CVE-2025-59362) related to the mishandling of ASN.1 encoding of long SNMP OIDs, specifically in the asnbuildobjid function within lib/snmplib/asn1.c. The vulnerability was discovered in September 2025 and affects all versions of Squid up to 7.1 (NVD, RedHat).

The vulnerability is characterized by improper handling of ASN.1 encoding when processing long SNMP OIDs. It has been assigned a CVSS v3.1 base score of 5.3 with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L, indicating network accessibility with low attack complexity and no required privileges or user interaction. The vulnerability is classified under CWE-121 (Stack-based Buffer Overflow) (RedHat).

The vulnerability primarily affects the availability of the system, with no direct impact on confidentiality or integrity. The CVSS scoring indicates a low impact on availability, suggesting potential service disruptions or degraded performance when exploited (RedHat).

A fix has been implemented and is available through a patch in the Squid repository. The fix addresses the ASN.1 encoding issues for long SNMP OIDs. For systems where immediate patching is not possible, Red Hat notes that mitigation options are either not available or do not meet their Product Security criteria for ease of use and deployment (RedHat, GitHub).