View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2025-54574 severity important: SUSE including 1 source package names (squid), 27 product×package rows across 27 product lines (SLES-LTSS-TERADATA 15 SP2, SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS, … (27 product lines)): Will Not Fix 24, Known Not Affected 3.
Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URN due to incorrect buffer management. This has been fixed in version 6.4. To work around this issue, disable URN access permissions.