Squid vulnerable to Denial of Service attacks due to security bugs
CVE-2024-45802

7.5HIGH

Key Information:

Vendor: Squid-cache
Status: Squid
Vendor: CVE Published:; 28 October 2024

🔔 Create Squid-cache Vulnerability Alert

What is CVE-2024-45802?

The Squid Proxy is an open-source caching solution that facilitates web traffic management for various protocols such as HTTP, HTTPS, and FTP. A vulnerability exists that arises from improper input validation and issues related to resource management. Specifically, the vulnerability permits a trusted server to exploit these weaknesses, thereby potentially launching Denial of Service attacks against all clients utilizing the Squid Proxy. This can disrupt services and degrade the overall performance of the proxy server, affecting the reliability of web traffic management. The issue has been rectified in the default build configuration of Squid version 6.10.

Affected Version(s)

squid >= 3.0, < 6.10

References

https://github.com/squid-cache/squid/security/advisories/...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 28, 2024
Vulnerability Reserved
Sep 9, 2024