CVE-2024-25111

Sažetak

Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending a crafted, chunked, encoded HTTP Message. This bug is fixed in Squid version 6.8. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. There is no workaround for this issue.

Reference

http://www.squid-cache.org/Versions/v6/SQUID-2024_1.patch
https://github.com/squid-cache/squid/security/advisories/GHSA-72c2-c3wm-8qxc
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7R4KPSO3MQT3KAOZV7LC2GG3CYMCGK7H/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWQHRDRHDM5PQTU6BHH4C5KGL37X6TVI/
https://security.netapp.com/advisory/ntap-20240605-0001/
http://www.squid-cache.org/Versions/v6/SQUID-2024_1.patch
https://github.com/squid-cache/squid/security/advisories/GHSA-72c2-c3wm-8qxc
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7R4KPSO3MQT3KAOZV7LC2GG3CYMCGK7H/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWQHRDRHDM5PQTU6BHH4C5KGL37X6TVI/
https://security.netapp.com/advisory/ntap-20240605-0001/

CVSS

Base:	8.6
Impact:	4.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Zadnje važnije ažuriranje

26-02-2025 - 15:14

Objavljeno

06-03-2024 - 19:15