CVE-2024-23638

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-23638

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-23638.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-23638

Aliases

GHSA-j49p-553x-48rx

Related

Published

2024-01-24T00:15:08Z

Modified

2024-08-01T04:59:06.011793Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client Manager reports. Squid older than 5.0.5 have not been tested and should be assumed to be vulnerable. All Squid-5.x up to and including 5.9 are vulnerable. All Squid-6.x up to and including 6.5 are vulnerable. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. As a workaround, prevent access to Cache Manager using Squid's main access control: http_access deny manager.

References

Affected packages

Git / github.com/squid-cache/squid

Affected ranges

Type: GIT
Repo: https://github.com/squid-cache/squid
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

290ae202883ac28a48867079c2fb34c40efd382b

Fixed

e8118a7381213f5cfcdeb4cec1d2d854bfd261c8

Affected versions

4.*

4.15-20210522-snapshot

4.15-20210523-snapshot

4.15-20210524-snapshot

4.15-20210525-snapshot

4.15-20210527-snapshot

5.*

5.0.6-20210522-snapshot

5.0.6-20210523-snapshot

5.0.6-20210524-snapshot

5.0.6-20210525-snapshot

5.0.6-20210527-snapshot

6.*

6.0.0-20210522-master-snapshot

6.0.0-20210523-master-snapshot

6.0.0-20210524-master-snapshot

6.0.0-20210525-master-snapshot

6.0.0-20210527-master-snapshot

Other

BASIC_TPROXY4

M-staged-PR161

M-staged-PR164

M-staged-PR170

M-staged-PR176

M-staged-PR179

M-staged-PR181

M-staged-PR182

M-staged-PR186

M-staged-PR189

M-staged-PR193

M-staged-PR195

M-staged-PR196

M-staged-PR198

M-staged-PR199

M-staged-PR200

M-staged-PR202

M-staged-PR206

M-staged-PR208

M-staged-PR209

M-staged-PR210

M-staged-PR218

M-staged-PR220

M-staged-PR221

M-staged-PR225

M-staged-PR227

M-staged-PR229

M-staged-PR230

M-staged-PR235

M-staged-PR237

M-staged-PR238

M-staged-PR239

M-staged-PR241

M-staged-PR242

M-staged-PR252

M-staged-PR255

M-staged-PR258

M-staged-PR264

M-staged-PR266

M-staged-PR267

M-staged-PR268

M-staged-PR274

M-staged-PR276

M-staged-PR293

M-staged-PR294

M-staged-PR295

M-staged-PR299

M-staged-PR306

M-staged-PR314

M-staged-PR319

M-staged-PR342

M-staged-PR345

M-staged-PR348

M-staged-PR351

M-staged-PR359

M-staged-PR364

M-staged-PR365

M-staged-PR366

M-staged-PR370

M-staged-PR372

M-staged-PR373

M-staged-PR375

M-staged-PR376

SQUID_3_0_PRE1

SQUID_3_0_PRE2

SQUID_3_0_PRE3

SQUID_3_0_PRE4

SQUID_3_0_PRE5

SQUID_3_0_PRE6

SQUID_3_0_PRE7

SQUID_3_0_RC1

SQUID_3_5_27

SQUID_4_0_1

SQUID_4_0_10

SQUID_4_0_11

SQUID_4_0_12

SQUID_4_0_13

SQUID_4_0_14

SQUID_4_0_15

SQUID_4_0_16

SQUID_4_0_2

SQUID_4_0_3

SQUID_4_0_4

SQUID_4_0_5

SQUID_4_0_6

SQUID_4_0_7

SQUID_4_0_8

SQUID_4_0_9

SQUID_6_0_1

SQUID_6_0_2

SQUID_6_0_3

SQUID_6_1

SQUID_6_2

SQUID_6_3

SQUID_6_4

SQUID_6_5

for-libecap-v0p1

merge-candidate-3-v1

merge-candidate-3-v2

sourceformat-review-1

take00

take01

take02

take03

take04

take06

take07

take08

take09

take1

take2

BumpSslServerFirst.*

BumpSslServerFirst.take01

BumpSslServerFirst.take02

BumpSslServerFirst.take03

BumpSslServerFirst.take04

BumpSslServerFirst.take05

BumpSslServerFirst.take06

BumpSslServerFirst.take07

BumpSslServerFirst.take08

BumpSslServerFirst.take09

BumpSslServerFirst.take10