CVE-2024-45802

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-45802
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-45802.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-45802
Aliases
  • GHSA-f975-v7qw-q7hj
Related
Published
2024-10-28T15:15:04Z
Modified
2024-11-05T23:50:04.727909Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the default build configuration of Squid version 6.10.

References

Affected packages

Debian:11 / squid

Package

Name
squid
Purl
pkg:deb/debian/squid?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.13-10
4.13-10+deb11u1
4.13-10+deb11u2
4.13-10+deb11u3

5.*

5.1-2
5.2-1
5.5-1
5.5-1.1
5.6-1
5.7-1
5.7-2

6.*

6.1-1
6.1-2
6.3-1
6.5-1
6.6-1
6.8-1
6.9-1
6.10-1
6.12-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / squid

Package

Name
squid
Purl
pkg:deb/debian/squid?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.7-2
5.7-2+deb12u1
5.7-2+deb12u2

6.*

6.1-1
6.1-2
6.3-1
6.5-1
6.6-1
6.8-1
6.9-1
6.10-1
6.12-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / squid

Package

Name
squid
Purl
pkg:deb/debian/squid?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.12-1

Affected versions

5.*

5.7-2

6.*

6.1-1
6.1-2
6.3-1
6.5-1
6.6-1
6.8-1
6.9-1
6.10-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/squid-cache/squid

Affected ranges

Type
GIT
Repo
https://github.com/squid-cache/squid
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

4.*

4.15-20210522-snapshot
4.15-20210523-snapshot
4.15-20210524-snapshot
4.15-20210525-snapshot
4.15-20210527-snapshot

5.*

5.0.6-20210522-snapshot
5.0.6-20210523-snapshot
5.0.6-20210524-snapshot
5.0.6-20210525-snapshot
5.0.6-20210527-snapshot

6.*

6.0.0-20210522-master-snapshot
6.0.0-20210523-master-snapshot
6.0.0-20210524-master-snapshot
6.0.0-20210525-master-snapshot
6.0.0-20210527-master-snapshot

Other

BASIC_TPROXY4
M-staged-PR161
M-staged-PR164
M-staged-PR170
M-staged-PR176
M-staged-PR179
M-staged-PR181
M-staged-PR182
M-staged-PR186
M-staged-PR189
M-staged-PR193
M-staged-PR195
M-staged-PR196
M-staged-PR198
M-staged-PR199
M-staged-PR200
M-staged-PR202
M-staged-PR206
M-staged-PR208
M-staged-PR209
M-staged-PR210
M-staged-PR218
M-staged-PR220
M-staged-PR221
M-staged-PR225
M-staged-PR227
M-staged-PR229
M-staged-PR230
M-staged-PR235
M-staged-PR237
M-staged-PR238
M-staged-PR239
M-staged-PR241
M-staged-PR242
M-staged-PR252
M-staged-PR255
M-staged-PR258
M-staged-PR264
M-staged-PR266
M-staged-PR267
M-staged-PR268
M-staged-PR274
M-staged-PR276
M-staged-PR293
M-staged-PR294
M-staged-PR295
M-staged-PR299
M-staged-PR306
M-staged-PR314
M-staged-PR319
M-staged-PR342
M-staged-PR345
M-staged-PR348
M-staged-PR351
M-staged-PR359
M-staged-PR364
M-staged-PR365
M-staged-PR366
M-staged-PR370
M-staged-PR372
M-staged-PR373
M-staged-PR375
M-staged-PR376
SQUID_3_0_PRE1
SQUID_3_0_PRE2
SQUID_3_0_PRE3
SQUID_3_0_PRE4
SQUID_3_0_PRE5
SQUID_3_0_PRE6
SQUID_3_0_PRE7
SQUID_3_0_RC1
SQUID_3_5_27
SQUID_4_0_1
SQUID_4_0_10
SQUID_4_0_11
SQUID_4_0_12
SQUID_4_0_13
SQUID_4_0_14
SQUID_4_0_15
SQUID_4_0_16
SQUID_4_0_2
SQUID_4_0_3
SQUID_4_0_4
SQUID_4_0_5
SQUID_4_0_6
SQUID_4_0_7
SQUID_4_0_8
SQUID_4_0_9
SQUID_6_0_1
SQUID_6_0_2
SQUID_6_0_3
SQUID_6_1
SQUID_6_2
SQUID_6_3
SQUID_6_4
SQUID_6_5
SQUID_6_6
SQUID_6_7
SQUID_6_8
SQUID_6_9
for-libecap-v0p1
merge-candidate-3-v1
merge-candidate-3-v2
sourceformat-review-1
take00
take01
take02
take03
take04
take06
take07
take08
take09
take1
take2

BumpSslServerFirst.*

BumpSslServerFirst.take01
BumpSslServerFirst.take02
BumpSslServerFirst.take03
BumpSslServerFirst.take04
BumpSslServerFirst.take05
BumpSslServerFirst.take06
BumpSslServerFirst.take07
BumpSslServerFirst.take08
BumpSslServerFirst.take09
BumpSslServerFirst.take10