DEBIAN-CVE-2024-45802

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2024-45802
Import Source
https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2024-45802.json
JSON Data
https://api.osv.dev/v1/vulns/DEBIAN-CVE-2024-45802
Upstream
Published
2024-10-28T15:15:04.857Z
Modified
2026-01-10T14:07:20.316010Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the default build configuration of Squid version 6.10.

References

Affected packages

Debian:11 / squid

Package

Name
squid
Purl
pkg:deb/debian/squid?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.13-10+deb11u4

Affected versions

4.*

4.13-10
4.13-10+deb11u1
4.13-10+deb11u2
4.13-10+deb11u3

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2024-45802.json"

Debian:12 / squid

Package

Name
squid
Purl
pkg:deb/debian/squid?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.7-2+deb12u5

Affected versions

5.*

5.7-2
5.7-2+deb12u1
5.7-2+deb12u2
5.7-2+deb12u3
5.7-2+deb12u4

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2024-45802.json"

Debian:13 / squid

Package

Name
squid
Purl
pkg:deb/debian/squid?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.12-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2024-45802.json"

Debian:14 / squid

Package

Name
squid
Purl
pkg:deb/debian/squid?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.12-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2024-45802.json"