Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-23638

Published: 24/01/2024 Updated: 25/04/2024
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Squid-cache

Vulnerability Summary

Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client Manager reports. Squid older than 5.0.5 have not been tested and should be assumed to be vulnerable. All Squid-5.x up to and including 5.9 are vulnerable. All Squid-6.x up to and including 6.5 are vulnerable. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. As a workaround, prevent access to Cache Manager using Squid's main access control: `http_access deny manager`.

Vulnerable Product Search on Vulmon Subscribe to Product

squid-cache squid

Vendor Advisories

Amazon Linux 2: ALAS-2024-2433
Squid is a caching proxy for the Web Due to an expired pointer reference bug, Squid prior to version 66 is vulnerable to a Denial of Service attack against Cache Manager error responses This problem allows a trusted client to perform Denial of Service when generating error pages for Client Manager reports Squid older than 505 have not been te ...
Red Hat:
Description<!---->A flaw was found in Squid, resulting in a potential denial of service attack targeting Cache Manager error responses This issue enables a trusted client to execute a denial of service by manipulating the generation of error pages for Client Manager reportsA flaw was found in Squid, resulting in a potential denial of service atta ...

References

CWE-672https://github.com/squid-cache/squid/security/advisories/GHSA-j49p-553x-48rxhttps://github.com/squid-cache/squid/commit/290ae202883ac28a48867079c2fb34c40efd382bhttps://github.com/squid-cache/squid/commit/e8118a7381213f5cfcdeb4cec1d2d854bfd261c8https://megamansec.github.io/Squid-Security-Audit/stream-assert.htmlhttp://www.squid-cache.org/Versions/v5/SQUID-2023_11.patchhttp://www.squid-cache.org/Versions/v6/SQUID-2023_11.patchhttps://security.netapp.com/advisory/ntap-20240208-0010/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7R4KPSO3MQT3KAOZV7LC2GG3CYMCGK7H/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWQHRDRHDM5PQTU6BHH4C5KGL37X6TVI/https://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2024-2433.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook