Vulnerability in Squid-cache Squid
CVE-2024-23638
Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform De…
EPSS: 0.601 (99.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Affected products
- Squid-cache Squid — versions < 6.6
Weakness classification (CWE)
Public proof-of-concept exploits
References
- https://github.com/squid-cache/squid/security/advisories/GHSA-j49p-553x-48rx (x_refsource_CONFIRM)
- https://github.com/squid-cache/squid/commit/290ae202883ac28a48867079c2fb34c40efd382b (x_refsource_MISC)
- https://github.com/squid-cache/squid/commit/e8118a7381213f5cfcdeb4cec1d2d854bfd261c8 (x_refsource_MISC)
- https://megamansec.github.io/Squid-Security-Audit/stream-assert.html (x_refsource_MISC)
- http://www.squid-cache.org/Versions/v5/SQUID-2023_11.patch (x_refsource_MISC)
- http://www.squid-cache.org/Versions/v6/SQUID-2023_11.patch (x_refsource_MISC)
- security.netapp.com/advisory/ntap-20240208-0010/
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/…
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/…
Frequently asked questions
- What is CVE-2024-23638?
- CVE-2024-23638 is a medium-severity vulnerability in Squid-cache Squid, classified under CWE-825. CVSS score: 6.5/10. Published 2024-01-23.
- How severe is CVE-2024-23638?
- Medium severity. CVSS v3 base score is 6.5 out of 10.
- Is CVE-2024-23638 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.