Main Vulnerability Database Vulnerabilities #VU99355

Resource management error in Squid - CVE-2024-45802

Published: October 28, 2024

Vulnerability identifier: #VU99355

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-45802

CWE-ID: CWE-399

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Squid-cache.org

Affected software:
Squid

Detailed vulnerability description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the application when processing ESI response content. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Successful exploitation of the vulnerability requires that Squid is acting as reverse proxy where ESI feature has been enabled at build time.

How to mitigate CVE-2024-45802

Install updates from vendor's website.

Sources

https://github.com/squid-cache/squid/security/advisories/GHSA-f975-v7qw-q7hj

Resource management error in Squid - CVE-2024-45802

Detailed vulnerability description

How to mitigate CVE-2024-45802

Sources

Please verify you're human