Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-45802

Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the default build configuration of Squid version 6.10.

Published

2024-10-28T15:15:04.857

Last Modified

2025-01-03T12:15:26.117

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-20
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	squid-cache	squid	< 6.10	Yes

References

https://github.com/squid-cache/squid/security/advisories/GHSA-f975-v7qw-q7hj Mitigation, Third Party Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20250103-0004/ (af854a3a-2127-422b-91ae-364da2661108)