 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.114851 |
| Category: | Web Servers |
| Title: | Squid Multiple DoS Vulnerabilities (GHSA-f975-v7qw-q7hj, SQUID-2024:4) |
| Summary: | Squid is prone to multiple denial of service (DoS); vulnerabilities due to multiple issues in ESI. |
| Description: | Summary: Squid is prone to multiple denial of service (DoS) vulnerabilities due to multiple issues in ESI. Vulnerability Insight: Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. These flaws were part of the 'Squid Caching Proxy Security Audit: 55 vulnerabilities and 35 0days' publication in October 2023 and filed as: - Memory Leak in ESI Error Processing - Assertion in ESI Header Handling - Use-After-Free in ESI 'Try' (and 'Choose') Processing - Use-After-Free in ESI Expression Evaluation - Assertion Due to 0 ESI 'when' Checking - Assertion Using ESI's When Directive - Assertion in ESI Variable Assignment (String) - Assertion in ESI Variable Assignment - Null Pointer Dereference In ESI's esi:include and esi:when Affected Software/OS: Squid version 3.0 through 6.x. Solution: Update to version 7.0 or later. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2024-45802 |
| Copyright | Copyright (C) 2023 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |