CVE-2024-45802 – Squid Denial of Service
https://notcve.org/view.php?id=CVE-2024-45802
Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the default build configuration of Squid version 6.10. A flaw was found in Squid. Due to input validation and resource management issues, a denial of service may be triggered during the processing of certain Edge Side Includes (ESI) response content. • https://github.com/squid-cache/squid/security/advisories/GHSA-f975-v7qw-q7hj https://access.redhat.com/security/cve/CVE-2024-45802 https://bugzilla.redhat.com/show_bug.cgi?id=2322154 • CWE-20: Improper Input Validation •
CVE-2024-37894 – Squid vulnerable to heap corruption in ESI assign
https://notcve.org/view.php?id=CVE-2024-37894
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack. Squid es un proxy de almacenamiento en caché para la Web que admite HTTP, HTTPS, FTP y más. Debido a un error de escritura fuera de los límites al asignar variables ESI, Squid es susceptible a un error de corrupción de memoria. • https://github.com/squid-cache/squid/commit/f411fe7d75197852f0e5ee85027a06d58dd8df4c.patch https://github.com/squid-cache/squid/security/advisories/GHSA-wgvf-q977-9xjg https://security.netapp.com/advisory/ntap-20240719-0001 https://access.redhat.com/security/cve/CVE-2024-37894 https://bugzilla.redhat.com/show_bug.cgi?id=2294353 • CWE-787: Out-of-bounds Write •
CVE-2024-25111 – SQUID-2024:1 Denial of Service in HTTP Chunked Decoding
https://notcve.org/view.php?id=CVE-2024-25111
Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending a crafted, chunked, encoded HTTP Message. This bug is fixed in Squid version 6.8. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. • http://www.squid-cache.org/Versions/v6/SQUID-2024_1.patch https://github.com/squid-cache/squid/security/advisories/GHSA-72c2-c3wm-8qxc https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7R4KPSO3MQT3KAOZV7LC2GG3CYMCGK7H https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWQHRDRHDM5PQTU6BHH4C5KGL37X6TVI https://security.netapp.com/advisory/ntap-20240605-0001 https://access.redhat.com/security/cve/CVE-2024-25111 https://bugzilla.redhat.com • CWE-674: Uncontrolled Recursion •
CVE-2024-25617 – Denial of Service in HTTP Header parser in squid proxy
https://notcve.org/view.php?id=CVE-2024-25617
Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to perform Denial of Service when sending oversized headers in HTTP messages. In versions of Squid prior to 6.5 this can be achieved if the request_header_max_size or reply_header_max_size settings are unchanged from the default. In Squid version 6.5 and later, the default setting of these parameters is safe. • https://github.com/squid-cache/squid/commit/72a3bbd5e431597c3fdb56d752bc56b010ba3817 https://github.com/squid-cache/squid/security/advisories/GHSA-h5x6-w8mv-xfpr https://security.netapp.com/advisory/ntap-20240322-0006 https://access.redhat.com/security/cve/CVE-2024-25617 https://bugzilla.redhat.com/show_bug.cgi?id=2264309 • CWE-182: Collapse of Data into Unsafe Value CWE-400: Uncontrolled Resource Consumption •
CVE-2023-50269 – SQUID-2023:10 Denial of Service in HTTP Request parsing
https://notcve.org/view.php?id=CVE-2023-50269
Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to perform Denial of Service attack by sending a large X-Forwarded-For header when the follow_x_forwarded_for feature is configured. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. • http://www.squid-cache.org/Versions/v5/SQUID-2023_10.patch http://www.squid-cache.org/Versions/v6/SQUID-2023_10.patch https://github.com/squid-cache/squid/security/advisories/GHSA-wgq4-4cfg-c4x3 https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC https: • CWE-674: Uncontrolled Recursion •