Описание
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
A buffer over-read flaw was found in Squid's HTTP Message processing feature. This issue may allow attackers to perform remote denial of service.
Отчет
The only security impact of this vulnerability is a remote denial of service. For this reason, this flaw was rated with an important, and not critical, severity.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | squid | Out of support scope | ||
| Red Hat Enterprise Linux 6 | squid34 | Out of support scope | ||
| Red Hat Enterprise Linux 7 | squid | Fixed | RHSA-2024:1787 | 11.04.2024 |
| Red Hat Enterprise Linux 8 | squid | Fixed | RHSA-2024:0046 | 03.01.2024 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | squid | Fixed | RHSA-2024:0772 | 12.02.2024 |
| Red Hat Enterprise Linux 8.2 Telecommunications Update Service | squid | Fixed | RHSA-2024:0772 | 12.02.2024 |
| Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions | squid | Fixed | RHSA-2024:0772 | 12.02.2024 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | squid | Fixed | RHSA-2024:0773 | 12.02.2024 |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | squid | Fixed | RHSA-2024:0773 | 12.02.2024 |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | squid | Fixed | RHSA-2024:0773 | 12.02.2024 |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and ...
Уязвимость прокси-сервера Squid, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании
7.5 High
CVSS3