Описание
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack.
A flaw was found in Squid. An out-of-bounds write can be triggered when an Edge Side Includes (ESI) variable is assigned to a value not in the standard ASCII range, for example, multi-byte characters. This flaw allows a trusted server to crash Squid while processing an ESI response content, resulting in a denial of service.
Отчет
Squid as shipped in Red Hat Enterprise Linux 8 and 9 is vulnerable to this vulnerability as the ESI support is enabled by default. This flaw requires Squid to be in a reverse proxy configuration and using an ESI variable with non ASCII characters, allowing a trusted server to cause a denial of service. For these reasons, this flaw was rated with a Moderate severity.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | squid | Out of support scope | ||
| Red Hat Enterprise Linux 6 | squid34 | Out of support scope | ||
| Red Hat Enterprise Linux 7 | squid | Out of support scope | ||
| Red Hat Enterprise Linux 8 | squid:4/squid | Will not fix | ||
| Red Hat Enterprise Linux 9 | squid | Fixed | RHSA-2024:4861 | 25.07.2024 |
| Red Hat Enterprise Linux 9.2 Extended Update Support | squid | Fixed | RHSA-2024:5906 | 27.08.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.3 Medium
CVSS3
Связанные уязвимости
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack.
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Out-of-bounds Write error when assigning ESI variables, Squid is susceptible to a Memory Corruption error. This error can lead to a Denial of Service attack.
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and ...
EPSS
6.3 Medium
CVSS3