Описание
Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the default build configuration of Squid version 6.10.
A flaw was found in Squid. Due to input validation and resource management issues, a denial of service may be triggered during the processing of certain Edge Side Includes (ESI) response content.
Отчет
All builds of Squid shipped in supported versions of Red Hat Enterprise Linux are built with the vulnerable (ESI) feature enabled.
Меры по смягчению последствий
This bug was mitigated by the default upstream build configuration of Squid since version 6.10.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | squid | Not affected | ||
| Red Hat Enterprise Linux 6 | squid | Out of support scope | ||
| Red Hat Enterprise Linux 6 | squid34 | Out of support scope | ||
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | squid | Fixed | RHSA-2024:9738 | 14.11.2024 |
| Red Hat Enterprise Linux 8 | squid | Fixed | RHSA-2024:9644 | 14.11.2024 |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | squid | Fixed | RHSA-2024:9624 | 14.11.2024 |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | squid | Fixed | RHSA-2024:9815 | 18.11.2024 |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | squid | Fixed | RHSA-2024:9815 | 18.11.2024 |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | squid | Fixed | RHSA-2024:9815 | 18.11.2024 |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | squid | Fixed | RHSA-2024:9814 | 18.11.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the default build configuration of Squid version 6.10.
Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the default build configuration of Squid version 6.10.
Squid is an open source caching proxy for the Web supporting HTTP, HTT ...
EPSS
7.5 High
CVSS3