CVE-2024-45802

CVE-2024-45802

Name

CVE-2024-45802

Description

Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the default build configuration of Squid version 6.10.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
CONFIRM	https://github.com/squid-cache/squid/security/advisories/GHSA-f975-v7qw-q7hj
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20250103-0004/

Type

URI

CONFIRM

https://github.com/squid-cache/squid/security/advisories/GHSA-f975-v7qw-q7hj

af854a3a-2127-422b-91ae-364da2661108

https://security.netapp.com/advisory/ntap-20250103-0004/

CPE URI	Source package	Min version	Max version
	squid	>= 3.0	< 6.10

CPE URI

Source package

Min version

Max version

squid

>= 3.0

< 6.10

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
squid	3.20-main	6.9-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
squid	3.19-main	6.6-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
squid	3.18-main	5.9-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
squid	3.17-main	5.7-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

squid

3.20-main

6.9-r0

Natanael Copa <ncopa@alpinelinux.org>

possibly vulnerable

squid

3.19-main