CVE-2024-45802

Public on 2024-10-28
Modified on 2024-11-01
Description
Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the default build configuration of Squid version 6.10.
Severity
Medium severity
Medium
CVSS v3 Base Score
6.8
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 squid No Fix Planned
Amazon Linux 2 - Core squid Pending Fix
Amazon Linux 2023 squid Pending Fix

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
NVD CVSSv3 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H