CVE-2024-25111

Updated: 2024-03-26 18:27:54.002182

Description:

Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending a crafted, chunked, encoded HTTP Message. This bug is fixed in Squid version 6.8. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. There is no workaround for this issue.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x NONE 0
CVSS Version 3.x HIGH 8.6

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

AlmaLinux 9.2 ESU squid 5.5 8.6 HIGH In Progress 2024-12-03 05:30:38
CentOS 6 ELS squid 3.1.23 8.6 HIGH Not Vulnerable 2024-03-27 14:08:49
CentOS 8.4 ELS squid 4.11-4 8.6 HIGH Released CLSA-2024:1712261257 2024-04-04 17:10:06
CentOS 8.5 ELS squid 4.15-1 8.6 HIGH Released CLSA-2024:1712490592 2024-04-07 09:53:54
CloudLinux 6 ELS squid 3.1.23 8.6 HIGH Not Vulnerable 2024-03-27 14:08:49
Oracle Linux 6 ELS squid 3.1.23 8.6 HIGH Not Vulnerable 2024-03-27 14:08:49
Ubuntu 16.04 ELS squid 3.5.12-1 8.6 HIGH Needs Triage 2024-03-26 18:27:56
Ubuntu 18.04 ELS squid 3.5.27-1 8.6 HIGH Needs Triage 2024-04-16 14:10:05