CVE-2024-45802

Updated: 2024-11-30 04:45:41.501735

Description:

Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the default build configuration of Squid version 6.10.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 7.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

AlmaLinux 9.2 ESU squid 5.5 7.5 HIGH In Testing 2024-11-27 11:54:47
CentOS 6 ELS squid34 3.4.14 7.5 HIGH Released CLSA-2024:1732702216 2024-12-07 11:57:05
CentOS 6 ELS squid 3.1.23 7.5 HIGH Released CLSA-2024:1732702350 2024-12-07 11:57:07
CentOS 8.4 ELS squid 4.11-4 7.5 HIGH Released CLSA-2024:1732701755 2024-11-27 11:55:28
CentOS 8.5 ELS squid 4.15-1 7.5 HIGH Released CLSA-2024:1732702046 2024-11-27 11:55:25
CentOS Stream 8 ELS squid 4.15 7.5 HIGH Released CLSA-2024:1733141124 2024-12-02 09:53:19
CloudLinux 6 ELS squid 3.1.23 7.5 HIGH Released CLSA-2024:1732703250 2024-12-07 11:57:08
CloudLinux 6 ELS squid34 3.4.14 7.5 HIGH Released CLSA-2024:1732703123 2024-12-07 11:57:06
CloudLinux 7 ELS squid 3.5.20 7.5 HIGH In Rollout CLSA-2024:1733142342 2024-12-02 09:53:19
Oracle Linux 6 ELS squid 3.1.23 7.5 HIGH Released CLSA-2024:1732704094 2024-11-27 11:55:22
Total: 14