CVE-2024-23638 — Expired Pointer Dereference in Squid

CWE-825 — Expired Pointer Dereference CWE-672 — Operation on a Resource after Expiration or Release7 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

14.3%

top 5.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Squid-cache Squid Squid

Timeline

PublishedJan 24

Latest updateApr 10

Description

Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client Manager reports. Squid older than 5.0.5 have not been tested and should be assumed to be vulnerable. All Squid-5.x up to and including 5.9 are vulnerable. All Squid-6.x up to and including 6.5 are vulnerabl…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5squid-cache/squid< 6.6

▶NVDsquid-cache/squid6.0 — 6.6+1

▶Debiansquid/squid< 4.13-10+deb11u3+3

Patches

Patch: www.squid-cache.org ↗Patch: www.squid-cache.org ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

squid vulnerabilities↗2024-04-10

▶

OSV

CVE-2024-23638: Squid is a caching proxy for the Web↗2024-01-24

▶

CVEList

SQUID-2023:11 Denial of Service in Cache Manager↗2024-01-23

▶

📋Vendor Advisories

Ubuntu

Squid vulnerabilities↗2024-04-10

▶

Red Hat

squid: vulnerable to a Denial of Service attack against Cache Manager error responses↗2024-01-24

▶

Debian

CVE-2024-23638: squid - Squid is a caching proxy for the Web. Due to an expired pointer reference bug, S...↗2024

▶