CVE-2024-23638
published 2024-01-24CVE-2024-23638: Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against…
PriorityP353medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
60.05%
99.0th percentile
Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client Manager reports. Squid older than 5.0.5 have not been tested and should be assumed to be vulnerable. All Squid-5.x up to and including 5.9 are vulnerable. All Squid-6.x up to and including 6.5 are vulnerable. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. As a workaround, prevent access to Cache Manager using Squid's main access control: `http_access deny manager`.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | squid | < squid 5.7-2+deb12u1 (bookworm) | squid 5.7-2+deb12u1 (bookworm) |
| squid-cache | squid | < 6.6 | 6.6 |
| squid-cache | squid | 5.0 – 5.9 | — |
| squid-cache | squid | >= 6.0 < 6.6 | 6.6 |
| squid | squid | >= 0 < 4.13-10+deb11u3 | 4.13-10+deb11u3 |
| squid | squid | >= 0 < 5.7-2+deb12u1 | 5.7-2+deb12u1 |
| squid | squid | >= 0 < 6.6-1 | 6.6-1 |
| squid | squid | >= 0 < 6.6-1 | 6.6-1 |
| squid | squid | >= 0 < 4.10-1ubuntu1.11 | 4.10-1ubuntu1.11 |
| squid | squid | >= 0 < 4.10-1ubuntu1.12 | 4.10-1ubuntu1.12 |
| squid | squid | >= 0 < 4.10-1ubuntu1.10 | 4.10-1ubuntu1.10 |
| squid | squid | >= 0 < 5.7-0ubuntu0.22.04.4 | 5.7-0ubuntu0.22.04.4 |
Detection & IOCsextracted from sources · hover to see the quote
- →Trigger condition: a trusted client generates error pages for Cache Manager (Client Manager) reports, exploiting an expired pointer reference bug in Squid's Cache Manager error response handling ↗
- →Workaround/detection choke point: block access to the Cache Manager endpoint via Squid ACL — monitor for attempts to reach the manager endpoint from trusted clients as a detection signal ↗
- ·Vulnerable version range: Squid-5.x up to and including 5.9, and Squid-6.x up to and including 6.5; versions older than 5.0.5 are untested and assumed vulnerable ↗
- ·Fixed in Squid 6.6 upstream; Debian bookworm fixed in 5.7-2+deb12u1, bullseye in 4.13-10+deb11u3, forky/sid/trixie in 6.6-1 ↗
- ·Exploitation requires a trusted client (not an arbitrary remote attacker); scope is limited to clients already permitted by Squid's access controls ↗
- ·Ubuntu USN-6728-1 patch for co-bundled CVE-2023-5824 caused Squid crashes on Ubuntu 20.04 LTS; was reverted in USN-6728-2 and corrected in USN-6728-3 — ensure the correct update is applied ↗
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_ubuntu8.6HIGH
vendor_debian6.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Squid vulnerability
vendor_ubuntu·2024-04-23·CVSS 8.6
CVE-2023-49288 [HIGH] Squid vulnerability
Title: Squid vulnerability
Summary: Squid could be made to crash if it received specially crafted network
traffic.
USN-6728-1 fixed vulnerabilities in Squid. The fix for CVE-2023-5824 caused
Squid to crash in certain environments on Ubuntu 20.04 LTS and was disabled
in USN-6728-2. The problematic fix for CVE-2023-5824 has now been corrected
and reinstated in this update.
We apologize for the inconvenience.
Original advisory details:
Joshua Rogers discovered that Squid incorrectly handled collapsed
forwarding. A remote attacker could possibly use this issue to cause Squid
to crash, resulting in a denial of service. This issue only affected Ubuntu
20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-49288)
Joshua Rogers discovered that Squid incorrectly handled certain structural
elements. A remo
Ubuntu
Squid regression
vendor_ubuntu·2024-04-11·CVSS 8.6
CVE-2023-5824 [HIGH] Squid regression
Title: Squid regression
Summary: USN-6728-1 introduced a regression in Squid.
USN-6728-1 fixed vulnerabilities in Squid. The fix for CVE-2023-5824 caused
Squid to crash in certain environments on Ubuntu 20.04 LTS. The problematic
fix has been reverted pending further investigation.
We apologize for the inconvenience.
Original advisory details:
Joshua Rogers discovered that Squid incorrectly handled collapsed
forwarding. A remote attacker could possibly use this issue to cause Squid
to crash, resulting in a denial of service. This issue only affected Ubuntu
20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-49288)
Joshua Rogers discovered that Squid incorrectly handled certain structural
elements. A remote attacker could possibly use this issue to cause Squid to
crash, resulting in a denial of
Ubuntu
Squid vulnerabilities
vendor_ubuntu·2024-04-10·CVSS 8.6
CVE-2024-23638 [HIGH] Squid vulnerabilities
Title: Squid vulnerabilities
Summary: Several security issues were fixed in Squid.
Joshua Rogers discovered that Squid incorrectly handled collapsed
forwarding. A remote attacker could possibly use this issue to cause Squid
to crash, resulting in a denial of service. This issue only affected Ubuntu
20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-49288)
Joshua Rogers discovered that Squid incorrectly handled certain structural
elements. A remote attacker could possibly use this issue to cause Squid to
crash, resulting in a denial of service. (CVE-2023-5824)
Joshua Rogers discovered that Squid incorrectly handled Cache Manager error
responses. A remote trusted client can possibly use this issue to cause
Squid to crash, resulting in a denial of service. (CVE-2024-23638)
Joshua Rogers discovere
Red Hat
squid: vulnerable to a Denial of Service attack against Cache Manager error responses
vendor_redhat·2024-01-24·CVSS 6.5
CVE-2024-23638 [MEDIUM] CWE-825 squid: vulnerable to a Denial of Service attack against Cache Manager error responses
squid: vulnerable to a Denial of Service attack against Cache Manager error responses
Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client Manager reports. Squid older than 5.0.5 have not been tested and should be assumed to be vulnerable. All Squid-5.x up to and including 5.9 are vulnerable. All Squid-6.x up to and including 6.5 are vulnerable. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. As a workaround, prevent access to Cache Manager using Squid'
Debian
CVE-2024-23638: squid - Squid is a caching proxy for the Web. Due to an expired pointer reference bug, S...
vendor_debian·2024·CVSS 6.5
CVE-2024-23638 [MEDIUM] CVE-2024-23638: squid - Squid is a caching proxy for the Web. Due to an expired pointer reference bug, S...
Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client Manager reports. Squid older than 5.0.5 have not been tested and should be assumed to be vulnerable. All Squid-5.x up to and including 5.9 are vulnerable. All Squid-6.x up to and including 6.5 are vulnerable. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. As a workaround, prevent access to Cache Manager using Squid's main access control: `http_access deny manager`.
Scope: local
bookworm: resolved (fix
OSV
squid vulnerability
osv·2024-04-23·CVSS 7.5
CVE-2023-5824 [HIGH] squid vulnerability
squid vulnerability
USN-6728-1 fixed vulnerabilities in Squid. The fix for CVE-2023-5824 caused
Squid to crash in certain environments on Ubuntu 20.04 LTS and was disabled
in USN-6728-2. The problematic fix for CVE-2023-5824 has now been corrected
and reinstated in this update.
We apologize for the inconvenience.
Original advisory details:
Joshua Rogers discovered that Squid incorrectly handled collapsed
forwarding. A remote attacker could possibly use this issue to cause Squid
to crash, resulting in a denial of service. This issue only affected Ubuntu
20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-49288)
Joshua Rogers discovered that Squid incorrectly handled certain structural
elements. A remote attacker could possibly use this issue to cause Squid to
crash, resulting in a denial of serv
OSV
squid regression
osv·2024-04-11·CVSS 7.5
CVE-2023-5824 [HIGH] squid regression
squid regression
USN-6728-1 fixed vulnerabilities in Squid. The fix for CVE-2023-5824 caused
Squid to crash in certain environments on Ubuntu 20.04 LTS. The problematic
fix has been reverted pending further investigation.
We apologize for the inconvenience.
Original advisory details:
Joshua Rogers discovered that Squid incorrectly handled collapsed
forwarding. A remote attacker could possibly use this issue to cause Squid
to crash, resulting in a denial of service. This issue only affected Ubuntu
20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-49288)
Joshua Rogers discovered that Squid incorrectly handled certain structural
elements. A remote attacker could possibly use this issue to cause Squid to
crash, resulting in a denial of service. (CVE-2023-5824)
Joshua Rogers discovered that Squid
OSV
squid vulnerabilities
osv·2024-04-10·CVSS 7.5
CVE-2023-49288 [HIGH] squid vulnerabilities
squid vulnerabilities
Joshua Rogers discovered that Squid incorrectly handled collapsed
forwarding. A remote attacker could possibly use this issue to cause Squid
to crash, resulting in a denial of service. This issue only affected Ubuntu
20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-49288)
Joshua Rogers discovered that Squid incorrectly handled certain structural
elements. A remote attacker could possibly use this issue to cause Squid to
crash, resulting in a denial of service. (CVE-2023-5824)
Joshua Rogers discovered that Squid incorrectly handled Cache Manager error
responses. A remote trusted client can possibly use this issue to cause
Squid to crash, resulting in a denial of service. (CVE-2024-23638)
Joshua Rogers discovered that Squid incorrectly handled the HTTP Chunked
decoder. A r
OSV
CVE-2024-23638: Squid is a caching proxy for the Web
osv·2024-01-24·CVSS 6.5
CVE-2024-23638 [MEDIUM] CVE-2024-23638: Squid is a caching proxy for the Web
Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client Manager reports. Squid older than 5.0.5 have not been tested and should be assumed to be vulnerable. All Squid-5.x up to and including 5.9 are vulnerable. All Squid-6.x up to and including 6.5 are vulnerable. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. As a workaround, prevent access to Cache Manager using Squid's main access control: `http_access deny manager`.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.squid-cache.org/Versions/v5/SQUID-2023_11.patchhttp://www.squid-cache.org/Versions/v6/SQUID-2023_11.patchhttps://github.com/squid-cache/squid/commit/290ae202883ac28a48867079c2fb34c40efd382bhttps://github.com/squid-cache/squid/commit/e8118a7381213f5cfcdeb4cec1d2d854bfd261c8https://github.com/squid-cache/squid/security/advisories/GHSA-j49p-553x-48rxhttps://lists.fedoraproject.org/archives/list/[email protected]/message/7R4KPSO3MQT3KAOZV7LC2GG3CYMCGK7H/https://lists.fedoraproject.org/archives/list/[email protected]/message/XWQHRDRHDM5PQTU6BHH4C5KGL37X6TVI/https://megamansec.github.io/Squid-Security-Audit/stream-assert.htmlhttps://security.netapp.com/advisory/ntap-20240208-0010/http://www.squid-cache.org/Versions/v5/SQUID-2023_11.patchhttp://www.squid-cache.org/Versions/v6/SQUID-2023_11.patchhttps://github.com/squid-cache/squid/commit/290ae202883ac28a48867079c2fb34c40efd382bhttps://github.com/squid-cache/squid/commit/e8118a7381213f5cfcdeb4cec1d2d854bfd261c8https://github.com/squid-cache/squid/security/advisories/GHSA-j49p-553x-48rxhttps://lists.fedoraproject.org/archives/list/[email protected]/message/7R4KPSO3MQT3KAOZV7LC2GG3CYMCGK7H/https://lists.fedoraproject.org/archives/list/[email protected]/message/XWQHRDRHDM5PQTU6BHH4C5KGL37X6TVI/https://megamansec.github.io/Squid-Security-Audit/stream-assert.htmlhttps://security.netapp.com/advisory/ntap-20240208-0010/
2024-01-24
Published