CVE-2024-23638

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jan 24, 2024

Updated: Apr 25, 2024

CWE ID 672

CWE ID 825

Summary

CVE-2024-23638 is a Denial of Service vulnerability affecting Squid, a widely used caching proxy for the Web. Squid versions prior to 6.6 contain an expired pointer reference bug that allows a trusted client to trigger error responses, leading to a Denial of Service condition. Squid versions older than 5.0.5 have not been tested and are presumed vulnerable. Specifically, all Squid-5.x up to and including 5.9, as well as all Squid-6.x up to and including 6.5, are at risk. This issue is resolved in Squid version 6.6, and patches for the stable releases can be found in Squid's patch archives. A workaround involves denying access to Cache Manager using Squid's main access control: `http_access deny manager`.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Squid-cache Squid

Advisories, Assessments, and Mitigations

Back to Vulnerability Database