CVE-2024-45802
HIGHsquid 3.0-6.9 - Denial of Service via Trusted Server Response
Title source: llmDescription
Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the default build configuration of Squid version 6.10.
References (3)
Core 3
Core References
Vendor Advisory
https://security.netapp.com/advisory/ntap-20250103-0004/
Mitigation, Third Party Advisory x_refsource_confirm
https://github.com/squid-cache/squid/security/advisories/GHSA-f975-v7qw-q7hj
Scores
CVSS v3
7.5
EPSS
0.4529
EPSS Percentile
98.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-20
Status
published
Products (1)
squid-cache/squid
3.0 - 6.10
Published
Oct 28, 2024
Tracked Since
Feb 18, 2026