CVE-2024-25111

CVSS v3.1

8.6

High

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Squid versions 3.5.27 through 6.7

Description The issue is related to an uncontrolled recursion bug in the HTTP Chunked decoder, which can lead to a Denial of Service attack. A remote attacker can exploit this by sending a crafted, chunked, encoded HTTP Message. This problem is associated with a buffer overflow on the stack due to the uncontrolled recursion when processing HTTP messages.

Recommendations For Squid versions 3.5.27 through 6.7, update to version 6.8 or apply patches from Squid's patch archives to resolve the issue. At the moment, there is no workaround for this issue, so updating or patching is the only resolution.

Exploit

Fix

DoS

Stack Overflow

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-674

Related Identifiers

ALSA-2024:1375

ALSA-2024:1376

ALSA-2024_1375

ALSA-2024_1376

ALT-PU-2024-9370

ALT-PU-2024-9439

ALT-PU-2024-9442

AZL-42511

BDU:2024-02061

CESA-2024_1375

CVE-2024-25111

DLA-4083-1

DSA-5637-1

GHSA-72C2-C3WM-8QXC

MGASA-2024-0102

OESA-2024-2060

OESA-2024-2206

OESA-2024-2207

OESA-2024-2208

OESA-2024-2209

OPENSUSE-SU-2024:13757-1

OPENSUSE-SU-2024_1113-1

RHSA-2024:1375

RHSA-2024:1376

RHSA-2024:1479

RHSA-2024:1515

RHSA-2024:1832

RHSA-2024:1833

RHSA-2024:2777

RHSA-2024:2822

RHSA-2024_1375

RHSA-2024_1376

SUSE-SU-2024:1113-1

SUSE-SU-2024:1114-1

SUSE-SU-2024:1115-1

SUSE-SU-2024_1113-1

SUSE-SU-2024_1114-1

SUSE-SU-2024_1115-1

USN-6728-1

USN-6728-2

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Linuxmint

Red Hat

Red Os

Rocky Linux

Squid

Squid Cache

Suse

Ubuntu

CVE-2024-25111

Weakness Enumeration

Related Identifiers

Affected Products

References · 81