CVE-2024-25617

Name of the Vulnerable Software and Affected Versions Squid versions prior to 6.5

Description Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug, Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to perform Denial of Service when sending oversized headers in HTTP messages. The request header max size or reply header max size settings are used to control this behavior. If these settings are unchanged from the default in versions prior to 6.5, the issue can be exploited. In Squid version 6.5 and later, the default setting of these parameters is safe.

Recommendations To resolve the issue, upgrade to Squid version 6.5 or later, as the default settings in these versions are safe. For versions prior to 6.5, consider changing the request header max size and reply header max size settings to safe values to prevent exploitation. As a temporary workaround, consider monitoring the cache.log for critical warnings related to these settings.