PT-2024-1422 · Squid+10 · Squid+11

Joshua Rogers

·

Published

2024-01-23

·

Updated

2026-03-29

·

CVE-2024-23638

CVSS v2.0

6.8

Medium

VectorAV:N/AC:L/Au:S/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Squid versions prior to 6.6 Squid versions 5.0.5 and earlier are assumed to be vulnerable Squid versions 5.x up to and including 5.9 Squid versions 6.x up to and including 6.5
Description The issue is related to an expired pointer reference bug in Squid, a caching proxy for the Web. This problem allows a trusted client to perform a Denial of Service attack when generating error pages for Client Manager reports. The bug can be exploited by a remote attacker to cause a Denial of Service.
Recommendations For Squid versions prior to 6.6, update to version 6.6 to resolve the issue. For Squid versions 5.x up to and including 5.9, update to version 6.6 to resolve the issue. For Squid versions 6.x up to and including 6.5, update to version 6.6 to resolve the issue. As a temporary workaround, prevent access to Cache Manager using Squid's main access control: http access deny manager.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-672CWE-825

Related Identifiers

ALSA-2024:4861
ALSA-2024:9644
ALSA-2024_4861
ALSA-2024_9644
ALT-PU-2024-2157
AZL-34001
BDU:2024-00895
CESA-2024_9644
CVE-2024-23638
DSA-5637-1
GHSA-J49P-553X-48RX
INFSA-2024_4861
INFSA-2024_9644
MGASA-2024-0102
OESA-2024-1124
OPENSUSE-SU-2024:13631-1
RHSA-2024:4861
RHSA-2024:9644
RHSA-2024_4861
RHSA-2024_9644
RLSA-2024:4861
RLSA-2024:9644
ROSA-SA-2025-2595
SUSE-SU-2024:0296-1
SUSE-SU-2024:0298-1
SUSE-SU-2024:0455-1
USN-6728-1
USN-6728-2

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Red Hat
Red Os
Rocky Linux
Squid
Squid Cache
Suse
Ubuntu