Fedora 39 update for squid
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-45802 |
| CWE-ID | CWE-399 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Fedora Operating systems & Components / Operating system squid Operating systems & Components / Operating system package or component |
| Vendor | Fedoraproject |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Resource management error
EUVDB-ID: #VU99355
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-45802
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application when processing ESI response content. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
Successful exploitation of the vulnerability requires that Squid is acting as reverse proxy where ESI feature has been enabled at build time.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 39
squid: before 6.12-2.fc39
CPE2.3 External linkshttp://bodhi.fedoraproject.org/updates/FEDORA-2024-b73b600af7
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
