what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

CVE-2024-25111

Status Candidate

Overview

Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending a crafted, chunked, encoded HTTP Message. This bug is fixed in Squid version 6.8. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. There is no workaround for this issue.

Related Files

Red Hat Security Advisory 2024-2822-03
Posted May 13, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-2822-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2024-25111
SHA-256 | 5b1278591beedae5fcae4e4762e94641b13117bc5eda0f8c60a271d4a510d203
Red Hat Security Advisory 2024-2777-03
Posted May 9, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-2777-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2024-25111
SHA-256 | 7821c6c9ca541899232b338cec866aa61d9d0724bed586ec90995cf9e57942b2
Ubuntu Security Notice USN-6728-3
Posted Apr 23, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6728-3 - USN-6728-1 fixed vulnerabilities in Squid. The fix for CVE-2023-5824 caused Squid to crash in certain environments on Ubuntu 20.04 LTS and was disabled in USN-6728-2. The problematic fix for CVE-2023-5824 has now been corrected and reinstated in this update.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2023-49288, CVE-2023-5824, CVE-2024-23638, CVE-2024-25111, CVE-2024-25617
SHA-256 | 0bf30fb6ffcb2ab3a9eb80bf643a6a374df5e9b1e030e608690f2c194f51ccdd
Red Hat Security Advisory 2024-1833-03
Posted Apr 17, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1833-03 - An update for squid is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2024-25111
SHA-256 | a95ed31c82bd71612d723b6a7d8017f4cfb4082fa8e57166627611bd53a4fc87
Red Hat Security Advisory 2024-1832-03
Posted Apr 17, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1832-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2024-25111
SHA-256 | b6b74a258005369d54a23186139b79be63c031bd0748d7fadf5263293b58f8c3
Ubuntu Security Notice USN-6728-2
Posted Apr 11, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6728-2 - USN-6728-1 fixed vulnerabilities in Squid. The fix for CVE-2023-5824 caused Squid to crash in certain environments on Ubuntu 20.04 LTS. The problematic fix has been reverted pending further investigation. Joshua Rogers discovered that Squid incorrectly handled collapsed forwarding. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Joshua Rogers discovered that Squid incorrectly handled certain structural elements. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. Joshua Rogers discovered that Squid incorrectly handled Cache Manager error responses. A remote trusted client can possibly use this issue to cause Squid to crash, resulting in a denial of service. Joshua Rogers discovered that Squid incorrectly handled the HTTP Chunked decoder. A remote attacker could possibly use this issue to cause Squid to stop responding, resulting in a denial of service. Joshua Rogers discovered that Squid incorrectly handled HTTP header parsing. A remote trusted client can possibly use this issue to cause Squid to crash, resulting in a denial of service.

tags | advisory, remote, web, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2023-49288, CVE-2023-5824, CVE-2024-23638, CVE-2024-25111, CVE-2024-25617
SHA-256 | 0856df025bfcd57e31eb05d1faef083bd5b30608db5b6bb659433042ad64ad67
Ubuntu Security Notice USN-6728-1
Posted Apr 11, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6728-1 - Joshua Rogers discovered that Squid incorrectly handled collapsed forwarding. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Joshua Rogers discovered that Squid incorrectly handled certain structural elements. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2023-49288, CVE-2023-5824, CVE-2024-23638, CVE-2024-25111, CVE-2024-25617
SHA-256 | c9a980c32c2ef96069eee9285fdd53c5aa4c12d940c776810cbfff41a398c101
Red Hat Security Advisory 2024-1479-03
Posted Apr 3, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1479-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2024-25111
SHA-256 | 270986b08e1ad7734398f895f1b9a609204e621974fb7c301e6a49e1ee2e967d
Red Hat Security Advisory 2024-1515-03
Posted Mar 27, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1515-03 - An update for squid is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2024-25111
SHA-256 | 45eee7bd37815f0599ffab7431b61864e4766be1c41624e6d721caeaeb7496c5
Debian Security Advisory 5637-1
Posted Mar 8, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5637-1 - Several security vulnerabilities have been discovered in Squid, a full featured web proxy cache. Due to programming errors in Squid's HTTP request parsing, remote attackers may be able to execute a denial of service attack by sending large X-Forwarded-For header or trigger a stack buffer overflow while performing HTTP Digest authentication. Other issues facilitate request smuggling past a firewall or a denial of service against Squid's Helper process management.

tags | advisory, remote, web, denial of service, overflow, vulnerability
systems | linux, debian
advisories | CVE-2023-46724, CVE-2023-46846, CVE-2023-46847, CVE-2023-46848, CVE-2023-49285, CVE-2023-49286, CVE-2023-50269, CVE-2024-23638, CVE-2024-25111, CVE-2024-25617
SHA-256 | a79ef3e7a5505aef83c8e1d9026a34f64acecaa9ccd3e41b225ac5500d8a96e7
Page 1 of 1
Back1Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close