exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

CVE-2024-2511

Status Candidate

Overview

Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not if early_data support is also configured and the default anti-replay protection is in use). In this case, under certain conditions, the session cache can get into an incorrect state and it will fail to flush properly as it fills. The session cache will continue to grow in an unbounded manner. A malicious client could deliberately create the scenario for this failure to force a Denial of Service. It may also happen by accident in normal operation. This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS clients. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL 1.0.2 is also not affected by this issue.

Related Files

OpenSSL Toolkit 3.2.2
Posted Jun 6, 2024
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide.

Changes: Fixed potential use after free after SSL_free_buffers() is called. Fixed an issue where checking excessively long DSA keys or parameters may be very slow. Fixed unbounded memory growth with session handling in TLSv1.3.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2024-2511, CVE-2024-4603, CVE-2024-4741
SHA-256 | 197149c18d9e9f292c43f0400acaba12e5f52cacfe050f3d199277ea738ec2e7
OpenSSL Toolkit 3.1.6
Posted Jun 6, 2024
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide.

Changes: Fixed potential use after free after SSL_free_buffers() is called. Fixed an issue where checking excessively long DSA keys or parameters may be very slow. Fixed unbounded memory growth with session handling in TLSv1.3.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2024-2511, CVE-2024-4603, CVE-2024-4741
SHA-256 | 5d2be4036b478ef3cb0a854ca9b353072c3a0e26d8a56f8f0ab9fb6ed32d38d7
OpenSSL Toolkit 3.0.14
Posted Jun 6, 2024
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide.

Changes: Fixed potential use after free after SSL_free_buffers() is called. Fixed an issue where checking excessively long DSA keys or parameters may be very slow. Fixed unbounded memory growth with session handling in TLSv1.3.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2024-2511, CVE-2024-4603, CVE-2024-4741
SHA-256 | eeca035d4dd4e84fc25846d952da6297484afa0650a6f84c682e39df3a4123ca
Red Hat Security Advisory 2024-2822-03
Posted May 13, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-2822-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2024-25111
SHA-256 | 5b1278591beedae5fcae4e4762e94641b13117bc5eda0f8c60a271d4a510d203
Red Hat Security Advisory 2024-2777-03
Posted May 9, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-2777-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2024-25111
SHA-256 | 7821c6c9ca541899232b338cec866aa61d9d0724bed586ec90995cf9e57942b2
Ubuntu Security Notice USN-6728-3
Posted Apr 23, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6728-3 - USN-6728-1 fixed vulnerabilities in Squid. The fix for CVE-2023-5824 caused Squid to crash in certain environments on Ubuntu 20.04 LTS and was disabled in USN-6728-2. The problematic fix for CVE-2023-5824 has now been corrected and reinstated in this update.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2023-49288, CVE-2023-5824, CVE-2024-23638, CVE-2024-25111, CVE-2024-25617
SHA-256 | 0bf30fb6ffcb2ab3a9eb80bf643a6a374df5e9b1e030e608690f2c194f51ccdd
Red Hat Security Advisory 2024-1833-03
Posted Apr 17, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1833-03 - An update for squid is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2024-25111
SHA-256 | a95ed31c82bd71612d723b6a7d8017f4cfb4082fa8e57166627611bd53a4fc87
Red Hat Security Advisory 2024-1832-03
Posted Apr 17, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1832-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2024-25111
SHA-256 | b6b74a258005369d54a23186139b79be63c031bd0748d7fadf5263293b58f8c3
Ubuntu Security Notice USN-6728-2
Posted Apr 11, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6728-2 - USN-6728-1 fixed vulnerabilities in Squid. The fix for CVE-2023-5824 caused Squid to crash in certain environments on Ubuntu 20.04 LTS. The problematic fix has been reverted pending further investigation. Joshua Rogers discovered that Squid incorrectly handled collapsed forwarding. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Joshua Rogers discovered that Squid incorrectly handled certain structural elements. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. Joshua Rogers discovered that Squid incorrectly handled Cache Manager error responses. A remote trusted client can possibly use this issue to cause Squid to crash, resulting in a denial of service. Joshua Rogers discovered that Squid incorrectly handled the HTTP Chunked decoder. A remote attacker could possibly use this issue to cause Squid to stop responding, resulting in a denial of service. Joshua Rogers discovered that Squid incorrectly handled HTTP header parsing. A remote trusted client can possibly use this issue to cause Squid to crash, resulting in a denial of service.

tags | advisory, remote, web, denial of service, vulnerability
systems | linux, ubuntu
advisories | CVE-2023-49288, CVE-2023-5824, CVE-2024-23638, CVE-2024-25111, CVE-2024-25617
SHA-256 | 0856df025bfcd57e31eb05d1faef083bd5b30608db5b6bb659433042ad64ad67
Ubuntu Security Notice USN-6728-1
Posted Apr 11, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6728-1 - Joshua Rogers discovered that Squid incorrectly handled collapsed forwarding. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. Joshua Rogers discovered that Squid incorrectly handled certain structural elements. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2023-49288, CVE-2023-5824, CVE-2024-23638, CVE-2024-25111, CVE-2024-25617
SHA-256 | c9a980c32c2ef96069eee9285fdd53c5aa4c12d940c776810cbfff41a398c101
Red Hat Security Advisory 2024-1479-03
Posted Apr 3, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1479-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2024-25111
SHA-256 | 270986b08e1ad7734398f895f1b9a609204e621974fb7c301e6a49e1ee2e967d
Red Hat Security Advisory 2024-1515-03
Posted Mar 27, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1515-03 - An update for squid is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2024-25111
SHA-256 | 45eee7bd37815f0599ffab7431b61864e4766be1c41624e6d721caeaeb7496c5
Debian Security Advisory 5642-1
Posted Mar 21, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5642-1 - Three security issues were discovered in php-svg-lib, a PHP library to read, parse and export to PDF SVG files, which could result in denial of service, restriction bypass or the execution of arbitrary code.

tags | advisory, denial of service, arbitrary, php
systems | linux, debian
advisories | CVE-2023-50251, CVE-2023-50252, CVE-2024-25117
SHA-256 | 5e13068f973fafd73dbd6db137d7088337677e0ff95c185b8076cc2a7f0f192f
Debian Security Advisory 5637-1
Posted Mar 8, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5637-1 - Several security vulnerabilities have been discovered in Squid, a full featured web proxy cache. Due to programming errors in Squid's HTTP request parsing, remote attackers may be able to execute a denial of service attack by sending large X-Forwarded-For header or trigger a stack buffer overflow while performing HTTP Digest authentication. Other issues facilitate request smuggling past a firewall or a denial of service against Squid's Helper process management.

tags | advisory, remote, web, denial of service, overflow, vulnerability
systems | linux, debian
advisories | CVE-2023-46724, CVE-2023-46846, CVE-2023-46847, CVE-2023-46848, CVE-2023-49285, CVE-2023-49286, CVE-2023-50269, CVE-2024-23638, CVE-2024-25111, CVE-2024-25617
SHA-256 | a79ef3e7a5505aef83c8e1d9026a34f64acecaa9ccd3e41b225ac5500d8a96e7
Page 1 of 1
Back1Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    19 Files
  • 23
    Jul 23rd
    17 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close