CVE-2024-45802

{"id": "CVE-2024-45802", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-10-28T15:15:04.857", "references": [{"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-f975-v7qw-q7hj", "tags": ["Mitigation", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://security.netapp.com/advisory/ntap-20250103-0004/", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to Input Validation, Premature Release of Resource During Expected Lifetime, and Missing Release of Resource after Effective Lifetime bugs, Squid is vulnerable to Denial of Service attacks by a trusted server against all clients using the proxy. This bug is fixed in the default build configuration of Squid version 6.10."}, {"lang": "es", "value": "Squid es un proxy de almacenamiento en cach\u00e9 de c\u00f3digo abierto para la Web compatible con HTTP, HTTPS, FTP y m\u00e1s. Debido a errores de validaci\u00f3n de entrada, liberaci\u00f3n prematura de recursos durante el tiempo de vida \u00fatil esperado y falta de liberaci\u00f3n de recursos despu\u00e9s del tiempo de vida \u00fatil efectivo, Squid es vulnerable a ataques de denegaci\u00f3n de servicio por parte de un servidor confiable contra todos los clientes que utilicen el proxy. Este error se corrigi\u00f3 en la configuraci\u00f3n de compilaci\u00f3n predeterminada de la versi\u00f3n 6.10 de Squid."}], "lastModified": "2025-01-03T12:15:26.117", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "269E064C-AAF8-4A48-BBAB-76A37C1A0684", "versionEndExcluding": "6.10", "versionStartIncluding": "3.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}