UBUNTU-CVE-2024-23638

Source
https://ubuntu.com/security/CVE-2024-23638
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-23638.json
JSON Data
https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2024-23638
Related
Published
2024-01-24T00:15:00Z
Modified
2024-10-15T14:12:52Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client Manager reports. Squid older than 5.0.5 have not been tested and should be assumed to be vulnerable. All Squid-5.x up to and including 5.9 are vulnerable. All Squid-6.x up to and including 6.5 are vulnerable. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. As a workaround, prevent access to Cache Manager using Squid's main access control: http_access deny manager.

References

Affected packages

Ubuntu:Pro:16.04:LTS / squid3

Package

Name
squid3
Purl
pkg:deb/ubuntu/squid3?arch=src?distro=esm-infra/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.3.8-1ubuntu16
3.3.8-1ubuntu17
3.5.12-1ubuntu6
3.5.12-1ubuntu7
3.5.12-1ubuntu7.1
3.5.12-1ubuntu7.2
3.5.12-1ubuntu7.3
3.5.12-1ubuntu7.4
3.5.12-1ubuntu7.5
3.5.12-1ubuntu7.6
3.5.12-1ubuntu7.7
3.5.12-1ubuntu7.8
3.5.12-1ubuntu7.9
3.5.12-1ubuntu7.10
3.5.12-1ubuntu7.11
3.5.12-1ubuntu7.12
3.5.12-1ubuntu7.13
3.5.12-1ubuntu7.14
3.5.12-1ubuntu7.15
3.5.12-1ubuntu7.16
3.5.12-1ubuntu7.16+esm1
3.5.12-1ubuntu7.16+esm2
3.5.12-1ubuntu7.16+esm3
3.5.12-1ubuntu7.16+esm4

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / squid3

Package

Name
squid3
Purl
pkg:deb/ubuntu/squid3?arch=src?distro=esm-infra/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.5.23-5ubuntu1
3.5.23-5ubuntu2
3.5.27-1ubuntu1
3.5.27-1ubuntu1.1
3.5.27-1ubuntu1.2
3.5.27-1ubuntu1.3
3.5.27-1ubuntu1.4
3.5.27-1ubuntu1.5
3.5.27-1ubuntu1.6
3.5.27-1ubuntu1.7
3.5.27-1ubuntu1.8
3.5.27-1ubuntu1.9
3.5.27-1ubuntu1.10
3.5.27-1ubuntu1.11
3.5.27-1ubuntu1.12
3.5.27-1ubuntu1.13
3.5.27-1ubuntu1.14
3.5.27-1ubuntu1.14+esm1
3.5.27-1ubuntu1.14+esm2
3.5.27-1ubuntu1.14+esm3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / squid

Package

Name
squid
Purl
pkg:deb/ubuntu/squid?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.10-1ubuntu1.10

Affected versions

4.*

4.8-1ubuntu2
4.8-1ubuntu3
4.9-2ubuntu1
4.9-2ubuntu2
4.9-2ubuntu3
4.9-2ubuntu4
4.10-1ubuntu1
4.10-1ubuntu1.1
4.10-1ubuntu1.2
4.10-1ubuntu1.3
4.10-1ubuntu1.4
4.10-1ubuntu1.5
4.10-1ubuntu1.6
4.10-1ubuntu1.7
4.10-1ubuntu1.8
4.10-1ubuntu1.9

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "4.10-1ubuntu1.10",
            "binary_name": "squid"
        },
        {
            "binary_version": "4.10-1ubuntu1.10",
            "binary_name": "squid-cgi"
        },
        {
            "binary_version": "4.10-1ubuntu1.10",
            "binary_name": "squid-cgi-dbgsym"
        },
        {
            "binary_version": "4.10-1ubuntu1.10",
            "binary_name": "squid-common"
        },
        {
            "binary_version": "4.10-1ubuntu1.10",
            "binary_name": "squid-dbgsym"
        },
        {
            "binary_version": "4.10-1ubuntu1.10",
            "binary_name": "squid-purge"
        },
        {
            "binary_version": "4.10-1ubuntu1.10",
            "binary_name": "squid-purge-dbgsym"
        },
        {
            "binary_version": "4.10-1ubuntu1.10",
            "binary_name": "squidclient"
        },
        {
            "binary_version": "4.10-1ubuntu1.10",
            "binary_name": "squidclient-dbgsym"
        }
    ]
}

Ubuntu:22.04:LTS / squid

Package

Name
squid
Purl
pkg:deb/ubuntu/squid?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.7-0ubuntu0.22.04.4

Affected versions

4.*

4.13-10ubuntu5

5.*

5.2-1ubuntu1
5.2-1ubuntu3
5.2-1ubuntu4
5.2-1ubuntu4.1
5.2-1ubuntu4.2
5.2-1ubuntu4.3
5.7-0ubuntu0.22.04.1
5.7-0ubuntu0.22.04.2
5.7-0ubuntu0.22.04.3

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "5.7-0ubuntu0.22.04.4",
            "binary_name": "squid"
        },
        {
            "binary_version": "5.7-0ubuntu0.22.04.4",
            "binary_name": "squid-cgi"
        },
        {
            "binary_version": "5.7-0ubuntu0.22.04.4",
            "binary_name": "squid-cgi-dbgsym"
        },
        {
            "binary_version": "5.7-0ubuntu0.22.04.4",
            "binary_name": "squid-common"
        },
        {
            "binary_version": "5.7-0ubuntu0.22.04.4",
            "binary_name": "squid-dbgsym"
        },
        {
            "binary_version": "5.7-0ubuntu0.22.04.4",
            "binary_name": "squid-openssl"
        },
        {
            "binary_version": "5.7-0ubuntu0.22.04.4",
            "binary_name": "squid-openssl-dbgsym"
        },
        {
            "binary_version": "5.7-0ubuntu0.22.04.4",
            "binary_name": "squid-purge"
        },
        {
            "binary_version": "5.7-0ubuntu0.22.04.4",
            "binary_name": "squid-purge-dbgsym"
        },
        {
            "binary_version": "5.7-0ubuntu0.22.04.4",
            "binary_name": "squidclient"
        },
        {
            "binary_version": "5.7-0ubuntu0.22.04.4",
            "binary_name": "squidclient-dbgsym"
        }
    ]
}