CVE-2018-1000024
squid3 - security update
7.5
HIGH
CVSS 3.1
EPSS 9.2%
Description
The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax.. This vulnerability appears to have been fixed in 4.0.23 and later.
How to fix CVE-2018-1000024
To remediate CVE-2018-1000024, upgrade the affected package to a fixed version below.
- —upgrade to 3.5.27-r2 or later
- —upgrade to 4.1-1 or later
- —upgrade to 3.1.20-2.2+deb7u8 or later
- —upgrade to 3.4.8-6+deb8u5 or later
Is CVE-2018-1000024 being exploited?
Moderate — EPSS is 9.2%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (4)
- from 0, < 3.5.27-r2
- from 0, < 4.1-1
- from 0, < 3.1.20-2.2+deb7u8
- from 0, < 3.4.8-6+deb8u5
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |