Unrated severityNVD Advisory· Published Mar 6, 2024· Updated Nov 3, 2025
SQUID-2024:1 Denial of Service in HTTP Chunked Decoding
CVE-2024-25111
Description
Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending a crafted, chunked, encoded HTTP Message. This bug is fixed in Squid version 6.8. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. There is no workaround for this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
23- osv-coords21 versionspkg:rpm/almalinux/libecappkg:rpm/almalinux/libecap-develpkg:rpm/almalinux/squidpkg:rpm/opensuse/squid&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/squid&distro=openSUSE%20Tumbleweedpkg:rpm/suse/squid&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP5pkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/squid&distro=SUSE%20Manager%20Proxy%204.3pkg:rpm/suse/squid&distro=SUSE%20Manager%20Server%204.3
< 1.0.1-2.module_el8.6.0+2741+01592ae8+ 20 more
- (no CPE)range: < 1.0.1-2.module_el8.6.0+2741+01592ae8
- (no CPE)range: < 1.0.1-2.module_el8.6.0+2741+01592ae8
- (no CPE)range: < 7:4.15-7.module_el8.9.0+3749+dbf371ed.10
- (no CPE)range: < 5.7-150400.3.26.1
- (no CPE)range: < 6.8-1.1
- (no CPE)range: < 4.17-150000.5.52.1
- (no CPE)range: < 4.17-150000.5.52.1
- (no CPE)range: < 4.17-150000.5.52.1
- (no CPE)range: < 5.7-150400.3.26.1
- (no CPE)range: < 5.7-150400.3.26.1
- (no CPE)range: < 5.7-150400.3.26.1
- (no CPE)range: < 4.17-4.44.1
- (no CPE)range: < 4.17-150000.5.52.1
- (no CPE)range: < 4.17-150000.5.52.1
- (no CPE)range: < 5.7-150400.3.26.1
- (no CPE)range: < 4.17-4.44.1
- (no CPE)range: < 4.17-150000.5.52.1
- (no CPE)range: < 4.17-150000.5.52.1
- (no CPE)range: < 5.7-150400.3.26.1
- (no CPE)range: < 5.7-150400.3.26.1
- (no CPE)range: < 5.7-150400.3.26.1
- Range: >= 3.5.27, < 6.8
Patches
Vulnerability mechanics
Synthesis attempt was rejected by the grounding validator. Re-run pending.
References
5- www.squid-cache.org/Versions/v6/SQUID-2024_1.patchmitrex_refsource_MISC
- github.com/squid-cache/squid/security/advisories/GHSA-72c2-c3wm-8qxcmitrex_refsource_CONFIRM
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7R4KPSO3MQT3KAOZV7LC2GG3CYMCGK7H/mitre
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWQHRDRHDM5PQTU6BHH4C5KGL37X6TVI/mitre
- security.netapp.com/advisory/ntap-20240605-0001/mitre
News mentions
0No linked articles in our index yet.