What is CVE-2018-1000024?

CVE-2018-1000024 is a vulnerability in the Squid HTTP Caching Proxy that allows for Denial of Service attacks.

How severe is CVE-2018-1000024?

CVE-2018-1000024 has a severity rating of 7.5, indicating a high level of severity.

Which versions of Squid are affected by CVE-2018-1000024?

Squid versions 3.0 to 3.5.27 and 4.0 to 4.0.22 are affected by CVE-2018-1000024.

How can I fix CVE-2018-1000024?

To fix CVE-2018-1000024, update your Squid installation to version 3.5.28 or 4.0.23.

Where can I find more information about CVE-2018-1000024?

You can find more information about CVE-2018-1000024 on the Squid Software Foundation website and the Debian LTS announce mailing list.

Vulnerability/
CVE-2018-1000024

high

7.5

22/1/2018

9/2/2018

21/11/2024

CVE-2018-1000024

First published: Mon Jan 22 2018(Updated: )

Due to incorrect pointer handling, Squid versions 3.x (prior to 3.5.27) and 4.x (prior to 4.0.23) are vulnerable to a denial of service attack when processing ESI responses. This problem allows a remote server delivering certain ESI response syntax to trigger a denial of service for all clients accessing the Squid service. Upstream Advisory: <a href="http://www.squid-cache.org/Advisories/SQUID-2018_1.txt">http://www.squid-cache.org/Advisories/SQUID-2018_1.txt</a> Upstream Patches: <a href="http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_1.patch">http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_1.patch</a> <a href="http://www.squid-cache.org/Versions/v4/changesets/SQUID-2018_1.patch">http://www.squid-cache.org/Versions/v4/changesets/SQUID-2018_1.patch</a>

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Squid-Cache Squid	>=3.0<=3.5.27
Squid-Cache Squid	>=4.0<=4.0.22
Debian Debian Linux	=7.0
Debian Debian Linux	=8.0
Debian Debian Linux	=9.0
Canonical Ubuntu Linux	=14.04
Canonical Ubuntu Linux	=16.04
Canonical Ubuntu Linux	=17.10
redhat/squid	<3.5.28	3.5.28
redhat/squid	<4.0.23	4.0.23
debian/squid		4.13-10+deb11u3 5.7-2+deb12u2 6.12-1

Remedy

http://www.squid-cache.org/Advisories/SQUID-2018_1.txt

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2018-1000024?
CVE-2018-1000024 is a vulnerability in the Squid HTTP Caching Proxy that allows for Denial of Service attacks.
How severe is CVE-2018-1000024?
CVE-2018-1000024 has a severity rating of 7.5, indicating a high level of severity.
Which versions of Squid are affected by CVE-2018-1000024?
Squid versions 3.0 to 3.5.27 and 4.0 to 4.0.22 are affected by CVE-2018-1000024.
How can I fix CVE-2018-1000024?
To fix CVE-2018-1000024, update your Squid installation to version 3.5.28 or 4.0.23.
Where can I find more information about CVE-2018-1000024?
You can find more information about CVE-2018-1000024 on the Squid Software Foundation website and the Debian LTS announce mailing list.

collector/debian-bugs
alias/CVE-2018-1000024
collector/nvd-index
agent/type
agent/first-publish-date
collector/launchpad-cve
source/Launchpad
agent/author
agent/severity
collector/redhat-bugzilla
source/Red Hat
agent/software-canonical-lookup
collector/mitre-cve
source/MITRE
collector/usn-cve
source/Ubuntu
agent/references
agent/remedy
agent/tags
agent/description
agent/event
collector/security-tracker-debian
source/Debian
agent/softwarecombine
collector/nvd-cve
source/NVD
agent/last-modified-date
agent/trending
vendor/squid-cache
canonical/squid-cache squid
version/squid-cache squid/3.0
version/squid-cache squid/3.5.27
version/squid-cache squid/4.0
version/squid-cache squid/4.0.22
vendor/debian
canonical/debian debian linux
version/debian debian linux/7.0
version/debian debian linux/8.0
version/debian debian linux/9.0
vendor/canonical
canonical/canonical ubuntu linux
version/canonical ubuntu linux/14.04
version/canonical ubuntu linux/16.04
version/canonical ubuntu linux/17.10
package-manager/redhat
package-manager/debian