7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.004 Low
EPSS
Percentile
72.8%
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid’s Gopher gateway. The gopher protocol is always available and enabled in Squid. This issue may lead to a remote denial of service via gopher URL requests.
To mitigate this issue, create an access list configuration to reject all gopher URL requests:
Set ACL directives in your squid.conf file (or equivalent) as follows:
acl gopher proto gopher
http_access deny gopher
Important: This sequence must be placed above any lines starting with "http_access allow" in your configuration.
Observation: Some loss of performance may occur with this configuration.