Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:44587
HistoryDec 07, 2023 - 1:01 a.m.

Use-After-Free

2023-12-0701:01:38
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
use-after-free
http configuration
malicious attackers
denial-of-service
vulnerability

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

6.6 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.8%

squid is vulnerable to Use-After-Free. The vulnerability occurs due to a HTTP Collapsed Forwarding configuration allowing malicious attackers to crash the Squid process, leading to a denial-of-service (DoS).

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

6.6 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.8%