Denial Of Service

2024-01-1316:03:22

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

squid

buster

uncontrolled recursion

remote attacker

denial of service

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.6 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.005 Low

EPSS

Percentile

75.1%

JSON

squid:buster is vulnerable to Denial Of Service. The vulnerability due to an Uncontrolled Recursion bug configured by sending a large X-Forwarded-For header when the follow_x_forwarded_for feature. It allows a remote attacker to perform Denial of Service attack.

CPENameOperatorVersion
squid:bustereq4.6-1+deb10u6
squid:bustereq4.6-1+deb10u4
squid:bustereq4.6-1+deb10u6
squid:bustereq4.6-1+deb10u4
squid:sideq4.13-6
squid:sideq4.13-1
squid:3.19eq6.4-r0
squid:3.19eq6.5-r0
squid:edgeeq6.2-r0
squid:edgeeq6.3-r0

Name	Operator	Version
squid:buster	eq	4.6-1+deb10u6
squid:buster	eq	4.6-1+deb10u4
squid:buster	eq	4.6-1+deb10u6
squid:buster	eq	4.6-1+deb10u4
squid:sid	eq	4.13-6
squid:sid	eq	4.13-1
squid:3.19	eq	6.4-r0
squid:3.19	eq	6.5-r0
squid:edge	eq	6.2-r0
squid:edge	eq	6.3-r0