REDHAT-BUG-2451577: Use After Free
Squid is a caching proxy for the Web. Prior to version 7.5, due to premature release of resource during expected lifetime and heap Use-After-Free bugs, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to perform a reliable and repeatable Denial of Service attack against the Squid service using ICP protocol. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero icpport). This problem cannot be mitigated by denying ICP queries using icpaccess rules. This bug is fixed in Squid version 7.5.
Affected Software
Event History
Frequently Asked Questions
What is the severity of REDHAT-BUG-2451577?
The severity of REDHAT-BUG-2451577 is categorized as a Denial of Service vulnerability.
How do I fix REDHAT-BUG-2451577?
To fix REDHAT-BUG-2451577, upgrade Squid to version 7.5 or later.
What kind of attack does REDHAT-BUG-2451577 allow?
REDHAT-BUG-2451577 allows a remote attacker to conduct a Denial of Service attack when handling ICP traffic.
Which versions of Squid are affected by REDHAT-BUG-2451577?
Squid versions prior to 7.5 are affected by REDHAT-BUG-2451577.
Can REDHAT-BUG-2451577 be exploited remotely?
Yes, REDHAT-BUG-2451577 can be exploited by a remote attacker.