Due to chunked decoder lenience Squid is vulnerable to Request/Response smuggling attacks when parsing HTTP/1.1 and ICAP messages.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | squid | 2024-04-25 16:04 | ALAS-2024-1933 |
Amazon Linux 2 - Core | squid | 2024-03-27 21:32 | ALAS2-2024-2509 |
Amazon Linux 2023 | squid | 2023-11-09 21:29 | ALAS2023-2023-429 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 8.2 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N |
NVD | CVSSv3 | 9.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N |