Login Sign Up

CVE-2024-25111

8.6 HIGH
Denial of Service

📋 TL;DR

CVE-2024-25111 is an uncontrolled recursion vulnerability in Squid's HTTP chunked decoder that allows remote attackers to cause denial of service by sending specially crafted chunked HTTP messages. This affects Squid installations from version 3.5.27 through 6.7. Organizations using Squid as a web proxy or cache server are vulnerable.

💻 Affected Systems

Products:
  • Squid
Versions: 3.5.27 through 6.7
Operating Systems: All operating systems running Squid
Default Config Vulnerable: ⚠️ Yes
Notes: All Squid configurations that process HTTP traffic are vulnerable. The vulnerability is in the core chunked decoder.

📦 What is this software?

Bluexp by Netapp

View all CVEs affecting Bluexp →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Squid by Squid Cache

View all CVEs affecting Squid →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service outage of Squid proxy, disrupting all web traffic and caching services for dependent systems.

🟠

Likely Case

Squid process crashes or becomes unresponsive, requiring manual restart and causing temporary service disruption.

🟢

If Mitigated

Limited impact if Squid is behind load balancers with automatic failover or if traffic can be rerouted.

🌐 Internet-Facing: HIGH - Squid proxies are often internet-facing, making them directly accessible to attackers.
🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Attack requires sending crafted HTTP messages but no authentication needed. No public exploit code identified yet.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.8

Vendor Advisory: https://github.com/squid-cache/squid/security/advisories/GHSA-72c2-c3wm-8qxc

Restart Required: Yes

Instructions:

1. Download Squid 6.8 from squid-cache.org or apply relevant patch from patch archives. 2. Backup current configuration. 3. Install new version following OS package manager or compile from source. 4. Restart Squid service.

🔧 Temporary Workarounds

No workaround available

all

The advisory states there is no workaround for this vulnerability

🧯 If You Can't Patch

  • Implement network segmentation to restrict access to Squid instances
  • Deploy WAF or reverse proxy in front of Squid to filter malicious HTTP traffic

🔍 How to Verify

Check if Vulnerable:

Check Squid version with 'squid -v' or 'squid --version'. If version is between 3.5.27 and 6.7 inclusive, system is vulnerable.

Check Version:

squid -v || squid --version

Verify Fix Applied:

After patching, verify version is 6.8 or later with 'squid -v'. Test Squid functionality with normal HTTP traffic.

📡 Detection & Monitoring

Log Indicators:

  • Multiple process crashes/restarts
  • Unusual chunked HTTP requests
  • Memory exhaustion errors in logs

Network Indicators:

  • Unusually large or malformed chunked HTTP requests to Squid ports
  • Traffic patterns causing repeated Squid restarts

SIEM Query:

source="squid" AND ("fatal" OR "crash" OR "restarting")

📊 Metadata

CVE ID: CVE-2024-25111
CVSS v3 Score: 8.6 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CWE: CWE-674
Published: March 6, 2024
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-25111, you might also want to check these:

CVE-2023-51803 9.8

This vulnerability in Heimdall allows attackers to upload malicious icons containing PHP code, poten...

Same vulnerability type (CWE-674)
CVE-2024-37973 8.8

CVE-2024-37973 is a Secure Boot security feature bypass vulnerability that allows attackers to circu...

Same vulnerability type (CWE-674)
CVE-2024-20311 8.6

An unauthenticated remote attacker can send specially crafted LISP packets to vulnerable Cisco devic...

Same vulnerability type (CWE-674)