CVE-2018-1000024

Name: CVE-2018-1000024
Creator: NVD / NIST
Published: 2018-02-09T23:29:00.73+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 8.08%

Last modified Jun 17, 2026

CVE-2018-1000024 is a vulnerability of currently unknown severity. The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax.. EPSS estimates a 8.08% chance of exploitation in the next 30 days.

Description

The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to 3.5.27, 4.0 to 4.0.22 contains a Incorrect Pointer Handling vulnerability in ESI Response Processing that can result in Denial of Service for all clients using the proxy.. This attack appear to be exploitable via Remote server delivers an HTTP response payload containing valid but unusual ESI syntax.. This vulnerability appears to have been fixed in 4.0.23 and later.

Metrics

EPSS Probability

8.08%

94.1th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Squid-Cache	Squid	>= 3.0, <= 3.5.27
Squid-Cache	Squid	>= 4.0, <= 4.0.22
Debian	Debian Linux	7.0
Debian	Debian Linux	8.0
Debian	Debian Linux	9.0
Canonical	Ubuntu Linux	14.04
Canonical	Ubuntu Linux	16.04
Canonical	Ubuntu Linux	17.10

References

http://www.squid-cache.org/Advisories/SQUID-2018_1.txtPatch, Vendor Advisory
http://www.squid-cache.org/Versions/Release Notes, Vendor Advisory
https://lists.debian.org/debian-lts-announce/2018/02/msg00001.htmlMailing List, Third Party Advisory
https://usn.ubuntu.com/3557-1/Third Party Advisory
https://usn.ubuntu.com/4059-2/
https://www.debian.org/security/2018/dsa-4122Third Party Advisory
http://www.squid-cache.org/Advisories/SQUID-2018_1.txtPatch, Vendor Advisory
http://www.squid-cache.org/Versions/Release Notes, Vendor Advisory
https://lists.debian.org/debian-lts-announce/2018/02/msg00001.htmlMailing List, Third Party Advisory
https://usn.ubuntu.com/3557-1/Third Party Advisory
https://usn.ubuntu.com/4059-2/
https://www.debian.org/security/2018/dsa-4122Third Party Advisory

Timeline

Published: Feb 9, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-1000024?

How severe is CVE-2018-1000024?

Severity scoring for CVE-2018-1000024 is pending analysis. The EPSS model estimates a 8.08% probability of exploitation in the next 30 days.

How do I fix CVE-2018-1000024?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-1000024?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST