CVE-2024-45802 is a vulnerability identified in the widely used open-source caching proxy Squid, affecting versions from 3.0 up to 6.10. The root cause lies in improper input validation (CWE-20) that leads to resource management errors, specifically premature release of resources during their expected lifetime and failure to release resources after their effective lifetime. These bugs enable a trusted server—one that the Squid proxy communicates with—to induce a denial of service (DoS) condition affecting all clients relying on the proxy. The attack vector is network-based, requiring no authentication or user interaction, making it relatively easy to exploit remotely. The vulnerability impacts availability exclusively, as it does not compromise confidentiality or integrity. The flaw is addressed in Squid version 6.10, which includes fixes in the default build configuration. Although no exploits have been observed in the wild, the vulnerability’s characteristics and the critical role of Squid proxies in network infrastructure make it a significant threat. Squid proxies are commonly deployed in enterprise, educational, and governmental networks to cache and filter web traffic, making the disruption of these services potentially impactful on business continuity and user experience.

For European organizations, the primary impact of CVE-2024-45802 is denial of service, which can disrupt access to web resources for all clients behind a vulnerable Squid proxy. This can lead to significant operational downtime, affecting productivity, especially in sectors heavily reliant on web access such as finance, education, healthcare, and government services. The vulnerability could be exploited by a trusted server within the network or by an attacker who gains control over such a server, potentially causing widespread service outages. Given Squid’s role in caching and filtering traffic, the DoS could also degrade network performance and increase bandwidth costs due to lack of caching efficiency. Although no data confidentiality or integrity is compromised, the availability impact alone can cause reputational damage and financial losses. The lack of required authentication and user interaction increases the risk of exploitation. Organizations using older Squid versions are particularly vulnerable until they apply the patch or upgrade.

The most effective mitigation is to upgrade all Squid proxy instances to version 6.10 or later, where the vulnerability is fixed in the default build configuration. Organizations should audit their network to identify all Squid deployments and verify their versions. Network segmentation and strict access controls should be implemented to limit which servers are trusted by the proxy, reducing the attack surface. Monitoring and logging of proxy traffic can help detect unusual patterns indicative of exploitation attempts. Additionally, deploying rate limiting or connection throttling on trusted server connections may mitigate the impact of resource exhaustion attacks. Organizations should also maintain an incident response plan to quickly address potential DoS incidents. Since no known exploits are in the wild, proactive patching and network hygiene remain the best defenses.