CVE-2023-49285

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Configurations

Configuration 1 (hide)

cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*

History

19 Jan 2024, 16:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20240119-0004/ -

09 Jan 2024, 02:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html -

29 Dec 2023, 03:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/ -
References () https://github.com/squid-cache/squid/security/advisories/GHSA-8w9r-p88v-mmx9 - () https://github.com/squid-cache/squid/security/advisories/GHSA-8w9r-p88v-mmx9 - Vendor Advisory
References () http://www.squid-cache.org/Versions/v6/SQUID-2023_7.patch - () http://www.squid-cache.org/Versions/v6/SQUID-2023_7.patch - Broken Link
References () https://github.com/squid-cache/squid/commit/77b3fb4df0f126784d5fd4967c28ed40eb8d521b - () https://github.com/squid-cache/squid/commit/77b3fb4df0f126784d5fd4967c28ed40eb8d521b - Patch
References () http://www.squid-cache.org/Versions/v5/SQUID-2023_7.patch - () http://www.squid-cache.org/Versions/v5/SQUID-2023_7.patch - Broken Link
References () https://github.com/squid-cache/squid/commit/deee944f9a12c9fd399ce52f3e2526bb573a9470 - () https://github.com/squid-cache/squid/commit/deee944f9a12c9fd399ce52f3e2526bb573a9470 - Patch
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CPE cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*
First Time Squid-cache squid
Squid-cache
CWE CWE-126 CWE-125

04 Dec 2023, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-04 23:15

Updated : 2024-02-28 20:54


NVD link : CVE-2023-49285

Mitre link : CVE-2023-49285

CVE.ORG link : CVE-2023-49285


JSON object : View

Products Affected

squid-cache

  • squid
CWE
CWE-125

Out-of-bounds Read

CWE-126

Buffer Over-read