CVE DATABASE / CVE-2023-49286
CVE-2023-49286
CVSS 8.6 · HIGH
Summary
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS 3.1 breakdown
| Base score | 8.6 (HIGH) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | NONE |
| Scope | CHANGED |
| Confidentiality | NONE |
| Integrity | NONE |
| Availability | HIGH |
Weakness type (CWE)
Affected products
Squid-cache squid
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://www.squid-cache.org/Versions/v6/SQUID-2023_8.patch
- https://github.com/squid-cache/squid/commit/6014c6648a2a54a4ecb7f952ea1163e0798f9264
- https://github.com/squid-cache/squid/security/advisories/GHSA-xggx-9329-3c27
- https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/
- https://security.netapp.com/advisory/ntap-20240119-0004/
Data: NIST NVD. NVD last modified 2024-11-21. Always verify against the vendor advisory before acting.