Lucene search

K
cloudlinuxCloudLinuxCLSA-2023:1703183411
HistoryDec 21, 2023 - 6:30 p.m.

squid: Fix of 2 CVEs

2023-12-2118:30:15
repo.cloudlinux.com
10
cve-2023-49285
buffer overread
rfc 1123
cve-2023-49286
dos attack
helper process management
unix

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

7.3 High

AI Score

Confidence

Low

0.019 Low

EPSS

Percentile

88.7%

  • CVE-2023-49285: Fix date parsing in RFC 1123 to prevent Buffer OverRead
  • CVE-2023-49286: Fix DoS attack against Helper process management
OSVersionArchitecturePackageVersionFilename
Centos6x86_64squid< 3.1.23squid-3.1.23-30.el6.tuxcare.els10.src.rpm

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

7.3 High

AI Score

Confidence

Low

0.019 Low

EPSS

Percentile

88.7%