Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM2844914EE251AE14C8400086753D4F98BE902A9C269780315C6DC19053C8D00F
HistoryJul 29, 2024 - 2:29 p.m.

Security Bulletin: IBM Security Guardium is affected by denial of service vulnerabilities (CVE-2023-46728, CVE-2023-49285, CVE-2023-49286)

2024-07-2914:29:29
www.ibm.com
7
ibm security guardium
denial of service
vulnerabilities
cve-2023-46728
cve-2023-49285
cve-2023-49286
update
squid-cache squid
buffer overread
null pointer dereference
fix
11.4
11.5
ibm support fix.

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

7.9

Confidence

High

JSON

Summary

IBM Security Guardium has addressed these vulnerabilities in an update.

Vulnerability Details

CVEID:CVE-2023-46728
**DESCRIPTION:**Squid-Cache Squid is vulnerable to a denial of service, caused by a NULL pointer dereference flaw in the Gopher gateway. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/270768 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2023-49285
**DESCRIPTION:**Squid-Cache Squid is vulnerable to a denial of service, caused by a buffer overread. A remote attacker could exploit this vulnerability to cause a denial of service against Squid HTTP Message processing.
CVSS Base score: 8.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/273112 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)

CVEID:CVE-2023-49286
**DESCRIPTION:**Squid-Cache Squid is vulnerable to a denial of service, caused by an incorrect check of function return value bug. A remote attacker could exploit this vulnerability to cause a denial of service against its Helper process management.
CVSS Base score: 8.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/273111 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Security Guardium 11.4
IBM Security Guardium 11.5

Remediation/Fixes

IBM encourages customers to update their systems promptly.

Product Versions ** Fix**
IBM Security Guardium 11.4 https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p491_Bundle_Jul-12-2024&includeSupersedes=0&source=fc
IBM Security Guardium 11.5 https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p545_Bundle_Jul-09-2024&includeSupersedes=0&source=fc

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmsecurity_guardiumMatch11.4
OR
ibmsecurity_guardiumMatch11.5
VendorProductVersionCPE
ibmsecurity_guardium11.4cpe:2.3:a:ibm:security_guardium:11.4:*:*:*:*:*:*:*
ibmsecurity_guardium11.5cpe:2.3:a:ibm:security_guardium:11.5:*:*:*:*:*:*:*

Related

oraclelinux 3
nessus 43
almalinux 2
osv 12
rocky 1
redhat 9
openvas 19
cloudlinux 4
redos 1
photon 4
ubuntu 4
debian 2
fedora 2
cve 3
ubuntucve 3
prion 3
debiancve 3
veracode 3
alpinelinux 3
amazon 6
redhatcve 3
cvelist 3
nvd 3
mageia 1
oraclelinux
oraclelinux
squid:4 security update
2024-01-04 00:00:00
squid security update
2024-01-10 00:00:00
squid security update
2024-04-11 00:00:00
nessus
nessus
AlmaLinux 8 : squid:4 (ALSA-2024:0046)
2024-01-04 00:00:00
RHEL 8 : squid:4 (RHSA-2024:0046)
2024-01-03 00:00:00
Rocky Linux 8 : squid:4 (RLSA-2024:0046)
2024-01-09 00:00:00
almalinux
almalinux
Important: squid security update
2024-01-08 00:00:00
Important: squid:4 security update
2024-01-03 00:00:00
osv
osv
Important: squid:4 security update
2024-01-09 04:07:10
Important: squid:4 security update
2024-01-03 00:00:00
Important: squid security update
2024-01-08 00:00:00
rocky
rocky
squid:4 security update
2024-01-09 04:07:10
redhat
redhat
(RHSA-2024:0071) Important: squid security update
2024-01-08 07:56:43
(RHSA-2024:0046) Important: squid:4 security update
2024-01-03 20:53:49
(RHSA-2024:0072) Important: squid security update
2024-01-08 07:56:48
openvas
openvas
openSUSE: Security Advisory for squid (SUSE-SU-2023:4698-1)
2024-03-04 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:4724-1)
2023-12-13 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:4825-1)
2023-12-15 00:00:00
cloudlinux
cloudlinux
squid: Fix of 2 CVEs
2023-12-21 18:30:15
squid34: Fix of 2 CVEs
2023-12-21 18:27:26
squid34: Fix of CVE-2023-46728
2023-12-13 19:41:17
redos
redos
ROS-20240812-04
2024-08-12 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2023-3.0-0701
2023-12-19 00:00:00
Important Photon OS Security Update - PHSA-2023-3.0-0697
2023-12-06 00:00:00
Important Photon OS Security Update - PHSA-2023-4.0-0520
2023-11-24 00:00:00
ubuntu
ubuntu
Squid vulnerabilities
2024-01-23 00:00:00
Squid vulnerabilities
2024-06-27 00:00:00
Squid vulnerabilities
2023-12-11 00:00:00
debian
debian
[SECURITY] [DLA 3709-1] squid security update
2024-01-09 00:08:19
[SECURITY] [DSA 5637-1] squid security update
2024-03-08 14:36:16
fedora
fedora
[SECURITY] Fedora 39 Update: squid-6.6-1.fc39
2023-12-29 01:14:29
[SECURITY] Fedora 38 Update: squid-6.6-1.fc38
2023-12-29 01:05:39
cve
cve
CVE-2023-49286
2023-12-04 23:15:27
CVE-2023-49285
2023-12-04 23:15:27
CVE-2023-46728
2023-11-06 18:15:08
ubuntucve
ubuntucve
CVE-2023-49285
2023-12-04 00:00:00
CVE-2023-46728
2023-11-06 00:00:00
CVE-2023-49286
2023-12-04 00:00:00
prion
prion
Design/Logic Flaw
2023-12-04 23:15:00
Null pointer dereference
2023-11-06 18:15:00
Design/Logic Flaw
2023-12-04 23:15:00
debiancve
debiancve
CVE-2023-49285
2023-12-04 23:15:27
CVE-2023-49286
2023-12-04 23:15:27
CVE-2023-46728
2023-11-06 18:15:08
veracode
veracode
Denial Of Service (DoS)
2023-12-05 06:23:09
Denial Of Service (DoS)
2023-12-05 06:44:34
Denial Of Service (DoS)
2023-11-10 05:38:32
alpinelinux
alpinelinux
CVE-2023-49286
2023-12-04 23:15:27
CVE-2023-49285
2023-12-04 23:15:27
CVE-2023-46728
2023-11-06 18:15:08
amazon
amazon
Medium: squid
2024-01-03 21:04:00
Important: squid
2024-03-13 20:26:00
Important: squid
2024-01-03 22:37:00
redhatcve
redhatcve
CVE-2023-49285
2023-12-05 12:40:19
CVE-2023-49286
2023-12-05 12:40:20
CVE-2023-46728
2023-11-07 14:37:53
cvelist
cvelist
CVE-2023-49285 Denial of Service in HTTP Message Processing in Squid
2023-12-04 22:56:55
CVE-2023-49286 Denial of Service in Helper Process management
2023-12-04 22:53:44
CVE-2023-46728 SQUID-2021:8 Denial of Service in Gopher gateway
2023-11-06 17:13:45
nvd
nvd
CVE-2023-49285
2023-12-04 23:15:27
CVE-2023-49286
2023-12-04 23:15:27
CVE-2023-46728
2023-11-06 18:15:08
mageia
mageia
Updated squid packages fix security vulnerabilities
2024-03-31 06:27:58

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

7.9

Confidence

High

JSON
Related for 2844914EE251AE14C8400086753D4F98BE902A9C269780315C6DC19053C8D00F
oraclelinux3nessus43almalinux2osv12rocky1redhat9openvas19cloudlinux4redos1photon4ubuntu4debian2fedora2cve3ubuntucve3prion3debiancve3veracode3alpinelinux3amazon6redhatcve3cvelist3nvd3mageia1