Lucene search

K
mageiaGentoo FoundationMGASA-2024-0126
HistoryApr 12, 2024 - 11:45 p.m.

Updated squid packages fix security vulnerabilities

2024-04-1223:45:19
Gentoo Foundation
advisories.mageia.org
20
squid
use-after-free
denial of service

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.6%

Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with “collapsed_forwarding on” are vulnerable. Configurations with “collapsed_forwarding off” or without a “collapsed_forwarding” directive are not vulnerable. (CVE-2023-49288) Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug. (CVE-2023-5824)

OSVersionArchitecturePackageVersionFilename
Mageia9noarchsquid< 5.9-1.3squid-5.9-1.3.mga9

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.6%