CVE-2023-49286
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.019 Low
EPSS
Percentile
88.7%
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Affected configurations
References
www.squid-cache.org/Versions/v6/SQUID-2023_8.patch
github.com/squid-cache/squid/commit/6014c6648a2a54a4ecb7f952ea1163e0798f9264
github.com/squid-cache/squid/security/advisories/GHSA-xggx-9329-3c27
lists.debian.org/debian-lts-announce/2024/01/msg00003.html
lists.fedoraproject.org/archives/list/[email protected]/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/
lists.fedoraproject.org/archives/list/[email protected]/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/
security.netapp.com/advisory/ntap-20240119-0004/
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.019 Low
EPSS
Percentile
88.7%