Lucene search

K
oraclelinuxOracleLinuxELSA-2024-0046
HistoryJan 04, 2024 - 12:00 a.m.

squid:4 security update

2024-01-0400:00:00
linux.oracle.com
13
squid
security
update
ssl
dos
gopher protocol
http
buffer over-read

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

7.1 High

AI Score

Confidence

Low

0.019 Low

EPSS

Percentile

88.7%

libecap
squid
[7:4.15-7.5]

  • Fix squid: Denial of Service in SSL Certificate validation (CVE-2023-46724)
  • Fix squid: NULL pointer dereference in the gopher protocol code (CVE-2023-46728)
  • Fix squid: Buffer over-read in the HTTP Message processing feature (CVE-2023-49285)
  • Fix squid: Incorrect Check of Function Return Value In Helper Process management(CVE-2023-49286)
    [7:4.15-7.3]
  • Fix squid: DoS against HTTP and HTTPS (CVE-2023-5824)
    [7:4.15-7.1]
  • Resolves: RHEL-14801 - squid: squid: Denial of Service in HTTP Digest
    Authentication
  • Resolves: RHEL-14776 - squid: squid: Request/Response smuggling in HTTP/1.1
    and ICAP

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

7.1 High

AI Score

Confidence

Low

0.019 Low

EPSS

Percentile

88.7%