CLSA-2026-1777054556 squid: Fix of 2 CVEs

CVE-2022-41317: fix exposure of sensitive cache manager information via non-HTTP URI schemes due to typo in default manager ACL regex - CVE-2023-49288: fix use-after-free in StoreEntry::startWriting reachable via oversized replies with collapsedforwarding enabled...

CLSA-2025-1761844638 Fix CVE(s): CVE-2023-49288, CVE-2023-5824

SECURITY UPDATE: excessive cached HTTP response header size causing worker process stall or crash - debian/patches/CVE-2023-5824.patch: Refactor serialized HTTP response header handling to prevent cache flow - CVE-2023-5824 SECURITY UPDATE: Use-After-Free in the HTTP Collapsed Forwarding Feature ...

EUVD-2023-53281

Malicious code in bioql PyPI...

CLSA-2025-1741034026 squid: Fix of CVE-2023-49288

CVE-2023-49288: fix Denial of Service in HTTP Collapsed Forwarding...

Mageia: Security Advisory (MGASA-2024-0126)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2024-0126 Updated squid packages fix security vulnerabilities

Affected versions of squid are subject to a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with "collapsedforwarding on" are vulnerable. Configurations with "collapsedforwarding off" or...

USN-6728-1 squid vulnerabilities

Joshua Rogers discovered that Squid incorrectly handled collapsed forwarding. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2023-49288 Joshua Rogers discovered that Squ...

Important: squid

Issue Overview: Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no know...

The vulnerability of the Collapsed Forwarding Handler component in the Squid proxy server allows a hacker to induce a service failure.

The vulnerability of the Collapsed Forwarding Handler component in the Squid proxy server is related to the use of memory after it is freed. Exploiting this vulnerability can allow a remote attacker to cause a service failure...

squid: Use-After-Free in the HTTP Collapsed Forwarding Feature

A flaw was found in Squid. The use of the HTTP Collapsed Forwarding configuration may allow an attacker to perform a denial of service remotely...

SUSE CVE-2023-49288

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with...

CVE-2023-49288

A flaw was found in Squid. The use of the HTTP Collapsed Forwarding configuration may allow an attacker to perform a denial of service remotely. Mitigation To mitigate this issue, lines for the 'collapsedforwarding' feature have to be removed from your squid.conf...

AZL-32073 CVE-2023-49288 affecting package squid 5.7-5

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with...

DEBIAN-CVE-2023-49288

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with...

CVE-2023-49288

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with...

Design/Logic Flaw

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with...

CVE-2023-49288

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with...

UBUNTU-CVE-2023-49288

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with...

CVE-2023-49288

CVE-2023-49288 affects Squid: any 3.5–5.9 with collapsed_forwarding on is vulnerable to a Use-After-Free leading to DoS via collapsed forwarding. The fixed version is Squid 6.0.1; if upgrading isn’t possible, remove all collapsed_forwarding lines from squid.conf. Other connected sources confirm m...

CVE-2023-49288 Denial of Service in HTTP Collapsed Forwarding in Squid

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with...