Lucene search

Veracode Vulnerability DatabaseVERACODE:44369

HistoryNov 23, 2023 - 11:24 a.m.

Denial Of Service (DoS)

2023-11-2311:24:39

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

denial of service

libsquid.so

http digest authentication

cpu resources

vulnerability

squid server

7.2 High

AI Score

Confidence

High

0.03 Low

EPSS

Percentile

90.9%

JSON

libsquid.so is vulnerable to Denial of Service (DoS). The vulnerability occurs when an attacker sends a specially crafted HTTP Digest authentication request to a vulnerable Squid server. The request can cause the server to consume excessive CPU resources, leading to a DoS condition.

CPENameOperatorVersion
libsquid.soeq1.0.0
libsquid.soeq1.0.0

CPE	Name	Operator	Version
	libsquid.so	eq	1.0.0
	libsquid.so	eq	1.0.0

References

www.squid-cache.org/Versions/v6/SQUID-2023_3.patch

access.redhat.com/errata/RHSA-2023:6266

access.redhat.com/errata/RHSA-2023:6267

access.redhat.com/errata/RHSA-2023:6268

access.redhat.com/errata/RHSA-2023:6748

access.redhat.com/errata/RHSA-2023:6801

access.redhat.com/errata/RHSA-2023:6803

access.redhat.com/errata/RHSA-2023:6804

access.redhat.com/errata/RHSA-2023:6805

access.redhat.com/errata/RHSA-2023:6810

access.redhat.com/errata/RHSA-2023:6882

access.redhat.com/errata/RHSA-2023:6884

access.redhat.com/errata/RHSA-2023:7213

access.redhat.com/errata/RHSA-2023:7576

access.redhat.com/errata/RHSA-2023:7578

access.redhat.com/security/cve/CVE-2023-46847

bugzilla.redhat.com/show_bug.cgi?id=2245916

bugzilla.suse.com/show_bug.cgi?id=1216495

github.com/squid-cache/squid/commit/538ad49f1534abcfca1b305faf1b0e2663b6c8da

github.com/squid-cache/squid/pull/1517

github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g

lists.debian.org/debian-lts-announce/2024/01/msg00003.html

security.netapp.com/advisory/ntap-20231130-0002/