CVE-2023-49286
HIGHsquid < 6.4 - Denial of Service via Helper Process Management
Title source: llmDescription
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References (7)
Core 7
Core References
Vendor Advisory
https://security.netapp.com/advisory/ntap-20240119-0004/
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/
Vendor Advisory x_refsource_confirm
https://github.com/squid-cache/squid/security/advisories/GHSA-xggx-9329-3c27
Patch x_refsource_misc
https://github.com/squid-cache/squid/commit/6014c6648a2a54a4ecb7f952ea1163e0798f9264
Broken Link x_refsource_misc
http://www.squid-cache.org/Versions/v6/SQUID-2023_8.patch
Scores
CVSS v3
8.6
EPSS
0.1035
EPSS Percentile
95.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Details
CWE
CWE-754
CWE-253
CWE-617
Status
published
Products (1)
squid-cache/squid
< 6.4
Published
Dec 04, 2023
Tracked Since
Feb 18, 2026