CVE-2023-49286

HIGH

Squid <6.5 - DoS

Title source: llm

Description

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

References (7)

[Mailing List] https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html

[Vendor Advisory] https://security.netapp.com/advisory/ntap-20240119-0004/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/[email protected]/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/[email protected]/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/

[Vendor Advisory] https://github.com/squid-cache/squid/security/advisories/GHSA-xggx-9329-3c27

[Patch] https://github.com/squid-cache/squid/commit/6014c6648a2a54a4ecb7f952ea1163e0798f9264

View Patch ZIP pw:eip

[Broken Link] http://www.squid-cache.org/Versions/v6/SQUID-2023_8.patch

Scores

CVSS v3 8.6

EPSS 0.0173

EPSS Percentile 82.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Details

CWE

CWE-754 CWE-253 CWE-617

Status published

Products (1)

squid-cache/squid < 6.4

Published Dec 04, 2023

Tracked Since Feb 18, 2026