CVE-2023-5824 – Squid: dos against http and https
https://notcve.org/view.php?id=CVE-2023-5824
Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug. Squid es vulnerable a ataques de Denegación de Servicio contra clientes HTTP y HTTPS debido a un error en el manejo inadecuado de elementos estructurales. A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk cache, resulting in a denial of service. • https://access.redhat.com/errata/RHSA-2023:7465 https://access.redhat.com/errata/RHSA-2023:7668 https://access.redhat.com/errata/RHSA-2024:0072 https://access.redhat.com/errata/RHSA-2024:0397 https://access.redhat.com/errata/RHSA-2024:0771 https://access.redhat.com/errata/RHSA-2024:0772 https://access.redhat.com/errata/RHSA-2024:0773 https://access.redhat.com/errata/RHSA-2024:1153 https://access.redhat.com/security/cve/CVE-2023-5824 https://bugzilla.redhat.com/show • CWE-755: Improper Handling of Exceptional Conditions •
CVE-2023-46846 – Squid: request/response smuggling in http/1.1 and icap
https://notcve.org/view.php?id=CVE-2023-46846
SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems. SQUID es vulnerable al contrabando de solicitudes HTTP, causado por la indulgencia de los decodificadores fragmentados, lo que permite a un atacante remoto realizar el contrabando de solicitudes/respuestas a través del firewall y los sistemas de seguridad frontales. • https://access.redhat.com/errata/RHSA-2023:6266 https://access.redhat.com/errata/RHSA-2023:6267 https://access.redhat.com/errata/RHSA-2023:6268 https://access.redhat.com/errata/RHSA-2023:6748 https://access.redhat.com/errata/RHSA-2023:6801 https://access.redhat.com/errata/RHSA-2023:6803 https://access.redhat.com/errata/RHSA-2023:6804 https://access.redhat.com/errata/RHSA-2023:6810 https://access.redhat.com/errata/RHSA-2023:7213 https://access.redhat.com/security/cve • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVE-2023-38473 – Reachable assertion in avahi_alternative_host_name
https://notcve.org/view.php?id=CVE-2023-38473
A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function. Se encontró una vulnerabilidad en Avahi. Existe una afirmación alcanzable en la función avahi_alternative_host_name(). • https://access.redhat.com/security/cve/CVE-2023-38473 https://bugzilla.redhat.com/show_bug.cgi?id=2191694 • CWE-617: Reachable Assertion •
CVE-2023-38472 – Reachable assertion in avahi_rdata_parse
https://notcve.org/view.php?id=CVE-2023-38472
A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function. Se encontró una vulnerabilidad en Avahi. Existe una afirmación alcanzable en la función avahi_rdata_parse(). • https://access.redhat.com/security/cve/CVE-2023-38472 https://bugzilla.redhat.com/show_bug.cgi?id=2191692 • CWE-617: Reachable Assertion •
CVE-2023-38471 – Reachable assertion in dbus_set_host_name
https://notcve.org/view.php?id=CVE-2023-38471
A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function. Se encontró una vulnerabilidad en Avahi. Existe una afirmación alcanzable en la función dbus_set_host_name. • https://access.redhat.com/security/cve/CVE-2023-38471 https://bugzilla.redhat.com/show_bug.cgi?id=2191691 • CWE-617: Reachable Assertion •