CVE-2023-46728
SQUID-2021:8 Denial of Service in Gopher gateway
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests.
Squid es un proxy de almacenamiento en caché para la Web que admite HTTP, HTTPS, FTP y más. Debido a un bug de desreferencia de NULL pointer, Squid es vulnerable a un ataque de Denegación de Servicio contra la puerta de enlace Gopher de Squid. El protocolo Gopher siempre está disponible y habilitado en Squid antes de Squid 6.0.1. Es posible recibir respuestas que desencadenen este error desde cualquier servidor Gopher, incluso aquellos sin intenciones maliciosas. La compatibilidad con Gopher se eliminó en la versión 6.0.1 de Squid. Se recomienda a los usuarios que actualicen. Los usuarios que no puedan actualizar deben rechazar todas las solicitudes de URL de Gopher.
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid. This issue may lead to a remote denial of service via gopher URL requests.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-10-25 CVE Reserved
- 2023-11-06 CVE Published
- 2024-08-02 CVE Updated
- 2024-11-12 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (7)
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://github.com/squid-cache/squid/commit/6ea12e8fb590ac6959e9356a81aa3370576568c3 | 2023-12-29 |
URL | Date | SRC |
---|---|---|
https://github.com/squid-cache/squid/security/advisories/GHSA-cg5h-v6vc-w33f | 2023-12-29 | |
https://access.redhat.com/security/cve/CVE-2023-46728 | 2024-04-11 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2248521 | 2024-04-11 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | < 6.0.1 Search vendor "Squid-cache" for product "Squid" and version " < 6.0.1" | - |
Affected
|