CVE-2023-49285
Denial of Service in HTTP Message Processing in Squid
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Squid es un proxy de almacenamiento en caché para la Web que admite HTTP, HTTPS, FTP y más. Debido a un error de sobrelectura del búfer, Squid es vulnerable a un ataque de denegación de servicio contra el procesamiento de mensajes HTTP de Squid. Este error se solucionó con la versión 6.5 de Squid. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad.
A buffer over-read flaw was found in Squid's HTTP Message processing feature. This issue may allow attackers to perform remote denial of service.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-11-24 CVE Reserved
- 2023-12-04 CVE Published
- 2024-08-02 CVE Updated
- 2024-11-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
- CWE-126: Buffer Over-read
CAPEC
References (11)
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://github.com/squid-cache/squid/security/advisories/GHSA-8w9r-p88v-mmx9 | 2024-01-19 | |
https://access.redhat.com/security/cve/CVE-2023-49285 | 2024-04-11 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2252926 | 2024-04-11 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | <= 6.4 Search vendor "Squid-cache" for product "Squid" and version " <= 6.4" | - |
Affected
|