Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2023-49285
PUBLISHED
More InfoOfficial Page
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
View Known Exploited Vulnerability (KEV) details
Published At-04 Dec, 2023 | 22:56
Updated At-13 Feb, 2025 | 17:18
Rejected At-
▼CVE Numbering Authority (CNA)
Denial of Service in HTTP Message Processing in Squid

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected Products
Vendor
Squid Cachesquid-cache
Product
squid
Versions
Affected
  • >= 2.2, < 6.5
Problem Types
TypeCWE IDDescription
CWECWE-126CWE-126: Buffer Over-read
Metrics
VersionBase scoreBase severityVector
3.18.6HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/squid-cache/squid/security/advisories/GHSA-8w9r-p88v-mmx9
x_refsource_CONFIRM
https://github.com/squid-cache/squid/commit/77b3fb4df0f126784d5fd4967c28ed40eb8d521b
x_refsource_MISC
https://github.com/squid-cache/squid/commit/deee944f9a12c9fd399ce52f3e2526bb573a9470
x_refsource_MISC
http://www.squid-cache.org/Versions/v5/SQUID-2023_7.patch
x_refsource_MISC
http://www.squid-cache.org/Versions/v6/SQUID-2023_7.patch
x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/
N/A
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/
N/A
https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html
N/A
https://security.netapp.com/advisory/ntap-20240119-0004/
N/A
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/squid-cache/squid/security/advisories/GHSA-8w9r-p88v-mmx9
x_refsource_CONFIRM
x_transferred
https://github.com/squid-cache/squid/commit/77b3fb4df0f126784d5fd4967c28ed40eb8d521b
x_refsource_MISC
x_transferred
https://github.com/squid-cache/squid/commit/deee944f9a12c9fd399ce52f3e2526bb573a9470
x_refsource_MISC
x_transferred
http://www.squid-cache.org/Versions/v5/SQUID-2023_7.patch
x_refsource_MISC
x_transferred
http://www.squid-cache.org/Versions/v6/SQUID-2023_7.patch
x_refsource_MISC
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/
x_transferred
https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html
x_transferred
https://security.netapp.com/advisory/ntap-20240119-0004/
x_transferred
Details not found