Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2023-50269
PUBLISHED
More InfoOfficial Page
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
View Known Exploited Vulnerability (KEV) details
Published At-14 Dec, 2023 | 17:09
Updated At-21 May, 2025 | 14:31
Rejected At-
▼CVE Numbering Authority (CNA)
SQUID-2023:10 Denial of Service in HTTP Request parsing

Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to perform Denial of Service attack by sending a large X-Forwarded-For header when the follow_x_forwarded_for feature is configured. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives.

Affected Products
Vendor
Squid Cachesquid-cache
Product
squid
Versions
Affected
  • >= 2.6, <= 2.7.STABLE9
  • >= 3.1, <= 5.9
  • >= 6.0.1, < 6.6
Problem Types
TypeCWE IDDescription
CWECWE-674CWE-674: Uncontrolled Recursion
Metrics
VersionBase scoreBase severityVector
3.18.6HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/squid-cache/squid/security/advisories/GHSA-wgq4-4cfg-c4x3
x_refsource_CONFIRM
http://www.squid-cache.org/Versions/v5/SQUID-2023_10.patch
x_refsource_MISC
http://www.squid-cache.org/Versions/v6/SQUID-2023_10.patch
x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/
N/A
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/
N/A
https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html
N/A
https://security.netapp.com/advisory/ntap-20240119-0005/
N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/squid-cache/squid/security/advisories/GHSA-wgq4-4cfg-c4x3
x_refsource_CONFIRM
x_transferred
http://www.squid-cache.org/Versions/v5/SQUID-2023_10.patch
x_refsource_MISC
x_transferred
http://www.squid-cache.org/Versions/v6/SQUID-2023_10.patch
x_refsource_MISC
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/
x_transferred
https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html
x_transferred
https://security.netapp.com/advisory/ntap-20240119-0005/
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found