CVE-2023-49286

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Configurations

Configuration 1 (hide)

cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*

History

19 Jan 2024, 16:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20240119-0004/ -
  • () https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html -

29 Dec 2023, 03:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/ -

08 Dec 2023, 17:30

Type Values Removed Values Added
CWE CWE-253 CWE-754
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CPE cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*
References () https://github.com/squid-cache/squid/security/advisories/GHSA-xggx-9329-3c27 - () https://github.com/squid-cache/squid/security/advisories/GHSA-xggx-9329-3c27 - Vendor Advisory
References () http://www.squid-cache.org/Versions/v6/SQUID-2023_8.patch - () http://www.squid-cache.org/Versions/v6/SQUID-2023_8.patch - Broken Link
References () https://github.com/squid-cache/squid/commit/6014c6648a2a54a4ecb7f952ea1163e0798f9264 - () https://github.com/squid-cache/squid/commit/6014c6648a2a54a4ecb7f952ea1163e0798f9264 - Patch

04 Dec 2023, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-04 23:15

Updated : 2024-02-05 00:22


NVD link : CVE-2023-49286

Mitre link : CVE-2023-49286

CVE.ORG link : CVE-2023-49286


JSON object : View

Products Affected

squid-cache

  • squid
CWE
CWE-617

Reachable Assertion

CWE-754

Improper Check for Unusual or Exceptional Conditions

CWE-253

Incorrect Check of Function Return Value