Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with "collapsed_forwarding on" are vulnerable. Configurations with "collapsed_forwarding off" or without a "collapsed_forwarding" directive are not vulnerable. This bug is fixed by Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should remove all collapsed_forwarding lines from their squid.conf.
References
Configurations
History
21 Nov 2024, 08:33
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.6 |
References | () https://github.com/squid-cache/squid/security/advisories/GHSA-rj5h-46j6-q2g5 - Vendor Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/ - | |
References | () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/ - | |
References | () https://security.netapp.com/advisory/ntap-20240119-0006/ - |
19 Jan 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Dec 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 Dec 2023, 17:29
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:* | |
References | () https://github.com/squid-cache/squid/security/advisories/GHSA-rj5h-46j6-q2g5 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
04 Dec 2023, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-04 23:15
Updated : 2024-11-21 08:33
NVD link : CVE-2023-49288
Mitre link : CVE-2023-49288
CVE.ORG link : CVE-2023-49288
JSON object : View
Products Affected
squid-cache
- squid
CWE
CWE-416
Use After Free