← Retour aux CVEs
CVE-2023-49285
HIGH8.6
Description
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Details CVE
Score CVSS v3.18.6
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie12/4/2023
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
squid-cache:squid
Faiblesses (CWE)
CWE-126CWE-125
References
http://www.squid-cache.org/Versions/v5/SQUID-2023_7.patch(security-advisories@github.com)
http://www.squid-cache.org/Versions/v6/SQUID-2023_7.patch(security-advisories@github.com)
https://github.com/squid-cache/squid/commit/77b3fb4df0f126784d5fd4967c28ed40eb8d521b(security-advisories@github.com)
https://github.com/squid-cache/squid/commit/deee944f9a12c9fd399ce52f3e2526bb573a9470(security-advisories@github.com)
https://github.com/squid-cache/squid/security/advisories/GHSA-8w9r-p88v-mmx9(security-advisories@github.com)
https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html(security-advisories@github.com)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/(security-advisories@github.com)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/(security-advisories@github.com)
https://security.netapp.com/advisory/ntap-20240119-0004/(security-advisories@github.com)
http://www.squid-cache.org/Versions/v5/SQUID-2023_7.patch(af854a3a-2127-422b-91ae-364da2661108)
http://www.squid-cache.org/Versions/v6/SQUID-2023_7.patch(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/squid-cache/squid/commit/77b3fb4df0f126784d5fd4967c28ed40eb8d521b(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/squid-cache/squid/commit/deee944f9a12c9fd399ce52f3e2526bb573a9470(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/squid-cache/squid/security/advisories/GHSA-8w9r-p88v-mmx9(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20240119-0004/(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.