First published: Mon Dec 04 2023(Updated: )
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Credit: security-advisories@github.com security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Squid-Cache Squid | <=6.4 | |
debian/squid | <=4.6-1+deb10u7<=4.13-10+deb11u2<=5.7-2 | 4.6-1+deb10u10 4.13-10+deb11u3 5.7-2+deb12u1 6.6-1 6.9-1 |
redhat/squid | <6.5 | 6.5 |
ubuntu/squid | <4.10-1ubuntu1.9 | 4.10-1ubuntu1.9 |
ubuntu/squid | <5.7-0ubuntu0.22.04.3 | 5.7-0ubuntu0.22.04.3 |
ubuntu/squid | <5.7-1ubuntu3.2 | 5.7-1ubuntu3.2 |
ubuntu/squid | <6.1-2ubuntu1.2 | 6.1-2ubuntu1.2 |
ubuntu/squid | <6.5-1ubuntu1 | 6.5-1ubuntu1 |
ubuntu/squid | <6.5-1 | 6.5-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-49285 is a vulnerability in Squid that allows for a Denial of Service attack.
CVE-2023-49285 has a severity rating of 8.6 (high).
CVE-2023-49285 affects Squid versions 6.4 and below.
CVE-2023-49285 can be fixed by upgrading to Squid version 6.5.
There are no known workarounds for CVE-2023-49285.