First published: Mon Dec 04 2023(Updated: )
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Credit: security-advisories@github.com security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Squid-Cache Squid | <=6.4 | |
debian/squid | <=4.6-1+deb10u7<=4.13-10+deb11u2<=5.7-2 | 4.6-1+deb10u10 4.13-10+deb11u3 5.7-2+deb12u1 6.6-1 6.9-1 |
redhat/squid | <6.5 | 6.5 |
ubuntu/squid | <4.10-1ubuntu1.9 | 4.10-1ubuntu1.9 |
ubuntu/squid | <5.7-0ubuntu0.22.04.3 | 5.7-0ubuntu0.22.04.3 |
ubuntu/squid | <5.7-1ubuntu3.2 | 5.7-1ubuntu3.2 |
ubuntu/squid | <6.1-2ubuntu1.2 | 6.1-2ubuntu1.2 |
ubuntu/squid | <6.5-1ubuntu1 | 6.5-1ubuntu1 |
ubuntu/squid | <6.5-1 | 6.5-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-49286 is a vulnerability in Squid, a caching proxy for the Web, that allows for a Denial of Service attack against its Helper process management.
The severity of CVE-2023-49286 is high, with a severity value of 8.6.
CVE-2023-49286 affects Squid versions up to and including 6.4.
CVE-2023-49286 can be fixed by upgrading to Squid version 6.5 or later.
More information about CVE-2023-49286 can be found in the following references: [GitHub Advisory](https://github.com/squid-cache/squid/security/advisories/GHSA-xggx-9329-3c27), [GitHub Commit](https://github.com/squid-cache/squid/commit/6014c6648a2a54a4ecb7f952ea1163e0798f9264), [Squid Patch](http://www.squid-cache.org/Versions/v6/SQUID-2023_8.patch).