high
7.5
CWE
755
EPSS
0.991%
Advisory Published
CVE Published
Updated

CVE-2023-5824: Squid: dos against http and https

First published: Tue Oct 24 2023(Updated: )

A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk cache, resulting in a denial of service.

Credit: secalert@redhat.com secalert@redhat.com

Affected SoftwareAffected VersionHow to fix
Squid-Cache Squid<6.4
Redhat Enterprise Linux=6.0
Redhat Enterprise Linux=7.0
Redhat Enterprise Linux=8.0
Redhat Enterprise Linux=9.0
redhat/squid<6.4
6.4
debian/squid<=4.13-10+deb11u3<=5.7-2+deb12u2
6.12-1
<6.4
=6.0
=7.0
=8.0
=9.0

Remedy

https://github.com/squid-cache/squid/commit/a27bf4b84da23594150c7a86a23435df0b35b988

Remedy

https://github.com/squid-cache/squid/commit/57acdb7dcec38605ede048db82b495ba316e6311

Remedy

https://github.com/squid-cache/squid/commit/2f3efe5d9e1c9444cb3f95fc09cbbf52985f37bf

Remedy

https://github.com/squid-cache/squid/commit/18209199f8c330176401eac7ef2deb06ca4389b9

Remedy

https://git.rockylinux.org/staging/rpms/squid/-/blob/r9/SOURCES/squid-5.5-CVE-2023-5824.patch

Remedy

https://git.rockylinux.org/staging/rpms/squid/-/blob/r8-stream-4/SOURCES/squid-4.15-CVE-2023-5824.patch

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the vulnerability ID for this Squid vulnerability?

    The vulnerability ID for this Squid vulnerability is CVE-2023-5824.

  • What is the title of this vulnerability?

    The title of this vulnerability is 'Squid: dos against http and https'.

  • What is the description of this vulnerability?

    The description of this vulnerability is 'Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug.'

  • What is the severity rating of this vulnerability?

    The severity rating of this vulnerability is critical (9.6).

  • What software is affected by this vulnerability?

    The affected software is Squid version up to (but not including) 6.4, Redhat Enterprise Linux versions 6.0 to 9.0.

  • Where can I find more information about this vulnerability?

    More information about this vulnerability can be found at the following references: [1](https://access.redhat.com/security/cve/CVE-2023-5824), [2](https://bugzilla.redhat.com/show_bug.cgi?id=2245914), [3](https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255).

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203