First published: Tue Oct 24 2023(Updated: )
Description: a) Due to an Improper Handling of Structural Elements bug Squid is vulnerable to a Denial of Service attack against HTTP and HTTPS clients. b) Due to an Incomplete Filtering of Special Elements bug Squid is vulnerable to a Denial of Service attack against HTTP and HTTPS clients. Reference: <a href="https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255">https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255</a> Affected versions: < 6.4
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/squid | <6.4 | 6.4 |
Squid-Cache Squid | <6.4 | |
Redhat Enterprise Linux | =6.0 | |
Redhat Enterprise Linux | =7.0 | |
Redhat Enterprise Linux | =8.0 | |
Redhat Enterprise Linux | =9.0 | |
debian/squid | <=4.6-1+deb10u7<=4.6-1+deb10u10<=4.13-10+deb11u2<=4.13-10+deb11u3<=5.7-2<=5.7-2+deb12u1 | 6.6-1 6.9-1 |
ubuntu/squid | <4.10-1ubuntu1.12 | 4.10-1ubuntu1.12 |
ubuntu/squid | <5.7-0ubuntu0.22.04.4 | 5.7-0ubuntu0.22.04.4 |
ubuntu/squid | <6.1-2ubuntu1.3 | 6.1-2ubuntu1.3 |
ubuntu/squid | <6.5-1ubuntu1 | 6.5-1ubuntu1 |
ubuntu/squid | <6.5 | 6.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Squid vulnerability is CVE-2023-5824.
The title of this vulnerability is 'Squid: dos against http and https'.
The description of this vulnerability is 'Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug.'
The severity rating of this vulnerability is critical (9.6).
The affected software is Squid version up to (but not including) 6.4, Redhat Enterprise Linux versions 6.0 to 9.0.
More information about this vulnerability can be found at the following references: [1](https://access.redhat.com/security/cve/CVE-2023-5824), [2](https://bugzilla.redhat.com/show_bug.cgi?id=2245914), [3](https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255).