USN-6500-1: Squid vulnerabilities

First published: Tue Nov 21 2023(Updated: )

Joshua Rogers discovered that Squid incorrectly handled validating certain SSL certificates. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. (CVE-2023-46724) Joshua Rogers discovered that Squid incorrectly handled the Gopher protocol. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. Gopher support has been disabled in this update. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. (CVE-2023-46728) Keran Mu and Jianjun Chen discovered that Squid incorrectly handled the chunked decoder. A remote attacker could possibly use this issue to perform HTTP request smuggling attacks. (CVE-2023-46846) Joshua Rogers discovered that Squid incorrectly handled HTTP Digest Authentication. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. (CVE-2023-46847) Joshua Rogers discovered that Squid incorrectly handled certain FTP urls. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. (CVE-2023-46848)

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/severity
• agent/type
• agent/last-modified-date
• agent/softwarecombine
• agent/first-publish-date
• agent/references
• agent/title
• agent/description
• agent/event
• agent/trending
• agent/source
• agent/tags
• collector/usn
• source/Ubuntu
• anchor-related/USN-6500-2
• agent/software-canonical-lookup
• agent/software-canonical-lookup-request
• package-manager/ubuntu
• vendor/ubuntu
• canonical/ubuntu linux
• version/ubuntu linux/23.10
• version/ubuntu linux/23.04
• version/ubuntu linux/22.04
• version/ubuntu linux/20.04