HIGH✓ PATCH🇬🇧 English

CVE-2023-49285

CVSS 8.6v3.1pub. 2023-12-04upd. 2024-11-21

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
  • Squid Cache Squid

    APP
    Squid-Cache
    ≤ 6.4
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
DoS
CWE
Referencje

Powiązane podatności

CVE-2026-33526CRITICAL9.2PL ✓ten sam produkt

Squid: Use-After-Free w obsłudze ruchu ICP umożliwia atak DoS

CVE-2025-62168CRITICAL10.0PL ✓ten sam produkt

Squid: ujawnienie danych uwierzytelniających HTTP przez błędy obsługi

CVE-2025-54574CRITICAL9.3PL ✓ten sam produkt

Heap buffer overflow w Squid podczas przetwarzania URN – możliwy RCE

CVE-2023-46846CRITICAL9.3ten sam produkt

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to...

CVE-2020-15049CRITICAL9.9ten sam produkt

An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Reque...