PT-2023-6825 · Openssl+10 · Openssl+11

Joshua Rogers

·

Published

2023-11-01

·

Updated

2026-03-29

·

CVE-2023-46724

CVSS v3.1

8.6

High

VectorAV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using --with-openssl
Description The issue is related to an Improper Validation of Specified Index bug in Squid, which allows a remote server to perform a Denial of Service attack against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump.
Recommendations For Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4, update to Squid version 6.4 or apply patches from Squid's patch archives to fix the issue. If using a prepackaged version of Squid, refer to the package vendor for availability information on updated packages. As a temporary workaround, consider restricting access to HTTPS and SSL-Bump to minimize the risk of exploitation.

Exploit

Fix

DoS

Improper Certificate Validation

Out of bounds Read

Improper Validation of Array Index

Related Identifiers

ALSA-2024:0046
ALSA-2024:0071
ALT-PU-2023-7250
ALT-PU-2023-7254
ALT-PU-2023-7461
ALT-PU-2024-9370
AZL-31838
BDU:2023-07699
CESA-2024_0046
CVE-2023-46724
DSA-5637-1
GHSA-73M6-JM96-C6R3
MGASA-2024-0102
OESA-2023-1794
OPENSUSE-SU-2023_4380-1
OPENSUSE-SU-2024:13398-1
RHSA-2024:0046
RHSA-2024:0071
RHSA-2024:0072
RHSA-2024:0397
RHSA-2024:0771
RHSA-2024:0772
RHSA-2024:0773
RHSA-2024:1153
RHSA-2024:1787
RHSA-2024_0046
RHSA-2024_0071
RHSA-2024_1787
RLSA-2024:0046
ROSA-SA-2024-2477
ROSA-SA-2024-2479
SUSE-SU-2023:4380-1
SUSE-SU-2023:4381-1
SUSE-SU-2023:4384-1
SUSE-SU-2023_4380-1
SUSE-SU-2023_4381-1
SUSE-SU-2023_4384-1
USN-6500-1

Affected Products

Alt Linux
Almalinux
Centos
Linuxmint
Openssl
Red Hat
Red Os
Rocky Linux
Squid
Squid Cache
Suse
Ubuntu