CVE-2023-50269

Name of the Vulnerable Software and Affected Versions Squid versions 2.6 through 2.7.STABLE9 Squid versions 3.1 through 5.9 Squid versions 6.0.1 through 6.5

Description The issue is related to an Uncontrolled Recursion bug in the Squid caching proxy, which may allow a remote client to perform a Denial of Service attack against HTTP Request parsing. This can be achieved by sending a large X-Forwarded-For header when the follow x forwarded for feature is configured. The problem is associated with the follow x forwarded for() function and the handling of X-Forwarded-For HTTP request headers.

Recommendations For Squid versions 2.6 through 2.7.STABLE9, update to a version that includes the fix, such as Squid version 6.6, or apply patches from Squid's patch archives. For Squid versions 3.1 through 5.9, update to a version that includes the fix, such as Squid version 6.6, or apply patches from Squid's patch archives. For Squid versions 6.0.1 through 6.5, update to Squid version 6.6 or apply patches from Squid's patch archives. As a temporary workaround, consider disabling the follow x forwarded for feature to minimize the risk of exploitation.