CVE-2023-49288

CVSS v3.1

8.6

High

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Squid versions 3.5 through 5.9

Description Squid is a caching proxy for the Web that supports HTTP, HTTPS, FTP, and more. The affected versions of Squid are subject to a Use-After-Free bug, which can lead to a Denial of Service attack via collapsed forwarding. This issue arises when Squid is configured with "collapsed forwarding on". Configurations with "collapsed forwarding off" or without a "collapsed forwarding" directive are not vulnerable.

Recommendations For Squid versions 3.5 through 5.9, users are advised to upgrade to version 6.0.1 to fix the bug. For users unable to upgrade, it is recommended to remove all collapsed forwarding lines from their squid.conf as a temporary workaround.

Exploit

Fix

DoS

Use After Free

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-119

Related Identifiers

ALT-PU-2024-9370

AZL-32073

BDU:2023-09004

CESA-2023_7668

CVE-2023-49288

GHSA-RJ5H-46J6-Q2G5

MGASA-2024-0126

OPENSUSE-SU-2024:13631-1

RHSA-2023:7465

RHSA-2023:7668

RHSA-2023_7465

RHSA-2023_7668

USN-6728-1

USN-6728-2

USN-6728-3

Affected Products

Alt Linux

Centos

Debian

Linuxmint

Red Hat

Red Os

Rocky Linux

Squid

Squid Cache

Ubuntu

CVE-2023-49288

Weakness Enumeration

Related Identifiers

Affected Products

References · 48