CVE-2023-46728

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Squid versions prior to 6.0.1

Description The issue is related to a NULL pointer dereference bug in Squid's Gopher gateway, making it vulnerable to a Denial of Service attack. The gopher protocol is always available and enabled in Squid prior to version 6.0.1. Responses that trigger this bug can be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1.

Recommendations For Squid versions prior to 6.0.1, users are advised to upgrade to version 6.0.1 or later to resolve the issue. As a temporary workaround for users unable to upgrade, reject all gopher URL requests to minimize the risk of exploitation.

Exploit

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2024:0046

ALSA-2024:0071

ALT-PU-2024-9370

AZL-31941

BDU:2024-01221

CESA-2024_0046

CVE-2023-46728

DLA-3709-1

DLA-4312-1

DSA-5637-1

GHSA-CG5H-V6VC-W33F

OESA-2023-1794

OPENSUSE-SU-2023_4544-1

RHSA-2024:0046

RHSA-2024:0071

RHSA-2024:0072

RHSA-2024:0397

RHSA-2024:0771

RHSA-2024:0772

RHSA-2024:0773

RHSA-2024:1153

RHSA-2024:1787

RHSA-2024_0046

RHSA-2024_0071

RHSA-2024_1787

RLSA-2024:0046

ROSA-SA-2024-2477

ROSA-SA-2024-2479

SUSE-SU-2023:4544-1

SUSE-SU-2023:4545-1

SUSE-SU-2023:4589-1

SUSE-SU-2023_4544-1

SUSE-SU-2023_4545-1

SUSE-SU-2023_4589-1

USN-6500-1

USN-6500-2

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Linuxmint

Red Hat

Rocky Linux

Squid

Squid Cache

Suse

Ubuntu

CVE-2023-46728

Weakness Enumeration

Related Identifiers

Affected Products

References · 73