CVE-2023-49285
published 2023-12-04CVE-2023-49285: Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack…
PriorityP262high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
88.82%
99.8th percentile
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | squid | < squid 5.7-2+deb12u1 (bookworm) | squid 5.7-2+deb12u1 (bookworm) |
| squid-cache | squid | <= 6.4 | — |
| squid-cache | squid | — | — |
| squid | squid | >= 0 < 4.13-10+deb11u3 | 4.13-10+deb11u3 |
| squid | squid | >= 0 < 5.7-2+deb12u1 | 5.7-2+deb12u1 |
| squid | squid | >= 0 < 6.5-1 | 6.5-1 |
| squid | squid | >= 0 < 6.5-1 | 6.5-1 |
| squid | squid | >= 0 < 4.10-1ubuntu1.9 | 4.10-1ubuntu1.9 |
| squid | squid | >= 0 < 5.7-0ubuntu0.22.04.3 | 5.7-0ubuntu0.22.04.3 |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2023-49285 is exploitable remotely via crafted HTTP messages targeting Squid's HTTP Message processing feature, triggering a buffer over-read leading to denial of service (crash). Monitor for unexpected Squid process crashes or restarts following anomalous HTTP traffic. ↗
- →The attack vector is remote and requires no authentication — a remote attacker sending malformed HTTP messages to a vulnerable Squid instance can trigger the crash. Inspect HTTP traffic to Squid for malformed or oversized message headers/bodies. ↗
- →The security impact is limited to remote denial of service (no code execution). Prioritize detection of repeated Squid crashes or service unavailability as a signal of active exploitation. ↗
- ·No known workarounds exist; the only fix is upgrading Squid to version 6.5 or a patched distribution package (e.g., Debian bookworm: 5.7-2+deb12u1, bullseye: 4.13-10+deb11u3, forky/sid/trixie: 6.5-1). ↗
- ·Red Hat Enterprise Linux 6 packages (squid and squid34) are out of support scope and will not receive a fix. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_debian8.6HIGH
vendor_redhat8.6HIGH
vendor_ubuntu8.6HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Squid vulnerabilities
vendor_ubuntu·2024-06-27·CVSS 7.5
CVE-2023-49286 [HIGH] Squid vulnerabilities
Title: Squid vulnerabilities
Summary: Several security issues were fixed in Squid.
Joshua Rogers discovered that Squid incorrectly handled requests with the
urn: scheme. A remote attacker could possibly use this issue to cause
Squid to consume resources, leading to a denial of service. This issue
only affected Ubuntu 16.04 LTS. (CVE-2021-28651)
It was discovered that Squid incorrectly handled SSPI and SMB
authentication. A remote attacker could use this issue to cause Squid to
crash, resulting in a denial of service, or possibly obtain sensitive
information. This issue only affected Ubuntu 16.04 LTS. (CVE-2022-41318)
Joshua Rogers discovered that Squid incorrectly handled HTTP message
processing. A remote attacker could possibly use this issue to cause
Squid to crash, resulting in a de
Ubuntu
Squid vulnerabilities
vendor_ubuntu·2024-01-23·CVSS 8.6
CVE-2023-50269 [HIGH] Squid vulnerabilities
Title: Squid vulnerabilities
Summary: Several security issues were fixed in Squid.
Joshua Rogers discovered that Squid incorrectly handled HTTP message
processing. A remote attacker could possibly use this issue to cause
Squid to crash, resulting in a denial of service. (CVE-2023-49285)
Joshua Rogers discovered that Squid incorrectly handled Helper process
management. A remote attacker could possibly use this issue to cause
Squid to crash, resulting in a denial of service. (CVE-2023-49286)
Joshua Rogers discovered that Squid incorrectly handled HTTP request
parsing. A remote attacker could possibly use this issue to cause
Squid to crash, resulting in a denial of service. (CVE-2023-50269)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
squid: Buffer over-read in the HTTP Message processing feature
vendor_redhat·2023-12-04·CVSS 8.6
CVE-2023-49285 [HIGH] CWE-126 squid: Buffer over-read in the HTTP Message processing feature
squid: Buffer over-read in the HTTP Message processing feature
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
A buffer over-read flaw was found in Squid's HTTP Message processing feature. This issue may allow attackers to perform remote denial of service.
Statement: The only security impact of this vulnerability is a remote denial of service. For this reason, this flaw was rated with an important, and not critical, severity.
Mitigation: Mitigation for this issue is either not available or the currently available option
Debian
CVE-2023-49285: squid - Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due ...
vendor_debian·2023·CVSS 8.6
CVE-2023-49285 [HIGH] CVE-2023-49285: squid - Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due ...
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Scope: local
bookworm: resolved (fixed in 5.7-2+deb12u1)
bullseye: resolved (fixed in 4.13-10+deb11u3)
forky: resolved (fixed in 6.5-1)
sid: resolved (fixed in 6.5-1)
trixie: resolved (fixed in 6.5-1)
OSV
squid3 vulnerabilities
osv·2024-06-27·CVSS 7.5
CVE-2021-28651 [HIGH] squid3 vulnerabilities
squid3 vulnerabilities
Joshua Rogers discovered that Squid incorrectly handled requests with the
urn: scheme. A remote attacker could possibly use this issue to cause
Squid to consume resources, leading to a denial of service. This issue
only affected Ubuntu 16.04 LTS. (CVE-2021-28651)
It was discovered that Squid incorrectly handled SSPI and SMB
authentication. A remote attacker could use this issue to cause Squid to
crash, resulting in a denial of service, or possibly obtain sensitive
information. This issue only affected Ubuntu 16.04 LTS. (CVE-2022-41318)
Joshua Rogers discovered that Squid incorrectly handled HTTP message
processing. A remote attacker could possibly use this issue to cause
Squid to crash, resulting in a denial of service. (CVE-2023-49285)
Joshua Rogers discovered t
OSV
squid vulnerabilities
osv·2024-01-23·CVSS 7.5
CVE-2023-49285 [HIGH] squid vulnerabilities
squid vulnerabilities
Joshua Rogers discovered that Squid incorrectly handled HTTP message
processing. A remote attacker could possibly use this issue to cause
Squid to crash, resulting in a denial of service. (CVE-2023-49285)
Joshua Rogers discovered that Squid incorrectly handled Helper process
management. A remote attacker could possibly use this issue to cause
Squid to crash, resulting in a denial of service. (CVE-2023-49286)
Joshua Rogers discovered that Squid incorrectly handled HTTP request
parsing. A remote attacker could possibly use this issue to cause
Squid to crash, resulting in a denial of service. (CVE-2023-50269)
OSV
CVE-2023-49285: Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more
osv·2023-12-04·CVSS 7.5
CVE-2023-49285 [HIGH] CVE-2023-49285: Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.squid-cache.org/Versions/v5/SQUID-2023_7.patchhttp://www.squid-cache.org/Versions/v6/SQUID-2023_7.patchhttps://github.com/squid-cache/squid/commit/77b3fb4df0f126784d5fd4967c28ed40eb8d521bhttps://github.com/squid-cache/squid/commit/deee944f9a12c9fd399ce52f3e2526bb573a9470https://github.com/squid-cache/squid/security/advisories/GHSA-8w9r-p88v-mmx9https://lists.debian.org/debian-lts-announce/2024/01/msg00003.htmlhttps://lists.fedoraproject.org/archives/list/[email protected]/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/https://lists.fedoraproject.org/archives/list/[email protected]/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/https://security.netapp.com/advisory/ntap-20240119-0004/http://www.squid-cache.org/Versions/v5/SQUID-2023_7.patchhttp://www.squid-cache.org/Versions/v6/SQUID-2023_7.patchhttps://github.com/squid-cache/squid/commit/77b3fb4df0f126784d5fd4967c28ed40eb8d521bhttps://github.com/squid-cache/squid/commit/deee944f9a12c9fd399ce52f3e2526bb573a9470https://github.com/squid-cache/squid/security/advisories/GHSA-8w9r-p88v-mmx9https://lists.debian.org/debian-lts-announce/2024/01/msg00003.htmlhttps://lists.fedoraproject.org/archives/list/[email protected]/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/https://lists.fedoraproject.org/archives/list/[email protected]/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/https://security.netapp.com/advisory/ntap-20240119-0004/
2023-12-04
Published