cbcvebase.
CVE-2023-49285
published 2023-12-04

CVE-2023-49285: Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack…

PriorityP262high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
88.82%
99.8th percentile
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected

9 ranges
VendorProductVersion rangeFixed in
debiansquid< squid 5.7-2+deb12u1 (bookworm)squid 5.7-2+deb12u1 (bookworm)
squid-cachesquid<= 6.4
squid-cachesquid
squidsquid>= 0 < 4.13-10+deb11u34.13-10+deb11u3
squidsquid>= 0 < 5.7-2+deb12u15.7-2+deb12u1
squidsquid>= 0 < 6.5-16.5-1
squidsquid>= 0 < 6.5-16.5-1
squidsquid>= 0 < 4.10-1ubuntu1.94.10-1ubuntu1.9
squidsquid>= 0 < 5.7-0ubuntu0.22.04.35.7-0ubuntu0.22.04.3

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2023-49285 is exploitable remotely via crafted HTTP messages targeting Squid's HTTP Message processing feature, triggering a buffer over-read leading to denial of service (crash). Monitor for unexpected Squid process crashes or restarts following anomalous HTTP traffic.
  • The attack vector is remote and requires no authentication — a remote attacker sending malformed HTTP messages to a vulnerable Squid instance can trigger the crash. Inspect HTTP traffic to Squid for malformed or oversized message headers/bodies.
  • The security impact is limited to remote denial of service (no code execution). Prioritize detection of repeated Squid crashes or service unavailability as a signal of active exploitation.
  • ·No known workarounds exist; the only fix is upgrading Squid to version 6.5 or a patched distribution package (e.g., Debian bookworm: 5.7-2+deb12u1, bullseye: 4.13-10+deb11u3, forky/sid/trixie: 6.5-1).
  • ·Red Hat Enterprise Linux 6 packages (squid and squid34) are out of support scope and will not receive a fix.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_debian8.6HIGH
vendor_redhat8.6HIGH
vendor_ubuntu8.6HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.