CVE-2023-49286 — Incorrect Check of Function Return Value in Squid

CWE-253 — Incorrect Check of Function Return Value CWE-617 — Reachable Assertion CWE-754 — Improper Check for Unusual or Exceptional Conditions8 documents6 sources

Severity

7.5HIGHNVD

CNA8.6

EPSS

1.9%

top 16.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Squid-cache Squid Squid

Timeline

PublishedDec 4

Latest updateJun 27

Description

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5squid-cache/squid< 6.5

▶Debiansquid/squid< 4.13-10+deb11u3+3

▶Ubuntusquid/squid< 4.10-1ubuntu1.9+1

▶NVDsquid-cache/squid6.4

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

squid vulnerabilities↗2024-01-23

▶

CVEList

Denial of Service in Helper Process management↗2023-12-04

▶

OSV

CVE-2023-49286: Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more↗2023-12-04

▶

📋Vendor Advisories

Ubuntu

Squid vulnerabilities↗2024-06-27

▶

Ubuntu

Squid vulnerabilities↗2024-01-23

▶

Red Hat

squid: Incorrect Check of Function Return Value In Helper Process management↗2023-12-04

▶

Debian

CVE-2023-49286: squid - Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due ...↗2023

▶