CVE-2023-50269 — Uncontrolled Recursion in Squid

CWE-674 — Uncontrolled Recursion8 documents6 sources

Severity

7.5HIGHNVD

CNA8.6

EPSS

1.2%

top 20.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Squid Squid-cache Squid

Timeline

PublishedDec 14

Latest updateJun 27

Description

Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to perform Denial of Service attack by sending a large X-Forwarded-For header when the follow_x_forwarded_for feature is configured. This bug is fixed by Squid version 6.6. In addition, patches addressing this …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶Debiansquid/squid< 4.13-10+deb11u3+3

▶NVDsquid-cache/squid3.1 — 5.9+3

▶CVEListV5squid-cache/squid>= 2.6, <= 2.7.STABLE9, >= 3.1, <= 5.9, >= 6.0.1, < 6.6+2

🔴Vulnerability Details

OSV

squid vulnerabilities↗2024-01-23

▶

CVEList

SQUID-2023:10 Denial of Service in HTTP Request parsing↗2023-12-14

▶

OSV

CVE-2023-50269: Squid is a caching proxy for the Web↗2023-12-14

▶

📋Vendor Advisories

Ubuntu

Squid vulnerabilities↗2024-06-27

▶

Ubuntu

Squid vulnerabilities↗2024-01-23

▶

Red Hat

squid: denial of service in HTTP request parsing↗2023-12-14

▶

Debian

CVE-2023-50269: squid - Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in ve...↗2023

▶