CVE-2023-46728

CVSS V2 None CVSS V3 None

Description

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests.

Overview

CVE ID
CVE-2023-46728

Assigner
GitHub_M

Vulnerability Status
PUBLISHED

Published Version
2023-11-06T17:13:45.821Z

Last Modified Date
2023-11-06T17:13:45.821Z

Weakness Enumerations

CWE	URL
CWE-476	http://cwe.mitre.org/data/definitions/476.html

References

Reference URL	Reference Tags
https://github.com/squid-cache/squid/security/advisories/GHSA-cg5h-v6vc-w33f	x_refsource_CONFIRM
https://github.com/squid-cache/squid/commit/6ea12e8fb590ac6959e9356a81aa3370576568c3	x_refsource_MISC
https://security.netapp.com/advisory/ntap-20231214-0006/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-46728
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46728

History

Created	Old Value	New Value	Data Type	Notes
2024-06-24 22:33:07				Added to TrackCVE