CVE-2023-49286

CVSS V2 None CVSS V3 None

Description

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Overview

CVE ID
CVE-2023-49286

Assigner
GitHub_M

Vulnerability Status
PUBLISHED

Published Version
2023-12-04T22:53:44.827Z

Last Modified Date
2023-12-04T22:53:44.827Z

Weakness Enumerations

CWE	URL
CWE-617	http://cwe.mitre.org/data/definitions/617.html
CWE-253	http://cwe.mitre.org/data/definitions/253.html

References

Reference URL	Reference Tags
https://github.com/squid-cache/squid/security/advisories/GHSA-xggx-9329-3c27	x_refsource_CONFIRM
https://github.com/squid-cache/squid/commit/6014c6648a2a54a4ecb7f952ea1163e0798f9264	x_refsource_MISC
http://www.squid-cache.org/Versions/v6/SQUID-2023_8.patch	x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/
https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html
https://security.netapp.com/advisory/ntap-20240119-0004/

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-49286
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49286

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 12:40:44				Added to TrackCVE