CVE-2023-50269

CVSS V2 None CVSS V3 None

Description

Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to perform Denial of Service attack by sending a large X-Forwarded-For header when the follow_x_forwarded_for feature is configured. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives.

Overview

CVE ID
CVE-2023-50269

Assigner
GitHub_M

Vulnerability Status
PUBLISHED

Published Version
2023-12-14T17:09:25.168Z

Last Modified Date
2023-12-14T17:09:25.168Z

Weakness Enumerations

CWE	URL
CWE-674	http://cwe.mitre.org/data/definitions/674.html

References

Reference URL	Reference Tags
https://github.com/squid-cache/squid/security/advisories/GHSA-wgq4-4cfg-c4x3	x_refsource_CONFIRM
http://www.squid-cache.org/Versions/v5/SQUID-2023_10.patch	x_refsource_MISC
http://www.squid-cache.org/Versions/v6/SQUID-2023_10.patch	x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/
https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html
https://security.netapp.com/advisory/ntap-20240119-0005/

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-50269
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50269

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 18:11:07				Added to TrackCVE