CVE-2023-46728

Updated: 2023-12-29 02:46:24.045273

Description:

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 7.5

Status

OS name Project name Version Score Severity Status Errata Last updated
CentOS 6 ELS squid 3.1.23 7.5 HIGH Released CLSA-2023:1702496332 2023-12-25 16:10:20
CentOS 6 ELS squid34 3.4.14 7.5 HIGH Released CLSA-2023:1702496473 2023-12-25 16:10:21
CentOS 8.4 ELS squid 4.11-4 7.5 HIGH Released CLSA-2023:1702495324 2023-12-13 16:11:33
CentOS 8.5 ELS squid 4.15-1 7.5 HIGH Released CLSA-2023:1702495594 2023-12-13 16:11:32
CloudLinux 6 ELS squid34 3.4.14 7.5 HIGH Released CLSA-2023:1702496177 2023-12-26 16:10:11
CloudLinux 6 ELS squid 3.1.23 7.5 HIGH Released CLSA-2023:1702496037 2023-12-26 16:10:11
Oracle Linux 6 ELS squid34 3.4.14 7.5 HIGH Released CLSA-2023:1702495907 2023-12-13 16:11:33
Oracle Linux 6 ELS squid 3.1.23 7.5 HIGH Released CLSA-2023:1702495796 2023-12-13 16:11:29
Ubuntu 16.04 ELS squid 3.5.12-1 7.5 HIGH Released CLSA-2023:1702420408 2023-12-12 20:39:33
Ubuntu 18.04 ELS squid 3.5.27-1 7.5 HIGH Released CLSA-2023:1702420474 2023-12-12 20:39:34