CVE-2023-49285

Updated: 2024-11-24 04:20:26.601606

Description:

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 7.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

AlmaLinux 9.2 ESU squid 5.5 7.5 HIGH Released CLSA-2025:1736503631 2025-01-10 22:42:58
CentOS 6 ELS squid 3.1.23 7.5 HIGH Released CLSA-2023:1703183411 2024-01-05 08:38:11
CentOS 6 ELS squid34 3.4.14 7.5 HIGH Released CLSA-2023:1703183242 2024-01-05 08:38:14
CentOS 8.4 ELS squid 4.11-4 7.5 HIGH Released CLSA-2023:1703181485 2023-12-21 13:08:46
CentOS 8.5 ELS squid 4.15-1 7.5 HIGH Released CLSA-2023:1703182573 2023-12-21 16:09:19
CloudLinux 6 ELS squid34 3.4.14 7.5 HIGH Released CLSA-2023:1703183740 2024-01-05 08:38:13
CloudLinux 6 ELS squid 3.1.23 7.5 HIGH Released CLSA-2023:1703183829 2024-01-05 08:38:11
Oracle Linux 6 ELS squid34 3.4.14 7.5 HIGH Released CLSA-2023:1703184036 2023-12-21 16:09:24
Oracle Linux 6 ELS squid 3.1.23 7.5 HIGH Released CLSA-2023:1703184171 2023-12-21 16:09:15
Ubuntu 16.04 ELS squid 3.5.12-1 7.5 HIGH Released CLSA-2023:1703184270 2023-12-21 16:09:20
Total: 11