CVE-2023-5824

Updated: 2024-05-10 05:20:32.682205

Description:

Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 7.5

Status

OS name Project name Version Score Severity Status Errata Last updated
CentOS 6 ELS squid34 3.4.14 7.5 HIGH Needs Triage 2024-01-30 13:10:56
CentOS 6 ELS squid 3.1.23 7.5 HIGH Ignored 2024-05-09 10:11:56
CentOS 8.4 ELS squid 4.11-4 7.5 HIGH In Progress 2024-07-08 10:25:40
CentOS 8.5 ELS squid 4.15-1 7.5 HIGH In Progress 2024-07-08 10:25:40
CloudLinux 6 ELS squid34 3.4.14 7.5 HIGH Needs Triage 2024-01-30 13:10:56
CloudLinux 6 ELS squid 3.1.23 7.5 HIGH Ignored 2024-05-09 10:11:55
Oracle Linux 6 ELS squid 3.1.23 7.5 HIGH Ignored 2024-05-09 10:11:55
Oracle Linux 6 ELS squid34 3.4.14 7.5 HIGH Needs Triage 2024-01-30 13:10:56
Ubuntu 16.04 ELS squid 3.5.12-1 7.5 HIGH Ignored 2024-05-09 10:12:00
Ubuntu 18.04 ELS squid 3.5.27-1 7.5 HIGH Ignored 2024-05-09 10:12:00

Statement

We have reasoned not to port this fix because of the extremely high complexity of the changes. There difference between the version 3 and 6 is too big for a safe backport.