Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with "collapsed_forwarding on" are vulnerable. Configurations with "collapsed_forwarding off" or without a "collapsed_forwarding" directive are not vulnerable. This bug is fixed by Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should remove all collapsed_forwarding lines from their squid.conf.
References
Configurations
History
19 Jan 2024, 16:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
29 Dec 2023, 03:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
08 Dec 2023, 17:29
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
| First Time |
Squid-cache
Squid-cache squid |
|
| References | () https://github.com/squid-cache/squid/security/advisories/GHSA-rj5h-46j6-q2g5 - Vendor Advisory | |
| CPE | cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:* |
04 Dec 2023, 23:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-12-04 23:15
Updated : 2024-01-19 16:15
NVD link : CVE-2023-49288
Mitre link : CVE-2023-49288
CVE.ORG link : CVE-2023-49288
JSON object : View
Products Affected
squid-cache
- squid
CWE
CWE-416
Use After Free