Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2023-46724

Published: 01/11/2023 Updated: 29/12/2023
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Squid

Vulnerability Summary

Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 up to and including 5.9 and 6.0 before 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages.

Vulnerable Product Search on Vulmon Subscribe to Product

squid-cache squid

Vendor Advisories

Debian CVElist Bug Report Logs: squid: CVE-2023-46724: SQUID-2023:4 Denial of Service in SSL Certificate validation
Debian Bug report logs - #1055252 squid: CVE-2023-46724: SQUID-2023:4 Denial of Service in SSL Certificate validation Package: src:squid; Maintainer for src:squid is Luigi Gangitano <luigi@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 2 Nov 2023 20:27:01 UTC Severity: grave Tags: secu ...
Red Hat: Important: squid:4 security update
Synopsis Important: squid:4 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the squid:4 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update a ...
Red Hat: Important: squid security update
Synopsis Important: squid security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for squid is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a secu ...
Red Hat: Important: squid:4 security update
Synopsis Important: squid:4 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the squid:4 module is now available for Red Hat Enterprise Linux 86 Extended Update SupportRed Hat Product Securi ...
Red Hat: Important: squid:4 security update
Synopsis Important: squid:4 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the squid:4 module is now available for Red Hat Enterprise Linux 82 Advanced Update Support, Red Hat Enterprise Li ...
Red Hat: Important: squid:4 security update
Synopsis Important: squid:4 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the squid:4 module is now available for Red Hat Enterprise Linux 84 Advanced Mission Critical Update Support, Red ...
Amazon Linux 2: ALAS-2023-2354
Squid is a caching proxy for the Web Due to an Improper Validation of Specified Index bug, Squid versions 3301 through 59 and 60 prior to 64 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation This problem allows a remote server to perform Denial of Service against Squid Proxy by i ...
Amazon Linux AMI: ALAS-2023-1886
Squid is a caching proxy for the Web Due to an Improper Validation of Specified Index bug, Squid versions 3301 through 59 and 60 prior to 64 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation This problem allows a remote server to perform Denial of Service against Squid Proxy by i ...
Red Hat:
Description<!---->A flaw was found in Squid Due to an improper validation of the specified index bug, Squid compiled using `--with-openssl` is vulnerable to a denial of service attack against SSL Certificate validation This flaw allows a remote server to perform a denial of service against the Squid Proxy by initiating a TLS Handshake with a spec ...

References

CWE-295https://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3http://www.squid-cache.org/Versions/v6/SQUID-2023_4.patchhttp://www.squid-cache.org/Versions/v5/SQUID-2023_4.patchhttps://github.com/squid-cache/squid/commit/b70f864940225dfe69f9f653f948e787f99c3810https://security.netapp.com/advisory/ntap-20231208-0001/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055252https://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2023-2354.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111CVE-2024-32884IDORCVE-2023-1000CVE-2024-33260CVE-2024-3682reflected XSSrace conditionCVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook