Published: 14/12/2023 Updated: 19/01/2024

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 up to and including 2.7.STABLE9, versions 3.1 up to and including 5.9, and versions 6.0.1 up to and including 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to perform Denial of Service attack by sending a large X-Forwarded-For header when the follow_x_forwarded_for feature is configured. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives.

Vulnerable Product	Search on Vulmon	Subscribe to Product
squid-cache squid 2.6
squid-cache squid 2.7
squid-cache squid

Debian Bug report logs - #1058721 squid: CVE-2023-50269: SQUID-2023:10: Denial of Service in HTTP Request parsing Package: src:squid; Maintainer for src:squid is Luigi Gangitano <luigi@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 15 Dec 2023 05:45:02 UTC Severity: grave Tags: security ...

Synopsis Important: squid:4 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the squid:4 module is now available for Red Hat Enterprise Linux 86 Extended Update SupportRed Hat Product Securi ...

Synopsis Important: squid:4 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the squid:4 module is now available for Red Hat Enterprise Linux 82 Advanced Update Support, Red Hat Enterprise Li ...

Synopsis Important: squid:4 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the squid:4 module is now available for Red Hat Enterprise Linux 84 Advanced Mission Critical Update Support, Red ...

Squid is a caching proxy for the Web Due to an Uncontrolled Recursion bug in versions 26 through 27STABLE9, versions 31 through 59, and versions 601 through 65, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing This problem allows a remote client to perform Denial of Service attack by sending a large X-For ...

DescriptionA flaw was found in Squid, which is susceptible to a Denial of Service (DoS) due to an Uncontrolled Recursion bug, specifically targeting HTTP Request parsing Exploiting this issue involves a remote client initiating a DoS attack by sending an oversized X-Forwarded-For header when the follow_x_forwarded_for feature is configured ...

CWE-674 https://github.com/squid-cache/squid/security/advisories/GHSA-wgq4-4cfg-c4x3 http://www.squid-cache.org/Versions/v5/SQUID-2023_10.patch http://www.squid-cache.org/Versions/v6/SQUID-2023_10.patch https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html https://security.netapp.com/advisory/ntap-20240119-0005/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058721 https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALAS-2024-2445.html

Get Started

CVE-2023-50269

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect