CVE-2023-49285

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-49285
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-49285.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-49285
Aliases
  • GHSA-8w9r-p88v-mmx9
Related
Published
2023-12-04T23:15:27Z
Modified
2024-09-18T03:24:37.946418Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

References

Affected packages

Alpine:v3.19 / squid

Package

Name
squid
Purl
pkg:apk/alpine/squid?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.5-r0

Affected versions

2.*

2.7.6-r0
2.7.6-r1
2.7.6-r2
2.7.6-r3
2.7.6-r4
2.7.6-r5
2.7.6-r6
2.7.6-r7
2.7.6-r8
2.7.6-r9
2.7.6-r10
2.7.6-r11
2.7.6-r12
2.7.7-r0
2.7.7-r1
2.7.7-r2
2.7.7-r3
2.7.7-r4
2.7.7-r5
2.7.9-r0
2.7.9-r1
2.7.9-r2
2.7.9-r3
2.7.9-r4

3.*

3.2.0.12-r1
3.2.0.12-r2
3.2.0.12-r3
3.2.0.12-r4
3.2.0.13-r0
3.2.0.16-r0
3.2.0.17-r0
3.2.0.17-r1
3.2.0.17-r2
3.2.0.18-r0
3.2.0.18-r1
3.2.0.19-r0
3.2.0.19-r1
3.2.2-r0
3.2.3-r0
3.2.4-r0
3.2.5-r0
3.2.6-r0
3.2.6-r1
3.2.7-r1
3.2.7-r2
3.3.2-r0
3.3.3-r0
3.3.4-r0
3.3.5-r0
3.3.6-r0
3.3.7-r0
3.3.8-r0
3.3.8-r1
3.3.9-r0
3.3.10-r0
3.3.11-r0
3.3.11-r1
3.4.5-r0
3.4.6-r0
3.4.6-r1
3.4.7-r0
3.4.8-r0
3.4.9-r0
3.4.10-r0
3.4.11-r0
3.4.12-r0
3.5.2-r0
3.5.2-r1
3.5.3-r0
3.5.4-r0
3.5.4-r1
3.5.5-r0
3.5.6-r0
3.5.6-r1
3.5.7-r0
3.5.8-r0
3.5.10-r0
3.5.11-r0
3.5.12-r0
3.5.13-r0
3.5.14-r0
3.5.14-r1
3.5.15-r0
3.5.15-r1
3.5.16-r0
3.5.17-r0
3.5.17-r1
3.5.19-r0
3.5.19-r1
3.5.20-r0
3.5.20-r1
3.5.20-r2
3.5.22-r0
3.5.23-r0
3.5.23-r1
3.5.23-r2
3.5.23-r3
3.5.23-r4
3.5.27-r0
3.5.27-r1
3.5.27-r2
3.5.28-r0

4.*

4.2-r0
4.2-r1
4.4-r0
4.4-r1
4.6-r0
4.6-r1
4.8-r0
4.8-r1
4.9-r0
4.10-r0
4.11-r0
4.12-r0
4.13-r0

5.*

5.0.4-r0
5.0.4-r1
5.0.5-r0
5.0.6-r0
5.0.7-r0
5.0.7-r1
5.1-r0
5.1-r1
5.2-r0
5.3-r0
5.4-r0
5.4.1-r0
5.5-r0
5.6-r0
5.6-r1
5.6-r2
5.6-r3
5.7-r0
5.7-r1
5.9-r0
5.9-r1

6.*

6.1-r0
6.2-r0
6.2-r1
6.3-r0
6.4-r0

Alpine:v3.20 / squid

Package

Name
squid
Purl
pkg:apk/alpine/squid?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.5-r0

Affected versions

2.*

2.7.6-r0
2.7.6-r1
2.7.6-r2
2.7.6-r3
2.7.6-r4
2.7.6-r5
2.7.6-r6
2.7.6-r7
2.7.6-r8
2.7.6-r9
2.7.6-r10
2.7.6-r11
2.7.6-r12
2.7.7-r0
2.7.7-r1
2.7.7-r2
2.7.7-r3
2.7.7-r4
2.7.7-r5
2.7.9-r0
2.7.9-r1
2.7.9-r2
2.7.9-r3
2.7.9-r4

3.*

3.2.0.12-r1
3.2.0.12-r2
3.2.0.12-r3
3.2.0.12-r4
3.2.0.13-r0
3.2.0.16-r0
3.2.0.17-r0
3.2.0.17-r1
3.2.0.17-r2
3.2.0.18-r0
3.2.0.18-r1
3.2.0.19-r0
3.2.0.19-r1
3.2.2-r0
3.2.3-r0
3.2.4-r0
3.2.5-r0
3.2.6-r0
3.2.6-r1
3.2.7-r1
3.2.7-r2
3.3.2-r0
3.3.3-r0
3.3.4-r0
3.3.5-r0
3.3.6-r0
3.3.7-r0
3.3.8-r0
3.3.8-r1
3.3.9-r0
3.3.10-r0
3.3.11-r0
3.3.11-r1
3.4.5-r0
3.4.6-r0
3.4.6-r1
3.4.7-r0
3.4.8-r0
3.4.9-r0
3.4.10-r0
3.4.11-r0
3.4.12-r0
3.5.2-r0
3.5.2-r1
3.5.3-r0
3.5.4-r0
3.5.4-r1
3.5.5-r0
3.5.6-r0
3.5.6-r1
3.5.7-r0
3.5.8-r0
3.5.10-r0
3.5.11-r0
3.5.12-r0
3.5.13-r0
3.5.14-r0
3.5.14-r1
3.5.15-r0
3.5.15-r1
3.5.16-r0
3.5.17-r0
3.5.17-r1
3.5.19-r0
3.5.19-r1
3.5.20-r0
3.5.20-r1
3.5.20-r2
3.5.22-r0
3.5.23-r0
3.5.23-r1
3.5.23-r2
3.5.23-r3
3.5.23-r4
3.5.27-r0
3.5.27-r1
3.5.27-r2
3.5.28-r0

4.*

4.2-r0
4.2-r1
4.4-r0
4.4-r1
4.6-r0
4.6-r1
4.8-r0
4.8-r1
4.9-r0
4.10-r0
4.11-r0
4.12-r0
4.13-r0

5.*

5.0.4-r0
5.0.4-r1
5.0.5-r0
5.0.6-r0
5.0.7-r0
5.0.7-r1
5.1-r0
5.1-r1
5.2-r0
5.3-r0
5.4-r0
5.4.1-r0
5.5-r0
5.6-r0
5.6-r1
5.6-r2
5.6-r3
5.7-r0
5.7-r1
5.9-r0
5.9-r1

6.*

6.1-r0
6.2-r0
6.2-r1
6.3-r0
6.4-r0

Debian:11 / squid

Package

Name
squid
Purl
pkg:deb/debian/squid?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.13-10+deb11u3

Affected versions

4.*

4.13-10
4.13-10+deb11u1
4.13-10+deb11u2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / squid

Package

Name
squid
Purl
pkg:deb/debian/squid?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.7-2+deb12u1

Affected versions

5.*

5.7-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / squid

Package

Name
squid
Purl
pkg:deb/debian/squid?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.5-1

Affected versions

5.*

5.7-2

6.*

6.1-1
6.1-2
6.3-1

Ecosystem specific

{
    "urgency": "low"
}

Git / github.com/squid-cache/squid

Affected ranges

Type
GIT
Repo
https://github.com/squid-cache/squid
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

4.*

4.15-20210522-snapshot
4.15-20210523-snapshot
4.15-20210524-snapshot
4.15-20210525-snapshot
4.15-20210527-snapshot

5.*

5.0.6-20210522-snapshot
5.0.6-20210523-snapshot
5.0.6-20210524-snapshot
5.0.6-20210525-snapshot
5.0.6-20210527-snapshot

6.*

6.0.0-20210522-master-snapshot
6.0.0-20210523-master-snapshot
6.0.0-20210524-master-snapshot
6.0.0-20210525-master-snapshot
6.0.0-20210527-master-snapshot

Other

BASIC_TPROXY4
M-staged-PR161
M-staged-PR164
M-staged-PR170
M-staged-PR176
M-staged-PR179
M-staged-PR181
M-staged-PR182
M-staged-PR186
M-staged-PR189
M-staged-PR193
M-staged-PR195
M-staged-PR196
M-staged-PR198
M-staged-PR199
M-staged-PR200
M-staged-PR202
M-staged-PR206
M-staged-PR208
M-staged-PR209
M-staged-PR210
M-staged-PR218
M-staged-PR220
M-staged-PR221
M-staged-PR225
M-staged-PR227
M-staged-PR229
M-staged-PR230
M-staged-PR235
M-staged-PR237
M-staged-PR238
M-staged-PR239
M-staged-PR241
M-staged-PR242
M-staged-PR252
M-staged-PR255
M-staged-PR258
M-staged-PR264
M-staged-PR266
M-staged-PR267
M-staged-PR268
M-staged-PR274
M-staged-PR276
M-staged-PR293
M-staged-PR294
M-staged-PR295
M-staged-PR299
M-staged-PR306
M-staged-PR314
M-staged-PR319
M-staged-PR342
M-staged-PR345
M-staged-PR348
M-staged-PR351
M-staged-PR359
M-staged-PR364
M-staged-PR365
M-staged-PR366
M-staged-PR370
M-staged-PR372
M-staged-PR373
M-staged-PR375
M-staged-PR376
SQUID_3_0_PRE1
SQUID_3_0_PRE2
SQUID_3_0_PRE3
SQUID_3_0_PRE4
SQUID_3_0_PRE5
SQUID_3_0_PRE6
SQUID_3_0_PRE7
SQUID_3_0_RC1
SQUID_3_5_27
SQUID_4_0_1
SQUID_4_0_10
SQUID_4_0_11
SQUID_4_0_12
SQUID_4_0_13
SQUID_4_0_14
SQUID_4_0_15
SQUID_4_0_16
SQUID_4_0_2
SQUID_4_0_3
SQUID_4_0_4
SQUID_4_0_5
SQUID_4_0_6
SQUID_4_0_7
SQUID_4_0_8
SQUID_4_0_9
SQUID_5_0_1
SQUID_5_0_2
SQUID_5_0_3
SQUID_5_0_4
SQUID_5_0_5
SQUID_5_0_6
SQUID_5_0_7
SQUID_5_1
SQUID_5_2
SQUID_5_3
SQUID_5_4_1
SQUID_5_5
SQUID_5_6
SQUID_5_7
SQUID_5_8
SQUID_5_9
SQUID_6_0_1
SQUID_6_0_2
SQUID_6_0_3
SQUID_6_1
SQUID_6_2
SQUID_6_3
SQUID_6_4
for-libecap-v0p1
merge-candidate-3-v1
merge-candidate-3-v2
sourceformat-review-1
take00
take01
take02
take03
take04
take06
take07
take08
take09
take1
take2

BumpSslServerFirst.*

BumpSslServerFirst.take01
BumpSslServerFirst.take02
BumpSslServerFirst.take03
BumpSslServerFirst.take04
BumpSslServerFirst.take05
BumpSslServerFirst.take06
BumpSslServerFirst.take07
BumpSslServerFirst.take08
BumpSslServerFirst.take09
BumpSslServerFirst.take10