Lucene search

GitHub_MCVE-2023-50269

HistoryDec 14, 2023 - 6:15 p.m.

CVE-2023-50269

2023-12-1418:15:45

CWE-674

GitHub_M

web.nvd.nist.gov

squid

caching proxy

vulnerability

cve-2023-50269

denial of service

http request parsing

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

7.3

Confidence

High

EPSS

0.005

Percentile

75.3%

JSON

Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to perform Denial of Service attack by sending a large X-Forwarded-For header when the follow_x_forwarded_for feature is configured. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid’s patch archives.

Affected configurations

Nvd

Vulners

Node

squid-cachesquidRange3.1–5.9

squid-cachesquidRange6.0.1–6.5

squid-cachesquidMatch2.6

squid-cachesquidMatch2.7-

squid-cachesquidMatch2.7stable1

squid-cachesquidMatch2.7stable2

squid-cachesquidMatch2.7stable3

squid-cachesquidMatch2.7stable4

squid-cachesquidMatch2.7stable5

squid-cachesquidMatch2.7stable6

squid-cachesquidMatch2.7stable7

squid-cachesquidMatch2.7stable8

squid-cachesquidMatch2.7stable9

VendorProductVersionCPE
squid-cachesquid*cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*
squid-cachesquid2.6cpe:2.3:a:squid-cache:squid:2.6:*:*:*:*:*:*:*
squid-cachesquid2.7cpe:2.3:a:squid-cache:squid:2.7:-:*:*:*:*:*:*
squid-cachesquid2.7cpe:2.3:a:squid-cache:squid:2.7:stable1:*:*:*:*:*:*
squid-cachesquid2.7cpe:2.3:a:squid-cache:squid:2.7:stable2:*:*:*:*:*:*
squid-cachesquid2.7cpe:2.3:a:squid-cache:squid:2.7:stable3:*:*:*:*:*:*
squid-cachesquid2.7cpe:2.3:a:squid-cache:squid:2.7:stable4:*:*:*:*:*:*
squid-cachesquid2.7cpe:2.3:a:squid-cache:squid:2.7:stable5:*:*:*:*:*:*
squid-cachesquid2.7cpe:2.3:a:squid-cache:squid:2.7:stable6:*:*:*:*:*:*
squid-cachesquid2.7cpe:2.3:a:squid-cache:squid:2.7:stable7:*:*:*:*:*:*

Vendor	Product	Version	CPE
squid-cache	squid	*	cpe:2.3:a:squid-cache:squid::::::::
squid-cache	squid	2.6	cpe:2.3:a:squid-cache:squid:2.6:::::::*
squid-cache	squid	2.7	cpe:2.3:a:squid-cache:squid:2.7:-::::::
squid-cache	squid	2.7	cpe:2.3:a:squid-cache:squid:2.7:stable1::::::
squid-cache	squid	2.7	cpe:2.3:a:squid-cache:squid:2.7:stable2::::::
squid-cache	squid	2.7	cpe:2.3:a:squid-cache:squid:2.7:stable3::::::
squid-cache	squid	2.7	cpe:2.3:a:squid-cache:squid:2.7:stable4::::::
squid-cache	squid	2.7	cpe:2.3:a:squid-cache:squid:2.7:stable5::::::
squid-cache	squid	2.7	cpe:2.3:a:squid-cache:squid:2.7:stable6::::::
squid-cache	squid	2.7	cpe:2.3:a:squid-cache:squid:2.7:stable7::::::

Rows per page:

1-10 of 121

CNA Affected

[
  {
    "vendor": "squid-cache",
    "product": "squid",
    "versions": [
      {
        "version": ">= 2.6, <= 2.7.STABLE9",
        "status": "affected"
      },
      {
        "version": ">= 3.1, <= 5.9",
        "status": "affected"
      },
      {
        "version": ">= 6.0.1, < 6.6",
        "status": "affected"
      }
    ]
  }
]