CVE-2023-49285

2023-12-0400:00:00

ubuntu.com

cve-2023-49285

buffer overread bug

denial of service

squid

upgrade

unix

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

6.8

Confidence

High

EPSS

0.015

Percentile

86.8%

JSON

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more.
Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service
attack against Squid HTTP Message processing. This bug is fixed by Squid
version 6.5. Users are advised to upgrade. There are no known workarounds
for this vulnerability.

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchsquid< 4.10-1ubuntu1.9UNKNOWN
ubuntu22.04noarchsquid< 5.7-0ubuntu0.22.04.3UNKNOWN
ubuntu23.04noarchsquid< 5.7-1ubuntu3.2UNKNOWN
ubuntu23.10noarchsquid< 6.1-2ubuntu1.2UNKNOWN
ubuntu24.04noarchsquid< 6.5-1ubuntu1UNKNOWN
ubuntu18.04noarchsquid3< 3.5.27-1ubuntu1.14+esm2UNKNOWN
ubuntu16.04noarchsquid3< 3.5.12-1ubuntu7.16+esm3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	20.04	noarch	squid	< 4.10-1ubuntu1.9	UNKNOWN
ubuntu	22.04	noarch	squid	< 5.7-0ubuntu0.22.04.3	UNKNOWN
ubuntu	23.04	noarch	squid	< 5.7-1ubuntu3.2	UNKNOWN
ubuntu	23.10	noarch	squid	< 6.1-2ubuntu1.2	UNKNOWN
ubuntu	24.04	noarch	squid	< 6.5-1ubuntu1	UNKNOWN
ubuntu	18.04	noarch	squid3	< 3.5.27-1ubuntu1.14+esm2	UNKNOWN
ubuntu	16.04	noarch	squid3	< 3.5.12-1ubuntu7.16+esm3	UNKNOWN