CVE-2023-49286

EPSS 5.16%
Veröffentlicht 04.12.2023 23:15:27
Zuletzt bearbeitet 21.11.2024 08:33:11
Quelle security-advisories@github.com
Teams Watchlist Login
Unerledigt Login

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 3 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Squid-cache ≫ Squid Version <= 6.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	5.16%	0.894

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
security-advisories@github.com	8.6	3.9	4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE-253 Incorrect Check of Function Return Value

The product incorrectly checks a return value from a function, which prevents it from detecting errors or exceptional conditions.

CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

CWE-754 Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/

https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html

https://security.netapp.com/advisory/ntap-20240119-0004/

http://www.squid-cache.org/Versions/v6/SQUID-2023_8.patch

Broken Link

https://github.com/squid-cache/squid/commit/6014c6648a2a54a4ecb7f952ea1163e0798f9264

Patch

https://github.com/squid-cache/squid/security/advisories/GHSA-xggx-9329-3c27

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-49286

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-49286

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-49286

EUVD