CVE-2023-49286

moderate-risk
Published 2023-12-04

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Do I need to act?

~
1.9% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.6/10 High
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Squid-Cache

References (14)

Broken Link http://www.squid-cache.org/Versions/v6/SQUID-2023_8.patch
Patch https://github.com/squid-cache/squid/commit/6014c6648a2a54a4ecb7f952ea1163e0798f...
Vendor Advisory https://github.com/squid-cache/squid/security/advisories/GHSA-xggx-9329-3c27
https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproje...
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproje...
https://security.netapp.com/advisory/ntap-20240119-0004/
Broken Link http://www.squid-cache.org/Versions/v6/SQUID-2023_8.patch
Patch https://github.com/squid-cache/squid/commit/6014c6648a2a54a4ecb7f952ea1163e0798f...
Vendor Advisory https://github.com/squid-cache/squid/security/advisories/GHSA-xggx-9329-3c27
https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproje...
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproje...
https://security.netapp.com/advisory/ntap-20240119-0004/
39
/ 100
moderate-risk
Severity 29/34 · Critical
Exploitability 5/34 · Minimal
Exposure 5/34 · Minimal