Vulnerability-Lookup

CVE-2023-5824 (GCVE-0-2023-5824)

Vulnerability from cvelistv5 – Published: 2023-11-03 07:56 – Updated: 2025-11-06 20:51

Title

Squid: dos against http and https

Summary

A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk cache, resulting in a denial of service.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-755 - Improper Handling of Exceptional Conditions

Assigner

redhat

References

11 references

URL	Tags
https://access.redhat.com/errata/RHSA-2023:7465	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:7668	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0072	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0397	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0771	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0772	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0773	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1153	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-5824	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2245914	issue-trackingx_refsource_REDHAT
https://github.com/squid-cache/squid/security/adv…

Impacted products

14 products

Vendor	Product	Version
Red Hat	Red Hat Enterprise Linux 8	Unaffected: 8090020231130092412.a75119d5 , < * (rpm) cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat	Red Hat Enterprise Linux 8.2 Advanced Update Support	Unaffected: 8020020240122164331.4cda2c84 , < * (rpm) cpe:/a:redhat:rhel_tus:8.2::appstream cpe:/a:redhat:rhel_e4s:8.2::appstream cpe:/a:redhat:rhel_aus:8.2::appstream
Red Hat	Red Hat Enterprise Linux 8.2 Telecommunications Update Service	Unaffected: 8020020240122164331.4cda2c84 , < * (rpm) cpe:/a:redhat:rhel_tus:8.2::appstream cpe:/a:redhat:rhel_e4s:8.2::appstream cpe:/a:redhat:rhel_aus:8.2::appstream
Red Hat	Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions	Unaffected: 8020020240122164331.4cda2c84 , < * (rpm) cpe:/a:redhat:rhel_tus:8.2::appstream cpe:/a:redhat:rhel_e4s:8.2::appstream cpe:/a:redhat:rhel_aus:8.2::appstream
Red Hat	Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Unaffected: 8040020240122165847.522a0ee4 , < * (rpm) cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream
Red Hat	Red Hat Enterprise Linux 8.4 Telecommunications Update Service	Unaffected: 8040020240122165847.522a0ee4 , < * (rpm) cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream
Red Hat	Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	Unaffected: 8040020240122165847.522a0ee4 , < * (rpm) cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream
Red Hat	Red Hat Enterprise Linux 8.6 Extended Update Support	Unaffected: 8060020231222131040.ad008a3a , < * (rpm) cpe:/a:redhat:rhel_eus:8.6::appstream
Red Hat	Red Hat Enterprise Linux 8.8 Extended Update Support	Unaffected: 8080020231222130009.63b34585 , < * (rpm) cpe:/a:redhat:rhel_eus:8.8::appstream
Red Hat	Red Hat Enterprise Linux 9	Unaffected: 7:5.5-6.el9_3.2 , < * (rpm) cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 9.0 Extended Update Support	Unaffected: 7:5.2-1.el9_0.4 , < * (rpm) cpe:/a:redhat:rhel_eus:9.0::appstream
Red Hat	Red Hat Enterprise Linux 9.2 Extended Update Support	Unaffected: 7:5.5-5.el9_2.3 , < * (rpm) cpe:/a:redhat:rhel_eus:9.2::appstream
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7

Date Public ?

2023-10-19 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T18:08:10.691Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2023:7465",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:7465"
          },
          {
            "name": "RHSA-2023:7668",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2023:7668"
          },
          {
            "name": "RHSA-2024:0072",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0072"
          },
          {
            "name": "RHSA-2024:0397",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0397"
          },
          {
            "name": "RHSA-2024:0771",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0771"
          },
          {
            "name": "RHSA-2024:0772",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0772"
          },
          {
            "name": "RHSA-2024:0773",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0773"
          },
          {
            "name": "RHSA-2024:1153",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1153"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-5824"
          },
          {
            "name": "RHBZ#2245914",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245914"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20231130-0003/"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00027.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "squid:4",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8090020231130092412.a75119d5",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_tus:8.2::appstream",
            "cpe:/a:redhat:rhel_e4s:8.2::appstream",
            "cpe:/a:redhat:rhel_aus:8.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "squid:4",
          "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8020020240122164331.4cda2c84",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_tus:8.2::appstream",
            "cpe:/a:redhat:rhel_e4s:8.2::appstream",
            "cpe:/a:redhat:rhel_aus:8.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "squid:4",
          "product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8020020240122164331.4cda2c84",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_tus:8.2::appstream",
            "cpe:/a:redhat:rhel_e4s:8.2::appstream",
            "cpe:/a:redhat:rhel_aus:8.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "squid:4",
          "product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8020020240122164331.4cda2c84",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.4::appstream",
            "cpe:/a:redhat:rhel_tus:8.4::appstream",
            "cpe:/a:redhat:rhel_aus:8.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "squid:4",
          "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8040020240122165847.522a0ee4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.4::appstream",
            "cpe:/a:redhat:rhel_tus:8.4::appstream",
            "cpe:/a:redhat:rhel_aus:8.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "squid:4",
          "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8040020240122165847.522a0ee4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.4::appstream",
            "cpe:/a:redhat:rhel_tus:8.4::appstream",
            "cpe:/a:redhat:rhel_aus:8.4::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "squid:4",
          "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8040020240122165847.522a0ee4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "squid:4",
          "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8060020231222131040.ad008a3a",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:8.8::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "squid:4",
          "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "8080020231222130009.63b34585",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "squid",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "7:5.5-6.el9_3.2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.0::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "squid",
          "product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "7:5.2-1.el9_0.4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.2::appstream"
          ],
          "defaultStatus": "affected",
          "packageName": "squid",
          "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "7:5.5-5.el9_2.3",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "affected",
          "packageName": "squid",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "affected",
          "packageName": "squid",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2023-10-19T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk cache, resulting in a denial of service."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-755",
              "description": "Improper Handling of Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-06T20:51:27.614Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2023:7465",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2023:7465"
        },
        {
          "name": "RHSA-2023:7668",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2023:7668"
        },
        {
          "name": "RHSA-2024:0072",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0072"
        },
        {
          "name": "RHSA-2024:0397",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0397"
        },
        {
          "name": "RHSA-2024:0771",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0771"
        },
        {
          "name": "RHSA-2024:0772",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0772"
        },
        {
          "name": "RHSA-2024:0773",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0773"
        },
        {
          "name": "RHSA-2024:1153",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1153"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-5824"
        },
        {
          "name": "RHBZ#2245914",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245914"
        },
        {
          "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-10-24T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-10-19T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Squid: dos against http and https",
      "workarounds": [
        {
          "lang": "en",
          "value": "Disabling the disk caching mechanism will mitigate this vulnerability. To achieve this, remove all the \u0027cache_dir\u0027 directives from the Squid configuration, typically in the /etc/squid/squid.conf file."
        }
      ],
      "x_redhatCweChain": "CWE-755: Improper Handling of Exceptional Conditions"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-5824",
    "datePublished": "2023-11-03T07:56:36.369Z",
    "dateReserved": "2023-10-27T09:37:47.593Z",
    "dateUpdated": "2025-11-06T20:51:27.614Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-5824",
      "date": "2026-05-19",
      "epss": "0.01879",
      "percentile": "0.83356"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"6.4\", \"matchCriteriaId\": \"1D384D1F-2A05-4EE0-9CB8-C83FDC53F608\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4CFF558-3C47-480D-A2F0-BABF26042943\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7F6FB57C-2BC7-487C-96DD-132683AEB35D\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk cache, resulting in a denial of service.\"}, {\"lang\": \"es\", \"value\": \"Squid es vulnerable a ataques de Denegaci\\u00f3n de Servicio contra clientes HTTP y HTTPS debido a un error en el manejo inadecuado de elementos estructurales.\"}]",
      "id": "CVE-2023-5824",
      "lastModified": "2024-11-21T08:42:34.053",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
      "published": "2023-11-03T08:15:08.270",
      "references": "[{\"url\": \"https://access.redhat.com/errata/RHSA-2023:7465\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7668\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:0072\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:0397\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:0771\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:0772\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:0773\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:1153\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2023-5824\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2245914\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7465\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2023:7668\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:0072\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:0397\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:0771\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:0772\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:0773\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:1153\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2023-5824\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2245914\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20231130-0003/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-755\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-755\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-5824\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2023-11-03T08:15:08.270\",\"lastModified\":\"2025-11-03T19:15:42.437\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk cache, resulting in a denial of service.\"},{\"lang\":\"es\",\"value\":\"Squid es vulnerable a ataques de Denegaci\u00f3n de Servicio contra clientes HTTP y HTTPS debido a un error en el manejo inadecuado de elementos estructurales.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-755\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-755\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.4\",\"matchCriteriaId\":\"1D384D1F-2A05-4EE0-9CB8-C83FDC53F608\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F6FB57C-2BC7-487C-96DD-132683AEB35D\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7465\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7668\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:0072\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:0397\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:0771\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:0772\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:0773\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:1153\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2023-5824\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2245914\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7465\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7668\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:0072\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:0397\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:0771\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:0772\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:0773\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:1153\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2023-5824\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2245914\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/09/msg00027.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20231130-0003/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTFR-2024-AVI-0354

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Qnap. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Qnap	N/A	QuTScloud versions c5.x antérieures à c5.1.5.2651
Qnap	QTS	QTS versions 5.1.x antérieures à 5.1.6.2722 build 20240402
Qnap	QTS	QTS versions 4.5.x antérieures à 4.5.4.2627 build 20231225
Qnap	QuTS hero	QuTS hero versions h4.5.x antérieures à h4.5.4.2626 build 20231225
Qnap	N/A	myQNAPcloud versions 1.0.x antérieures à 1.0.52
Qnap	N/A	Proxy Server versions 1.4.x antérieures à 1.4.6
Qnap	N/A	myQNAPcloud Link versions 2.4.x antérieures à 2.4.51
Qnap	N/A	Media Streaming add-on versions 500.1.x antérieures à 500.1.1.5
Qnap	QuTS hero	QuTS hero versions h5.1.x antérieures à h5.1.6.2734 build 20240414
Qnap	N/A	QuFirewall versions 2.4.x antérieures à 2.4.1

References

Title

Publication Time

CERTFR-2024-AVI-0354

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Qnap	N/A	QuTScloud versions c5.x antérieures à c5.1.5.2651
Qnap	QTS	QTS versions 5.1.x antérieures à 5.1.6.2722 build 20240402
Qnap	QTS	QTS versions 4.5.x antérieures à 4.5.4.2627 build 20231225
Qnap	QuTS hero	QuTS hero versions h4.5.x antérieures à h4.5.4.2626 build 20231225
Qnap	N/A	myQNAPcloud versions 1.0.x antérieures à 1.0.52
Qnap	N/A	Proxy Server versions 1.4.x antérieures à 1.4.6
Qnap	N/A	myQNAPcloud Link versions 2.4.x antérieures à 2.4.51
Qnap	N/A	Media Streaming add-on versions 500.1.x antérieures à 500.1.1.5
Qnap	QuTS hero	QuTS hero versions h5.1.x antérieures à h5.1.6.2734 build 20240414
Qnap	N/A	QuFirewall versions 2.4.x antérieures à 2.4.1

References

Title

Publication Time

alsa-2023:7465

Vulnerability from osv_almalinux

Published

2023-11-22 00:00

Modified

2023-11-23 08:38

Summary

Important: squid security update

Details

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.

Security Fix(es):

squid: DoS against HTTP and HTTPS (CVE-2023-5824)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2023:7465	ADVISORY
	https://access.redhat.com/security/cve/CVE-2023-5824	REPORT
	https://bugzilla.redhat.com/2245914	REPORT
	https://errata.almalinux.org/9/ALSA-2023-7465.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "squid"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7:5.5-6.el9_3.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.\n\nSecurity Fix(es):\n\n* squid: DoS against HTTP and HTTPS (CVE-2023-5824)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2023:7465",
  "modified": "2023-11-23T08:38:27Z",
  "published": "2023-11-22T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2023:7465"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-5824"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2245914"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2023-7465.html"
    }
  ],
  "related": [
    "CVE-2023-5824"
  ],
  "summary": "Important: squid security update"
}

alsa-2023:7668

Vulnerability from osv_almalinux

Published

2023-12-06 00:00

Modified

2023-12-14 08:59

Summary

Important: squid:4 security update

Details

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.

Security Fix(es):

squid: DoS against HTTP and HTTPS (CVE-2023-5824)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2023:7668	ADVISORY
	https://access.redhat.com/security/cve/CVE-2023-5824	REPORT
	https://bugzilla.redhat.com/2245914	REPORT
	https://errata.almalinux.org/8/ALSA-2023-7668.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libecap"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.1-2.module_el8.6.0+2741+01592ae8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libecap"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.1-2.module_el8.6.0+3048+383bc947"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libecap-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.1-2.module_el8.6.0+2741+01592ae8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "libecap-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.1-2.module_el8.6.0+3048+383bc947"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "squid"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "7:4.15-7.module_el8.9.0+3696+b881db49.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.\n\nSecurity Fix(es):\n\n* squid: DoS against HTTP and HTTPS (CVE-2023-5824)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2023:7668",
  "modified": "2023-12-14T08:59:00Z",
  "published": "2023-12-06T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2023:7668"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-5824"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2245914"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2023-7668.html"
    }
  ],
  "related": [
    "CVE-2023-5824"
  ],
  "summary": "Important: squid:4 security update"
}

BDU:2023-08061

Vulnerability from fstec - Published: 03.11.2023

Title

Уязвимость прокси-сервера Squid, связана с неправильным обращением с исключительными условиями и неконтролируемым потреблением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость прокси-сервера Squid связанная с ограничениями, применяемыми для проверки заголовков HTTP-ответа перед кэшированием. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vendor

ООО «Ред Софт», АО «ИВК», АО «НТЦ ИТ РОСА», Squid Software Foundation

Software Name

РЕД ОС (запись в едином реестре российских программ №3751), Альт 8 СП (запись в едином реестре российских программ №4305), РОСА ХРОМ (запись в едином реестре российских программ №1607), Squid

Software Version

7.3 (РЕД ОС), - (Альт 8 СП), 12.4 (РОСА ХРОМ), до 6.3 (Squid)

Possible Mitigations

Для Squid: https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255 Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ Для ОС Альт 8 СП (релиз 10): установка обновления из публичного репозитория программного средства Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства Для операционной системы РОСА ХРОМ: https://abf.rosa.ru/advisories/ROSA-SA-2024-2477

Reference

https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255 https://redos.red-soft.ru/support/secure/ https://altsp.su/obnovleniya-bezopasnosti/ https://altsp.su/obnovleniya-bezopasnosti/ https://abf.rosa.ru/advisories/ROSA-SA-2024-2477

CWE

CWE-755

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb, Squid Software Foundation",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7.3 (\u0420\u0415\u0414 \u041e\u0421), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), 12.4 (\u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c), \u0434\u043e 6.3 (Squid)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f Squid:\nhttps://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0440\u0435\u043b\u0438\u0437 10): \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\n\n\u0414\u043b\u044f \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c: https://abf.rosa.ru/advisories/ROSA-SA-2024-2477",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "03.11.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "05.03.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "22.11.2023",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-08061",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-5824",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "\u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161607), Squid",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f -  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c 12.4  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161607)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u043a\u0441\u0438-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 Squid, \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u043c \u043e\u0431\u0440\u0430\u0449\u0435\u043d\u0438\u0435\u043c \u0441 \u0438\u0441\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u043c\u0438 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u043c\u0438 \u0438 \u043d\u0435\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u043c \u043f\u043e\u0442\u0440\u0435\u0431\u043b\u0435\u043d\u0438\u0435\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0430 \u0438\u0441\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0439 (CWE-755)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u043a\u0441\u0438-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 Squid \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f\u043c\u0438, \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u0435\u043c\u044b\u043c\u0438 \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043a\u043e\u0432 HTTP-\u043e\u0442\u0432\u0435\u0442\u0430 \u043f\u0435\u0440\u0435\u0434 \u043a\u044d\u0448\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435\u043c. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u0441\u0447\u0435\u0440\u043f\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255\nhttps://redos.red-soft.ru/support/secure/\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://abf.rosa.ru/advisories/ROSA-SA-2024-2477",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-755",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

FKIE_CVE-2023-5824

Vulnerability from fkie_nvd - Published: 2023-11-03 08:15 - Updated: 2025-11-03 19:15

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2023:7465
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2023:7668
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:0072
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:0397
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:0771
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:0772
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:0773
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:1153
secalert@redhat.com	https://access.redhat.com/security/cve/CVE-2023-5824	Third Party Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=2245914	Issue Tracking
secalert@redhat.com	https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2023:7465
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2023:7668
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2024:0072
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2024:0397
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2024:0771
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2024:0772
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2024:0773
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2024:1153
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/security/cve/CVE-2023-5824	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=2245914	Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2025/09/msg00027.html
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20231130-0003/

Impacted products

Vendor	Product	Version
squid-cache	squid	*
redhat	enterprise_linux	6.0
redhat	enterprise_linux	7.0
redhat	enterprise_linux	8.0
redhat	enterprise_linux	9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D384D1F-2A05-4EE0-9CB8-C83FDC53F608",
              "versionEndExcluding": "6.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk cache, resulting in a denial of service."
    },
    {
      "lang": "es",
      "value": "Squid es vulnerable a ataques de Denegaci\u00f3n de Servicio contra clientes HTTP y HTTPS debido a un error en el manejo inadecuado de elementos estructurales."
    }
  ],
  "id": "CVE-2023-5824",
  "lastModified": "2025-11-03T19:15:42.437",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-11-03T08:15:08.270",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2023:7465"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2023:7668"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:0072"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:0397"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:0771"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:0772"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:0773"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:1153"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2023-5824"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245914"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2023:7465"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2023:7668"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:0072"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:0397"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:0771"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:0772"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:0773"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:1153"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2023-5824"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245914"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00027.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20231130-0003/"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-755"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-755"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2023-5824

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug.

Aliases

CVE-2023-5824

Aliases

CVE-2023-5824

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-5824",
    "id": "GSD-2023-5824"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-5824"
      ],
      "details": "Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug.",
      "id": "GSD-2023-5824",
      "modified": "2023-12-13T01:20:50.645153Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2023-5824",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Red Hat Enterprise Linux 8",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThan": "*",
                                "status": "unaffected",
                                "version": "8090020231130092412.a75119d5",
                                "versionType": "rpm"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThan": "*",
                                "status": "unaffected",
                                "version": "8020020240122164331.4cda2c84",
                                "versionType": "rpm"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThan": "*",
                                "status": "unaffected",
                                "version": "8020020240122164331.4cda2c84",
                                "versionType": "rpm"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThan": "*",
                                "status": "unaffected",
                                "version": "8020020240122164331.4cda2c84",
                                "versionType": "rpm"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThan": "*",
                                "status": "unaffected",
                                "version": "8040020240122165847.522a0ee4",
                                "versionType": "rpm"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThan": "*",
                                "status": "unaffected",
                                "version": "8040020240122165847.522a0ee4",
                                "versionType": "rpm"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThan": "*",
                                "status": "unaffected",
                                "version": "8040020240122165847.522a0ee4",
                                "versionType": "rpm"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThan": "*",
                                "status": "unaffected",
                                "version": "8060020231222131040.ad008a3a",
                                "versionType": "rpm"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThan": "*",
                                "status": "unaffected",
                                "version": "8080020231222130009.63b34585",
                                "versionType": "rpm"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Red Hat Enterprise Linux 9",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThan": "*",
                                "status": "unaffected",
                                "version": "7:5.5-6.el9_3.2",
                                "versionType": "rpm"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThan": "*",
                                "status": "unaffected",
                                "version": "7:5.2-1.el9_0.4",
                                "versionType": "rpm"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThan": "*",
                                "status": "unaffected",
                                "version": "7:5.5-5.el9_2.3",
                                "versionType": "rpm"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Red Hat Enterprise Linux 6",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected"
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Red Hat Enterprise Linux 7",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected"
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Red Hat"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-755",
                "lang": "eng",
                "value": "Improper Handling of Exceptional Conditions"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://access.redhat.com/errata/RHSA-2023:7465",
            "refsource": "MISC",
            "url": "https://access.redhat.com/errata/RHSA-2023:7465"
          },
          {
            "name": "https://access.redhat.com/errata/RHSA-2023:7668",
            "refsource": "MISC",
            "url": "https://access.redhat.com/errata/RHSA-2023:7668"
          },
          {
            "name": "https://access.redhat.com/errata/RHSA-2024:0072",
            "refsource": "MISC",
            "url": "https://access.redhat.com/errata/RHSA-2024:0072"
          },
          {
            "name": "https://access.redhat.com/errata/RHSA-2024:0397",
            "refsource": "MISC",
            "url": "https://access.redhat.com/errata/RHSA-2024:0397"
          },
          {
            "name": "https://access.redhat.com/errata/RHSA-2024:0771",
            "refsource": "MISC",
            "url": "https://access.redhat.com/errata/RHSA-2024:0771"
          },
          {
            "name": "https://access.redhat.com/errata/RHSA-2024:0772",
            "refsource": "MISC",
            "url": "https://access.redhat.com/errata/RHSA-2024:0772"
          },
          {
            "name": "https://access.redhat.com/errata/RHSA-2024:0773",
            "refsource": "MISC",
            "url": "https://access.redhat.com/errata/RHSA-2024:0773"
          },
          {
            "name": "https://access.redhat.com/errata/RHSA-2024:1153",
            "refsource": "MISC",
            "url": "https://access.redhat.com/errata/RHSA-2024:1153"
          },
          {
            "name": "https://access.redhat.com/security/cve/CVE-2023-5824",
            "refsource": "MISC",
            "url": "https://access.redhat.com/security/cve/CVE-2023-5824"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2245914",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245914"
          },
          {
            "name": "https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255",
            "refsource": "MISC",
            "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20231130-0003/",
            "refsource": "MISC",
            "url": "https://security.netapp.com/advisory/ntap-20231130-0003/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "1D384D1F-2A05-4EE0-9CB8-C83FDC53F608",
                    "versionEndExcluding": "6.4",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug."
          },
          {
            "lang": "es",
            "value": "Squid es vulnerable a ataques de Denegaci\u00f3n de Servicio contra clientes HTTP y HTTPS debido a un error en el manejo inadecuado de elementos estructurales."
          }
        ],
        "id": "CVE-2023-5824",
        "lastModified": "2024-04-25T16:15:09.027",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 3.6,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 3.6,
              "source": "secalert@redhat.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2023-11-03T08:15:08.270",
        "references": [
          {
            "source": "secalert@redhat.com",
            "url": "https://access.redhat.com/errata/RHSA-2023:7465"
          },
          {
            "source": "secalert@redhat.com",
            "url": "https://access.redhat.com/errata/RHSA-2023:7668"
          },
          {
            "source": "secalert@redhat.com",
            "url": "https://access.redhat.com/errata/RHSA-2024:0072"
          },
          {
            "source": "secalert@redhat.com",
            "url": "https://access.redhat.com/errata/RHSA-2024:0397"
          },
          {
            "source": "secalert@redhat.com",
            "url": "https://access.redhat.com/errata/RHSA-2024:0771"
          },
          {
            "source": "secalert@redhat.com",
            "url": "https://access.redhat.com/errata/RHSA-2024:0772"
          },
          {
            "source": "secalert@redhat.com",
            "url": "https://access.redhat.com/errata/RHSA-2024:0773"
          },
          {
            "source": "secalert@redhat.com",
            "url": "https://access.redhat.com/errata/RHSA-2024:1153"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-5824"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Issue Tracking"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245914"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255"
          },
          {
            "source": "secalert@redhat.com",
            "url": "https://security.netapp.com/advisory/ntap-20231130-0003/"
          }
        ],
        "sourceIdentifier": "secalert@redhat.com",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-755"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-755"
              }
            ],
            "source": "secalert@redhat.com",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

MSRC_CVE-2023-5824

Vulnerability from csaf_microsoft - Published: 2023-11-01 07:00 - Updated: 2026-02-21 03:37

Summary

Squid: dos against http and https

Notes

Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

CVE-2023-5824

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-755 - Improper Handling of Exceptional Conditions

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 20164-17084		—

Known affected 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 17084-1		—	Vendor Fix fix

References

4 references

URL	Category
https://msrc.microsoft.com/csaf/vex/2023/msrc_cve…	self
https://support.microsoft.com/lifecycle	external
https://www.first.org/cvss	external
https://msrc.microsoft.com/csaf/vex/2023/msrc_cve…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2023-5824 Squid: dos against http and https - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2023/msrc_cve-2023-5824.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "Squid: dos against http and https",
    "tracking": {
      "current_release_date": "2026-02-21T03:37:13.000Z",
      "generator": {
        "date": "2026-02-21T03:57:10.280Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2023-5824",
      "initial_release_date": "2023-11-01T07:00:00.000Z",
      "revision_history": [
        {
          "date": "2025-09-03T22:25:30.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        },
        {
          "date": "2026-02-21T03:37:13.000Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3.0",
                "product": {
                  "name": "Azure Linux 3.0",
                  "product_id": "17084"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cazl3 squid 6.13-1",
                "product": {
                  "name": "\u003cazl3 squid 6.13-1",
                  "product_id": "1"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 squid 6.13-1",
                "product": {
                  "name": "azl3 squid 6.13-1",
                  "product_id": "20164"
                }
              }
            ],
            "category": "product_name",
            "name": "squid"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 squid 6.13-1 as a component of Azure Linux 3.0",
          "product_id": "17084-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 squid 6.13-1 as a component of Azure Linux 3.0",
          "product_id": "20164-17084"
        },
        "product_reference": "20164",
        "relates_to_product_reference": "17084"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-5824",
      "cwe": {
        "id": "CWE-755",
        "name": "Improper Handling of Exceptional Conditions"
      },
      "notes": [
        {
          "category": "general",
          "text": "redhat",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "fixed": [
          "20164-17084"
        ],
        "known_affected": [
          "17084-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-5824 Squid: dos against http and https - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2023/msrc_cve-2023-5824.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-09-03T22:25:30.000Z",
          "details": "Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17084-1"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "environmentalsScore": 0.0,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 7.5,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "17084-1"
          ]
        }
      ],
      "title": "Squid: dos against http and https"
    }
  ]
}

OPENSUSE-SU-2024:13398-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

squid-6.4-1.1 on GA media

Severity

Moderate

Notes

Title of the patch: squid-6.4-1.1 on GA media

Description of the patch: These are all security issues fixed in the squid-6.4-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2024-13398

CVE-2023-46724

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2023-46846

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2023-46847

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2023-46848

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2023-5824

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.x86_64	—	Vendor Fix

Threats

Impact important

References

17 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://www.suse.com/security/cve/CVE-2023-46724/	self
https://www.suse.com/security/cve/CVE-2023-46846/	self
https://www.suse.com/security/cve/CVE-2023-46847/	self
https://www.suse.com/security/cve/CVE-2023-46848/	self
https://www.suse.com/security/cve/CVE-2023-5824/	self
https://www.suse.com/security/cve/CVE-2023-46724	external
https://bugzilla.suse.com/1216803	external
https://www.suse.com/security/cve/CVE-2023-46846	external
https://bugzilla.suse.com/1216500	external
https://www.suse.com/security/cve/CVE-2023-46847	external
https://bugzilla.suse.com/1216495	external
https://www.suse.com/security/cve/CVE-2023-46848	external
https://bugzilla.suse.com/1216498	external
https://www.suse.com/security/cve/CVE-2023-5824	external
https://bugzilla.suse.com/1216496	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "squid-6.4-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the squid-6.4-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-13398",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13398-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-46724 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-46724/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-46846 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-46846/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-46847 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-46847/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-46848 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-46848/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-5824 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-5824/"
      }
    ],
    "title": "squid-6.4-1.1 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:13398-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "squid-6.4-1.1.aarch64",
                "product": {
                  "name": "squid-6.4-1.1.aarch64",
                  "product_id": "squid-6.4-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "squid-6.4-1.1.ppc64le",
                "product": {
                  "name": "squid-6.4-1.1.ppc64le",
                  "product_id": "squid-6.4-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "squid-6.4-1.1.s390x",
                "product": {
                  "name": "squid-6.4-1.1.s390x",
                  "product_id": "squid-6.4-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "squid-6.4-1.1.x86_64",
                "product": {
                  "name": "squid-6.4-1.1.x86_64",
                  "product_id": "squid-6.4-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squid-6.4-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:squid-6.4-1.1.aarch64"
        },
        "product_reference": "squid-6.4-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squid-6.4-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:squid-6.4-1.1.ppc64le"
        },
        "product_reference": "squid-6.4-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squid-6.4-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:squid-6.4-1.1.s390x"
        },
        "product_reference": "squid-6.4-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squid-6.4-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:squid-6.4-1.1.x86_64"
        },
        "product_reference": "squid-6.4-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-46724",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-46724"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": " Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid\u0027s patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:squid-6.4-1.1.aarch64",
          "openSUSE Tumbleweed:squid-6.4-1.1.ppc64le",
          "openSUSE Tumbleweed:squid-6.4-1.1.s390x",
          "openSUSE Tumbleweed:squid-6.4-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-46724",
          "url": "https://www.suse.com/security/cve/CVE-2023-46724"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1216803 for CVE-2023-46724",
          "url": "https://bugzilla.suse.com/1216803"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:squid-6.4-1.1.aarch64",
            "openSUSE Tumbleweed:squid-6.4-1.1.ppc64le",
            "openSUSE Tumbleweed:squid-6.4-1.1.s390x",
            "openSUSE Tumbleweed:squid-6.4-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:squid-6.4-1.1.aarch64",
            "openSUSE Tumbleweed:squid-6.4-1.1.ppc64le",
            "openSUSE Tumbleweed:squid-6.4-1.1.s390x",
            "openSUSE Tumbleweed:squid-6.4-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-46724"
    },
    {
      "cve": "CVE-2023-46846",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-46846"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:squid-6.4-1.1.aarch64",
          "openSUSE Tumbleweed:squid-6.4-1.1.ppc64le",
          "openSUSE Tumbleweed:squid-6.4-1.1.s390x",
          "openSUSE Tumbleweed:squid-6.4-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-46846",
          "url": "https://www.suse.com/security/cve/CVE-2023-46846"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1216500 for CVE-2023-46846",
          "url": "https://bugzilla.suse.com/1216500"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:squid-6.4-1.1.aarch64",
            "openSUSE Tumbleweed:squid-6.4-1.1.ppc64le",
            "openSUSE Tumbleweed:squid-6.4-1.1.s390x",
            "openSUSE Tumbleweed:squid-6.4-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:squid-6.4-1.1.aarch64",
            "openSUSE Tumbleweed:squid-6.4-1.1.ppc64le",
            "openSUSE Tumbleweed:squid-6.4-1.1.s390x",
            "openSUSE Tumbleweed:squid-6.4-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-46846"
    },
    {
      "cve": "CVE-2023-46847",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-46847"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Squid is vulnerable to a Denial of Service,  where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:squid-6.4-1.1.aarch64",
          "openSUSE Tumbleweed:squid-6.4-1.1.ppc64le",
          "openSUSE Tumbleweed:squid-6.4-1.1.s390x",
          "openSUSE Tumbleweed:squid-6.4-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-46847",
          "url": "https://www.suse.com/security/cve/CVE-2023-46847"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1216495 for CVE-2023-46847",
          "url": "https://bugzilla.suse.com/1216495"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:squid-6.4-1.1.aarch64",
            "openSUSE Tumbleweed:squid-6.4-1.1.ppc64le",
            "openSUSE Tumbleweed:squid-6.4-1.1.s390x",
            "openSUSE Tumbleweed:squid-6.4-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:squid-6.4-1.1.aarch64",
            "openSUSE Tumbleweed:squid-6.4-1.1.ppc64le",
            "openSUSE Tumbleweed:squid-6.4-1.1.s390x",
            "openSUSE Tumbleweed:squid-6.4-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-46847"
    },
    {
      "cve": "CVE-2023-46848",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-46848"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Squid is vulnerable to Denial of Service,  where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:squid-6.4-1.1.aarch64",
          "openSUSE Tumbleweed:squid-6.4-1.1.ppc64le",
          "openSUSE Tumbleweed:squid-6.4-1.1.s390x",
          "openSUSE Tumbleweed:squid-6.4-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-46848",
          "url": "https://www.suse.com/security/cve/CVE-2023-46848"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1216498 for CVE-2023-46848",
          "url": "https://bugzilla.suse.com/1216498"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:squid-6.4-1.1.aarch64",
            "openSUSE Tumbleweed:squid-6.4-1.1.ppc64le",
            "openSUSE Tumbleweed:squid-6.4-1.1.s390x",
            "openSUSE Tumbleweed:squid-6.4-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:squid-6.4-1.1.aarch64",
            "openSUSE Tumbleweed:squid-6.4-1.1.ppc64le",
            "openSUSE Tumbleweed:squid-6.4-1.1.s390x",
            "openSUSE Tumbleweed:squid-6.4-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-46848"
    },
    {
      "cve": "CVE-2023-5824",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-5824"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk cache, resulting in a denial of service.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:squid-6.4-1.1.aarch64",
          "openSUSE Tumbleweed:squid-6.4-1.1.ppc64le",
          "openSUSE Tumbleweed:squid-6.4-1.1.s390x",
          "openSUSE Tumbleweed:squid-6.4-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-5824",
          "url": "https://www.suse.com/security/cve/CVE-2023-5824"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1216496 for CVE-2023-5824",
          "url": "https://bugzilla.suse.com/1216496"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:squid-6.4-1.1.aarch64",
            "openSUSE Tumbleweed:squid-6.4-1.1.ppc64le",
            "openSUSE Tumbleweed:squid-6.4-1.1.s390x",
            "openSUSE Tumbleweed:squid-6.4-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:squid-6.4-1.1.aarch64",
            "openSUSE Tumbleweed:squid-6.4-1.1.ppc64le",
            "openSUSE Tumbleweed:squid-6.4-1.1.s390x",
            "openSUSE Tumbleweed:squid-6.4-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-5824"
    }
  ]
}

RHSA-2023:7465

Vulnerability from csaf_redhat - Published: 2023-11-22 17:28 - Updated: 2026-03-18 02:29

Summary

Red Hat Security Advisory: squid security update

Severity

Important

Notes

Topic: An update for squid is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix(es): * squid: DoS against HTTP and HTTPS (CVE-2023-5824) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2023-5824

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-755 - Improper Handling of Exceptional Conditions

Affected products

Fixed 13 products

Product	Version	Remediation
Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2023-49288

A flaw was found in Squid. The use of the HTTP Collapsed Forwarding configuration may allow an attacker to perform a denial of service remotely.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-416 - Use After Free

Affected products

Fixed 13 products

Product	Version	Remediation
Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2025-54574

A heap-based buffer overflow flaw was found in the Squid caching proxy. When processing the Uniform Resource Name (URNs), specific conditions can lead to remote code execution.

8.9 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L

CWE-122 - Heap-based Buffer Overflow

Affected products

Fixed 13 products

Product	Version	Remediation
Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Important

References

20 references

URL	Category
https://access.redhat.com/errata/RHSA-2023:7465	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2245914	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2023-5824	self
https://bugzilla.redhat.com/show_bug.cgi?id=2245914	external
https://www.cve.org/CVERecord?id=CVE-2023-5824	external
https://nvd.nist.gov/vuln/detail/CVE-2023-5824	external
https://github.com/squid-cache/squid/security/adv…	external
https://access.redhat.com/security/cve/CVE-2023-49288	self
https://bugzilla.redhat.com/show_bug.cgi?id=2252918	external
https://www.cve.org/CVERecord?id=CVE-2023-49288	external
https://nvd.nist.gov/vuln/detail/CVE-2023-49288	external
https://access.redhat.com/security/cve/CVE-2025-54574	self
https://bugzilla.redhat.com/show_bug.cgi?id=2386026	external
https://www.cve.org/CVERecord?id=CVE-2025-54574	external
https://nvd.nist.gov/vuln/detail/CVE-2025-54574	external
https://github.com/squid-cache/squid/commit/a27bf…	external
https://github.com/squid-cache/squid/releases/tag…	external
https://github.com/squid-cache/squid/security/adv…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for squid is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.\n\nSecurity Fix(es):\n\n* squid: DoS against HTTP and HTTPS (CVE-2023-5824)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:7465",
        "url": "https://access.redhat.com/errata/RHSA-2023:7465"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2245914",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245914"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7465.json"
      }
    ],
    "title": "Red Hat Security Advisory: squid security update",
    "tracking": {
      "current_release_date": "2026-03-18T02:29:23+00:00",
      "generator": {
        "date": "2026-03-18T02:29:23+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.3"
        }
      },
      "id": "RHSA-2023:7465",
      "initial_release_date": "2023-11-22T17:28:07+00:00",
      "revision_history": [
        {
          "date": "2023-11-22T17:28:07+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-11-22T17:28:07+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-03-18T02:29:23+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream (v. 9)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream (v. 9)",
                  "product_id": "AppStream-9.3.0.Z.MAIN",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "squid-7:5.5-6.el9_3.2.src",
                "product": {
                  "name": "squid-7:5.5-6.el9_3.2.src",
                  "product_id": "squid-7:5.5-6.el9_3.2.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/squid@5.5-6.el9_3.2?arch=src\u0026epoch=7"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "squid-7:5.5-6.el9_3.2.aarch64",
                "product": {
                  "name": "squid-7:5.5-6.el9_3.2.aarch64",
                  "product_id": "squid-7:5.5-6.el9_3.2.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/squid@5.5-6.el9_3.2?arch=aarch64\u0026epoch=7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "squid-debugsource-7:5.5-6.el9_3.2.aarch64",
                "product": {
                  "name": "squid-debugsource-7:5.5-6.el9_3.2.aarch64",
                  "product_id": "squid-debugsource-7:5.5-6.el9_3.2.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/squid-debugsource@5.5-6.el9_3.2?arch=aarch64\u0026epoch=7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "squid-debuginfo-7:5.5-6.el9_3.2.aarch64",
                "product": {
                  "name": "squid-debuginfo-7:5.5-6.el9_3.2.aarch64",
                  "product_id": "squid-debuginfo-7:5.5-6.el9_3.2.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/squid-debuginfo@5.5-6.el9_3.2?arch=aarch64\u0026epoch=7"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "squid-7:5.5-6.el9_3.2.ppc64le",
                "product": {
                  "name": "squid-7:5.5-6.el9_3.2.ppc64le",
                  "product_id": "squid-7:5.5-6.el9_3.2.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/squid@5.5-6.el9_3.2?arch=ppc64le\u0026epoch=7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "squid-debugsource-7:5.5-6.el9_3.2.ppc64le",
                "product": {
                  "name": "squid-debugsource-7:5.5-6.el9_3.2.ppc64le",
                  "product_id": "squid-debugsource-7:5.5-6.el9_3.2.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/squid-debugsource@5.5-6.el9_3.2?arch=ppc64le\u0026epoch=7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "squid-debuginfo-7:5.5-6.el9_3.2.ppc64le",
                "product": {
                  "name": "squid-debuginfo-7:5.5-6.el9_3.2.ppc64le",
                  "product_id": "squid-debuginfo-7:5.5-6.el9_3.2.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/squid-debuginfo@5.5-6.el9_3.2?arch=ppc64le\u0026epoch=7"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "squid-7:5.5-6.el9_3.2.x86_64",
                "product": {
                  "name": "squid-7:5.5-6.el9_3.2.x86_64",
                  "product_id": "squid-7:5.5-6.el9_3.2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/squid@5.5-6.el9_3.2?arch=x86_64\u0026epoch=7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "squid-debugsource-7:5.5-6.el9_3.2.x86_64",
                "product": {
                  "name": "squid-debugsource-7:5.5-6.el9_3.2.x86_64",
                  "product_id": "squid-debugsource-7:5.5-6.el9_3.2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/squid-debugsource@5.5-6.el9_3.2?arch=x86_64\u0026epoch=7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "squid-debuginfo-7:5.5-6.el9_3.2.x86_64",
                "product": {
                  "name": "squid-debuginfo-7:5.5-6.el9_3.2.x86_64",
                  "product_id": "squid-debuginfo-7:5.5-6.el9_3.2.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/squid-debuginfo@5.5-6.el9_3.2?arch=x86_64\u0026epoch=7"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "squid-7:5.5-6.el9_3.2.s390x",
                "product": {
                  "name": "squid-7:5.5-6.el9_3.2.s390x",
                  "product_id": "squid-7:5.5-6.el9_3.2.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/squid@5.5-6.el9_3.2?arch=s390x\u0026epoch=7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "squid-debugsource-7:5.5-6.el9_3.2.s390x",
                "product": {
                  "name": "squid-debugsource-7:5.5-6.el9_3.2.s390x",
                  "product_id": "squid-debugsource-7:5.5-6.el9_3.2.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/squid-debugsource@5.5-6.el9_3.2?arch=s390x\u0026epoch=7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "squid-debuginfo-7:5.5-6.el9_3.2.s390x",
                "product": {
                  "name": "squid-debuginfo-7:5.5-6.el9_3.2.s390x",
                  "product_id": "squid-debuginfo-7:5.5-6.el9_3.2.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/squid-debuginfo@5.5-6.el9_3.2?arch=s390x\u0026epoch=7"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squid-7:5.5-6.el9_3.2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.aarch64"
        },
        "product_reference": "squid-7:5.5-6.el9_3.2.aarch64",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squid-7:5.5-6.el9_3.2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.ppc64le"
        },
        "product_reference": "squid-7:5.5-6.el9_3.2.ppc64le",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squid-7:5.5-6.el9_3.2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.s390x"
        },
        "product_reference": "squid-7:5.5-6.el9_3.2.s390x",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squid-7:5.5-6.el9_3.2.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.src"
        },
        "product_reference": "squid-7:5.5-6.el9_3.2.src",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squid-7:5.5-6.el9_3.2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.x86_64"
        },
        "product_reference": "squid-7:5.5-6.el9_3.2.x86_64",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squid-debuginfo-7:5.5-6.el9_3.2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.aarch64"
        },
        "product_reference": "squid-debuginfo-7:5.5-6.el9_3.2.aarch64",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squid-debuginfo-7:5.5-6.el9_3.2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.ppc64le"
        },
        "product_reference": "squid-debuginfo-7:5.5-6.el9_3.2.ppc64le",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squid-debuginfo-7:5.5-6.el9_3.2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.s390x"
        },
        "product_reference": "squid-debuginfo-7:5.5-6.el9_3.2.s390x",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squid-debuginfo-7:5.5-6.el9_3.2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.x86_64"
        },
        "product_reference": "squid-debuginfo-7:5.5-6.el9_3.2.x86_64",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squid-debugsource-7:5.5-6.el9_3.2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.aarch64"
        },
        "product_reference": "squid-debugsource-7:5.5-6.el9_3.2.aarch64",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squid-debugsource-7:5.5-6.el9_3.2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.ppc64le"
        },
        "product_reference": "squid-debugsource-7:5.5-6.el9_3.2.ppc64le",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squid-debugsource-7:5.5-6.el9_3.2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.s390x"
        },
        "product_reference": "squid-debugsource-7:5.5-6.el9_3.2.s390x",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "squid-debugsource-7:5.5-6.el9_3.2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.x86_64"
        },
        "product_reference": "squid-debugsource-7:5.5-6.el9_3.2.x86_64",
        "relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-5824",
      "cwe": {
        "id": "CWE-755",
        "name": "Improper Handling of Exceptional Conditions"
      },
      "discovery_date": "2023-10-24T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2245914"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk cache, resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "squid: DoS against HTTP and HTTPS",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability only affects configurations with the `cache_dir` directive enabled. If this directive is not enabled, the Squid server is not vulnerable and no further mitigation is needed. For more information about the mitigation, see the mitigation section below.\n\nThe `cache_dir` directive is disabled by default in Squid shipped in Red Hat Enterprise Linux 6, 7, 8 and 9. Therefore, these Red Hat Enterprise Linux versions are not vulnerable with the default configuration.\n\nRed Hat is not planning to address this issue in Red Hat Enterprise Linux 6 and 7 due to the changes required and the magnitude of the differences between Squid 3 and 4 code bases, backporting the changes to the Squid 3 code base has not been feasible.\n\nWe recommend that customers using Squid as a caching proxy on Red Hat Enterprise Linux 6 and 7 to upgrade to Red Hat Enterprise Linux 8 and 9 to use Squid version 4 or version 5, respectively. Alternatively, see the mitigation section below for a way to workaround this vulnerability.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.aarch64",
          "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.ppc64le",
          "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.s390x",
          "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.src",
          "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.x86_64",
          "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.aarch64",
          "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.ppc64le",
          "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.s390x",
          "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.x86_64",
          "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.aarch64",
          "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.ppc64le",
          "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.s390x",
          "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-5824"
        },
        {
          "category": "external",
          "summary": "RHBZ#2245914",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245914"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-5824",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-5824"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5824",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5824"
        },
        {
          "category": "external",
          "summary": "https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255",
          "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255"
        }
      ],
      "release_date": "2023-10-19T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-11-22T17:28:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.",
          "product_ids": [
            "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.aarch64",
            "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.ppc64le",
            "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.s390x",
            "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.src",
            "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.x86_64",
            "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.aarch64",
            "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.ppc64le",
            "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.s390x",
            "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.x86_64",
            "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.aarch64",
            "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.ppc64le",
            "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.s390x",
            "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7465"
        },
        {
          "category": "workaround",
          "details": "Disabling the disk caching mechanism will mitigate this vulnerability. To achieve this, remove all the \u0027cache_dir\u0027 directives from the Squid configuration, typically in the /etc/squid/squid.conf file.",
          "product_ids": [
            "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.aarch64",
            "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.ppc64le",
            "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.s390x",
            "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.src",
            "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.x86_64",
            "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.aarch64",
            "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.ppc64le",
            "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.s390x",
            "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.x86_64",
            "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.aarch64",
            "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.ppc64le",
            "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.s390x",
            "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.aarch64",
            "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.ppc64le",
            "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.s390x",
            "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.src",
            "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.x86_64",
            "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.aarch64",
            "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.ppc64le",
            "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.s390x",
            "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.x86_64",
            "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.aarch64",
            "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.ppc64le",
            "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.s390x",
            "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "squid: DoS against HTTP and HTTPS"
    },
    {
      "cve": "CVE-2023-49288",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2023-12-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2252918"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Squid. The use of the HTTP Collapsed Forwarding configuration may allow an attacker to perform a denial of service remotely.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "squid: Use-After-Free in the HTTP Collapsed Forwarding Feature",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Collapsed Forwarding features are only used in Squid for accelerator servers and is not enabled by default, lowering the severity of this flaw to Moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.aarch64",
          "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.ppc64le",
          "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.s390x",
          "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.src",
          "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.x86_64",
          "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.aarch64",
          "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.ppc64le",
          "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.s390x",
          "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.x86_64",
          "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.aarch64",
          "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.ppc64le",
          "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.s390x",
          "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-49288"
        },
        {
          "category": "external",
          "summary": "RHBZ#2252918",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252918"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-49288",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-49288"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-49288",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49288"
        }
      ],
      "release_date": "2023-12-05T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-11-22T17:28:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.",
          "product_ids": [
            "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.aarch64",
            "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.ppc64le",
            "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.s390x",
            "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.src",
            "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.x86_64",
            "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.aarch64",
            "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.ppc64le",
            "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.s390x",
            "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.x86_64",
            "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.aarch64",
            "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.ppc64le",
            "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.s390x",
            "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7465"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, lines for the \u0027collapsed_forwarding\u0027 feature have to be removed from your squid.conf.",
          "product_ids": [
            "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.aarch64",
            "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.ppc64le",
            "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.s390x",
            "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.src",
            "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.x86_64",
            "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.aarch64",
            "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.ppc64le",
            "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.s390x",
            "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.x86_64",
            "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.aarch64",
            "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.ppc64le",
            "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.s390x",
            "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.aarch64",
            "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.ppc64le",
            "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.s390x",
            "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.src",
            "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.x86_64",
            "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.aarch64",
            "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.ppc64le",
            "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.s390x",
            "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.x86_64",
            "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.aarch64",
            "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.ppc64le",
            "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.s390x",
            "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "squid: Use-After-Free in the HTTP Collapsed Forwarding Feature"
    },
    {
      "cve": "CVE-2025-54574",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "discovery_date": "2025-08-01T19:01:04.741560+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2386026"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A heap-based buffer overflow flaw was found in the Squid caching proxy. When processing the Uniform Resource Name (URNs), specific conditions can lead to remote code execution.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "squid-cache: Squid Buffer Overflow",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is Important because the heap-based buffer overflow occurs during URN processing in Squid\u2019s core request-handling path, which is exposed to untrusted, remote input. Unlike flaws that merely cause a service crash, this defect allows an attacker to manipulate heap memory structures, potentially achieving arbitrary code execution within the Squid process context. Since Squid often runs with elevated privileges and serves as a gateway between internal and external networks, successful exploitation could provide a remote attacker with direct control over the proxy server, enabling them to pivot into internal systems, intercept sensitive traffic, or alter cached content.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.aarch64",
          "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.ppc64le",
          "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.s390x",
          "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.src",
          "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.x86_64",
          "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.aarch64",
          "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.ppc64le",
          "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.s390x",
          "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.x86_64",
          "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.aarch64",
          "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.ppc64le",
          "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.s390x",
          "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-54574"
        },
        {
          "category": "external",
          "summary": "RHBZ#2386026",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2386026"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-54574",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-54574"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-54574",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54574"
        },
        {
          "category": "external",
          "summary": "https://github.com/squid-cache/squid/commit/a27bf4b84da23594150c7a86a23435df0b35b988",
          "url": "https://github.com/squid-cache/squid/commit/a27bf4b84da23594150c7a86a23435df0b35b988"
        },
        {
          "category": "external",
          "summary": "https://github.com/squid-cache/squid/releases/tag/SQUID_6_4",
          "url": "https://github.com/squid-cache/squid/releases/tag/SQUID_6_4"
        },
        {
          "category": "external",
          "summary": "https://github.com/squid-cache/squid/security/advisories/GHSA-w4gv-vw3f-29g3",
          "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-w4gv-vw3f-29g3"
        }
      ],
      "release_date": "2025-08-01T18:02:19.117000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-11-22T17:28:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.",
          "product_ids": [
            "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.aarch64",
            "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.ppc64le",
            "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.s390x",
            "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.src",
            "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.x86_64",
            "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.aarch64",
            "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.ppc64le",
            "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.s390x",
            "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.x86_64",
            "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.aarch64",
            "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.ppc64le",
            "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.s390x",
            "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:7465"
        },
        {
          "category": "workaround",
          "details": "Users can disable URN access permissions to mitigate this issue.",
          "product_ids": [
            "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.aarch64",
            "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.ppc64le",
            "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.s390x",
            "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.src",
            "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.x86_64",
            "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.aarch64",
            "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.ppc64le",
            "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.s390x",
            "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.x86_64",
            "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.aarch64",
            "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.ppc64le",
            "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.s390x",
            "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.9,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.aarch64",
            "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.ppc64le",
            "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.s390x",
            "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.src",
            "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.x86_64",
            "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.aarch64",
            "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.ppc64le",
            "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.s390x",
            "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.x86_64",
            "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.aarch64",
            "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.ppc64le",
            "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.s390x",
            "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "squid-cache: Squid Buffer Overflow"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-5824 (GCVE-0-2023-5824)

Solution

Solution

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Tags

Sightings

Nomenclature